FTP - Port 21 Blocked - KSC - port/eprt is not supported [MOVED]

[ahugeman]

How do I add an exception to prevent scanning or blocking of port 21 FTP?

FTP sending is throwing “port/eprt is not supported use pasv/epsv”

Cannot find any documentation nor the question asked before.

Is there any better work around?

 

Please help!

 

Kaspersky Endpoint Security Cloud Plus

Build version: 12.0.1.1

W7 64bit

 

Thanks.

[Cesare]

Hello, as far as i know KES10\11 supports FTP File Transfer passive mode only.

If you wanna work in active mode you shall add ftp.exe to trusted applications list and set both remote IPs and related listening ports (20 and 21) (option "Do not scan network traffic").

Cesare

[ahugeman]

Thanks Cesare

I cannot edit the front-end directly, the device is managed with a security profile on the management console; otherwise you would be correct.

What I’ve done since is add an exception to the firewall for TCP/21 & TCP/20 and included ftp.exe as a virus scan exclusion (Advanced > Threats and Exclusions).

But still not working :(

From what I can see, these are the only 2 places that I can add exceptions/rules.

Any other suggestions?

[Cesare]

well, if KES is managed via KSC policy you can edit the policy itself!

If you’re not able to edit it (maybe because you do not have access to KSC Console) you can try to disable the policy from being applied locally: this would be possible if KES was psw protected and, of course, you know that credential (username+psw).

What i do not understand is how you’ve been able to locally edit KES firewall while you’re not able to work on the trusted zone...maybe it’s a matter of locks...

[ahugeman]

To clarify I am editing the KSC policy on the console (the KES app is entirely un-editable), but the options & settings are considerably different to those of the actual desktop app. Which is where my confusion lies.

I’ll try setting a password for the KES app on the KSC policy to see if I can then unlock the app and edit directly.

Thanks for the help so far.

[Cesare]

i’m attaching a screenshot of the KES policy exclusion rule i’m talking about (of course you can change the EXE :))

[ahugeman]

Yes, fully understand, thank you!

Lets see if I can edit directly!

[ahugeman]

Setting a password had no effect. All still blocked on the KES front-end. Seems like only policy edits on the KSC console can be done.

But my Firewall edits have taken the firewall is no longer blocking!

“Web Threat Protection” is the culprit now, but I just cannot find anywhere to prevent the port scanning that is done by it. My attempt at adding them as a Virus scan exclusion did not work.

Screenshot of the back-end attached for reference.

[andrew75]

@ahugeman, you need to add the ftp-client to the trusted list.

In Kaspersky Endpoint Security it is done like this.

But I do not know how to do this via Kaspersky Endpoint Security Cloud.

The documentation only describes how to do this for MAC devices, but not for Windows.

 

[ahugeman]

@andrew75 Thanks, you confirmed my suspicions... I saw the same documentation but was hoping I had simply missed something. 
Adding the client to the virus scan exclusion list did not help, so I’m out of ideas. :( 

[andrew75]

It's time to contact technical support )

[ahugeman]

I thought I should add the feedback from Kaspersky support that solved our issue.

Better late than never!

>>>>>

Please try to add the application as Trusted:
https://support.kaspersky.com/Cloud/1.0/en-US/139459.htm />
Security profiles > [Profile name] > Management settings > Host Intrusion Prevention > Exclusions > Add

Specify the exact path of the application's executable file;
Enable checkbox "Do not scan network traffic".

>>>>>