Answer
In order to allow GFI EndPointSecurity agents to be properly installed on your network computers from the GFI EndPointSecurity console, ensure the following are configured correctly
- Enable 'File and Printer Sharing for Microsoft Networks' on the local network card interfaces on the GFI EndPointSecurity console and the clients
This is configured under Control Panel > Network and Internet > Network Connections > Local Area Connection (Properties)
- Enable 'File and Printing sharing' exception on the Windows Firewall on the agent machines
If the Microsoft Windows Firewall is enabled, this can be done as follows:
Open Windows Firewall > Exceptions tab > check File and Print Sharing
This will allow the GFI EndPointSecurity main application to copy all required files in order to deploy the agent onto the remote Agent machine.
If this exception is disabled, the Agent installation will fail and the following error message will be displayed on the main application Deployment Report:
This will allow the GFI EndPointSecurity main application to copy all required files in order to deploy the agent onto the remote Agent machine.
If this exception is disabled, the Agent installation will fail and the following error message will be displayed on the main application Deployment Report:
Failed to contact remote computer. Computer might be offline or the specified credentials are invalid.
If you have another firewall client replacing the Microsoft Windows firewall, similar exceptions are necessary.
- Network Firewalls
If you have a network firewall in the communication path between the GFI EndPointSecurity console machine and the agent machines, make sure SMB communications is allowed. This is done over the following TCP ports:
- 135
- 139
- 445
Also insure communication from the agents to the port listed in #4 (below) on the console is allowed.
- Add the following exceptions to any firewall enabled on the GFI EndPointSecurity main application machine
TCP Port 1116
The GFI EndPointSecurity agents periodically send back status information to the GFI EndPointSecurity server. This includes a "beep" that is a CRC check of the policy (so that the console knows if the policy is up to date) and the events that the agent send back to the console for storage in the SQL backend database. This connection is done on port 1116 by default but can be changed in the GFI EndPointSecurity configuration > Options > Advanced Options > Communication tab
- Access to the Remote Registy Service
How to enable access to the Remote Registry service a the target machine is discussed in KBID003402.
- The following services are required to be running on the agent machines:
- Server service
- Workstation service
- Remote Registry Service
- Remote Procedure Call
- Hidden Shares and Server Permissions
Also ensure that the following are met:
- The account under which the EndPointSecurity service is running has administrative rights on the EndPointSecurity server as well as the target machines
- Access to the C$ hidden share is required to install/uninstall the agent, ensure you can browse to this hidden share from the EndPointSecurity server
- Access to the ADMIN$ hidden share is also required to update the agent, ensure you can browse to this hidden share from the EndPointSecurity server
Priyanka Bhotika
Comments