Endpoint Protection

 View Only

  • 1.  SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 04, 2016 06:08 PM

    Dear Experts,

    To prevent the ransomware attack, I have created a rule in SEP firewall policy as to block the 445 port from all client systems. 

    Even though in the NTP traffic logs appearing as blocked, but still I can access the shared folders in the other clients within the same network segment. 

    I have some file servers and added another rule to access those servers (Rule= Allow 445). That is also working fine.

    So, I'm  looking for the solution of the malfunctionality of the rule 'block 445' in the same segment. Please help us as soon as possible.



  • 2.  RE: SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 06, 2016 11:13 AM

    Have you also tried blocking TCP port 139, UDP/TCP 137 and 138?



  • 3.  RE: SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 07, 2016 01:07 PM

    Hi Brian,

    Thank you for your response.

     

    No. I have created rule to block 445 only. Is it compulsory to do the same? Anyway I will do the same and will update in the forum.



  • 4.  RE: SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 07, 2016 01:09 PM

    SMB will use these ports as well.



  • 5.  RE: SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 19, 2016 02:19 AM

    Dear Experts.

    I have achieved the goal to block the local sharing from the clients with the necessary excepctions thank you all to response my query. Here I'm giving the snap of the firewall policy. I think this will help those who are searching the same.

    SEP-Firewall Policy.JPG



  • 6.  RE: SEP firewall policy to block 445 port is not functioning in same network segment

    Posted Sep 19, 2016 06:46 AM

    Yes, those are default rules in the policy.