Allowing File and Printer Sharing Between Remote Sites in ESET Protect Cloud

Fluk3

The Problem

In a typical multi-site business environment, ESET Endpoint Security’s default firewall configuration can unintentionally block essential services like:

  • Windows file and printer sharing
  • Remote administration tools
  • Basic ping (ICMP) communication

This is often due to system-level firewall rules that are hidden by default and prioritize security by blocking NetBIOS, SMB, and ICMP traffic unless explicitly allowed.

🌐 Scenario

Imagine two office locations connected via VPN or direct routing:

  • Site A subnet: 192.168.0.0/24
  • Site B subnet: 10.0.0.0/24

Endpoints at both sites are protected by ESET Endpoint Security, managed via ESET Protect Cloud. Everything routes correctly at the network level, but:

  • Network shares don’t open across sites
  • Printers at remote sites are inaccessible
  • Ping (ICMP) tests between sites fail

Uninstalling ESET resolves the issue — so clearly, the firewall is the culprit.

🔎 Root Cause

ESET’s default built-in firewall rules block incoming traffic on key ports used by file sharing and discovery protocols:

PortProtocolPurpose
445TCPSMB over TCP (modern file sharing)
139TCPNetBIOS Session Service
137UDPNetBIOS Name Service
ICMPICMPPing/Network diagnostics

These rules are not visible by default in the ESET Protect policy editor — making them easy to overlook.

✅ The Solution

🛠️ Step 1: Unhide Built-in Firewall Rules

  1. Log in to ESET Protect Cloud.
  2. Navigate to Policies and edit the policy applied to affected machines.
  3. Go to:
    Settings → Firewall → Advanced Settings → Rules
  4. Click the gear icon in the rule list and uncheck:
    “Hide built-in (pre-defined) rules”

This reveals default rules such as:

  • Block incoming NETBIOS requests
  • Block ICMP communication

🛠️ Step 2: Create Exception Rules for Trusted Sites

  1. Duplicate the relevant block rule (e.g., Block incoming NETBIOS requests).
  2. Edit the duplicate:
    • Action: Allow
    • Direction: Inbound
    • Protocol: TCP & UDP
    • Local Ports: 137-139, 445
    • Remote Host: 192.168.0.0/24, 10.0.0.0/24 (use your actual subnets)
    • Name: Allow File & Print from Trusted Sites
  3. Move the rule above the block rule using the arrow icons.

Repeat the process for ICMP if ping is also blocked:

  • Protocol: ICMP
  • Direction: Both
  • Remote Host: your trusted site subnets

🧪 Step 3: Test

From devices at each site:

ping <remote-host>
\\<remote-host>\shared-folder

Also try:

  • Accessing shared printers
  • Verifying ESET logs (no “blocked” entries for SMB or ICMP)

🧠 Why This Matters

ESET’s default rules prioritize safety — but in internal, trusted environments, legitimate functionality can be unintentionally blocked. The solution is not to remove ESET, but to safely override these rules only for your known subnets.

This method ensures:

  • File sharing and remote printing work across your network
  • Default protections remain in place for all other (untrusted) sources
  • You maintain control through centralized ESET policy management

This approach is ideal for:

  • Businesses with multiple offices or VPNs
  • Environments using Active Directory, shared drives, or networked printers
  • Any case where ESET firewall is blocking internal communication

********************************************************

If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.
Thanks for reading.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *