Firewall – How to configure Symantec Endpoint Protection Agent to allow access to windows shares

firewallnetwork-sharesymantec

I'm having some difficulties exposing a standard windows file share on a Windows Embedded Standard 2009 device that is running Symantec Endpoint Protection Agent 5.1.

I'm using simply file sharing to expose a particular directory. That share is visible locally on the machine and externally visible when I disable the endpoint protection agent.

I've added a rule (and moved it to the to ensure priority) allowing all hosts access on TDP ports 137,138,138,445 and another rule allowing UDP access on ports 137,138,139. When I try to connect, two endpoint protection dialogs pop up saying:

Traffic has been blocked from this application: NWLINK2 IPX Protocol Driver (nwlnkipx.sys)
Traffic has been blocked from this application: IPv6 driver (tcpip6.sys)

I'm not using IPv6 anywhere.

Interestingly, I discovered a workaround in that I can white-list all traffic from the subnet the device is on, which meets my needs, but I'm still curious as to why my original approach wasn't successful.

Can anyone suggestion a reason why the above endpoint protection rules won't allow me to access windows file shares on the device?

Best Answer

Solution : http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/684e821eb0b394f8882575070060f2a4?OpenDocument

To manually enable clients to browse for files and printers

  1. In the client, in the sidebar, click Status.
  2. Beside Network Threat Protection, click Options > Configure Firewall Rules.
  3. In the Configure Firewall Rules dialog box, click Add.
  4. On the General tab, type a name for the rule and click Allow this traffic.
  5. On the Ports and Protocols tab, in the Protocol drop-down list, click TCP.
  6. In the Remote ports drop-down list, type 88, 135, 139, 445.
  7. Click OK.
  8. In the Configure Firewall Rules dialog box, click Add.
  9. On the General tab, type a name for the rule and click Allow this traffic.
  10. On the Ports and Protocols tab, in the Protocol drop-down list, click UDP.
  11. In the Remote ports drop-down list, type 88.
  12. In the Local ports drop-down list, type 137, 138.

  13. Click OK.

    To manually enable other computers to browse files on the client

  14. In the client, in the sidebar, click Status.
  15. Beside Network Threat Protection, click Options > Configure Firewall Rules.
  16. In the Configure Firewall Rules dialog box, click Add.
  17. On the General tab, type a name for the rule and click Allow this traffic.
  18. On the Ports and Protocols tab, in the Protocol drop-down list, click TCP.
  19. In the Local ports drop-down list, type 88, 135, 139, 445.
  20. Click OK.
  21. In the Configure Firewall Rules dialog box, click Add.
  22. On the General tab, type a name for the rule and click Allow this traffic.
  23. On the Ports and Protocols tab, in the Protocol drop-down list, click UDP.
  24. In the Local ports drop-down list, type 88, 137, 138.
  25. Click OK.

Somehow I missed that during my initial searching. The version I'm using (5.1) didn't match the steps exactly, but once I implemented the rules, I was able to access my share.

I basically ended up creating 4 rules rather than the one that I was trying to do as well as adding the rules for port 88 (according to wikipedia this is Kerberos, which seems a little odd). Once this was done I was able to access my share as intended..

Related Topic