How can I configure Symantec Endpoint Protection Agent to allow access to windows shares?
To manually enable clients to browse for files and printers
- In the client, in the sidebar, click Status.
- Beside Network Threat Protection, click Options > Configure Firewall Rules.
- In the Configure Firewall Rules dialog box, click Add.
- On the General tab, type a name for the rule and click Allow this traffic.
- On the Ports and Protocols tab, in the Protocol drop-down list, click TCP.
- In the Remote ports drop-down list, type 88, 135, 139, 445.
- Click OK.
- In the Configure Firewall Rules dialog box, click Add.
- On the General tab, type a name for the rule and click Allow this traffic.
- On the Ports and Protocols tab, in the Protocol drop-down list, click UDP.
- In the Remote ports drop-down list, type 88.
- In the Local ports drop-down list, type 137, 138.
Click OK.
To manually enable other computers to browse files on the client
- In the client, in the sidebar, click Status.
- Beside Network Threat Protection, click Options > Configure Firewall Rules.
- In the Configure Firewall Rules dialog box, click Add.
- On the General tab, type a name for the rule and click Allow this traffic.
- On the Ports and Protocols tab, in the Protocol drop-down list, click TCP.
- In the Local ports drop-down list, type 88, 135, 139, 445.
- Click OK.
- In the Configure Firewall Rules dialog box, click Add.
- On the General tab, type a name for the rule and click Allow this traffic.
- On the Ports and Protocols tab, in the Protocol drop-down list, click UDP.
- In the Local ports drop-down list, type 88, 137, 138.
- Click OK.
Somehow I missed that during my initial searching. The version I'm using (5.1) didn't match the steps exactly, but once I implemented the rules, I was able to access my share.
I basically ended up creating 4 rules rather than the one that I was trying to do as well as adding the rules for port 88 (according to wikipedia this is Kerberos, which seems a little odd). Once this was done I was able to access my share as intended..
Related videos on Youtube
Peter Bernier
Updated on September 17, 2022Comments
-
Peter Bernier almost 2 years
I'm having some difficulties exposing a standard windows file share on a Windows Embedded Standard 2009 device that is running Symantec Endpoint Protection Agent 5.1.
I'm using simply file sharing to expose a particular directory. That share is visible locally on the machine and externally visible when I disable the endpoint protection agent.
I've added a rule (and moved it to the to ensure priority) allowing all hosts access on TDP ports 137,138,138,445 and another rule allowing UDP access on ports 137,138,139. When I try to connect, two endpoint protection dialogs pop up saying:
Traffic has been blocked from this application: NWLINK2 IPX Protocol Driver (nwlnkipx.sys) Traffic has been blocked from this application: IPv6 driver (tcpip6.sys)
I'm not using IPv6 anywhere.
Interestingly, I discovered a workaround in that I can white-list all traffic from the subnet the device is on, which meets my needs, but I'm still curious as to why my original approach wasn't successful.
Can anyone suggestion a reason why the above endpoint protection rules won't allow me to access windows file shares on the device?