Open-AudIT
http://www.open-audit.org/phpBB3/

OA and Eset EndPoint Protection + subnet
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6363
Page 1 of 1

Author:  johnnysk [ Tue Sep 16, 2014 3:20 pm ]
Post subject:  OA and Eset EndPoint Protection + subnet

Dear all,

fist of all thanks everyone who made OA :) Hope I can also contribute in the future.. until then, however, I have 2 questions:

1. I think I have a problem with ESET EndPoint protection - it seems it is blocking the OA script from being executed when I run a AD discovery. When I disable the ESET EP FW on the clients - the script get executed - I get information about the client.
What I already did - I added the IP subnet of the OA server to the trusted list in ESET - but alas ESET still seems to block incoming connections. To make matters worse I get no info which ports it is blocking in the firewall log - computers running ESET just don't get audited. Can someone tell me which ports/protocols should be enabled? Standard WMI ports + .. ?

2. In our domain we have two subnets (amongst others) reserved for computers - 192.168.100.0 and 192.168.110.0 (120 will follow shortly..). When I run a AD discovery only computers in the same subnet (e.g. 192.168.100.0) as the OA server get audited (disregarding the ESET problem - even PC's without ESET are not audited). Is this by design? I can ping beween subnets and computers from the 110.0 subnet communicate with the DC in 100.0. Should I modify the script or any options to allow cross-subnet auditing?

Thanks for all answers

Regards,

Jan

Author:  Mark [ Wed Sep 17, 2014 12:45 pm ]
Post subject:  Re: OA and Eset EndPoint Protection + subnet

1 - WMI uses port 135 and other random ports. The wiki has a link to a useful MS KB Article.
https://community.opmantek.com/display/ ... figuration

2 - Auditing across subnets works as it should and needs nothing special configured in the application. FYI - I was auditing three domains across over a hundred subnets from a single server just fine. I'd suspect it's something in the network stack (a router with port forwarding or some such) that's causing an issue. As long as the network traffic is allowed, it will "just work". Make sure your DNS (for AD) is working, too...

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/