Enable File and Printer Sharing for Microsoft Networks on the local network card interfaces on the GFI EndPointSecurity Management Console server and on client machines.

This is configured from Control Panel > Network and Internet > Network Connections > Local Area Connection > Properties.

Enable File and Printing sharing exception on the Windows Firewall of the GFI EndPointSecurity Agent machines.

If Microsoft Windows Firewall is enabled:

• Open Windows Firewall > Exceptions tab and select File and Print Sharing.

This allows the GFI EndPointSecurity main application to copy all required files in order to deploy the agent onto the remote Agent machine.

If this exception is disabled, the Agent installation will fail and the following error message will be displayed on the main application Deployment Report:

• Failed to contact remote computer. Computer might be offline or the specified credentials are invalid.

If you have another firewall client replacing the Microsoft Windows firewall, similar exceptions are necessary.

If you have a network firewall in the communication path between the GFI EndPointSecurity Management Console server and the Agent machines, make sure SMB communications is allowed. This is done over the following TCP ports:

• 135
• 139
• 445

Add the following exceptions to any firewall enabled on the GFI EndPointSecurity server:

• TCP Port 1116

The GFI EndPointSecurity Agents periodically send back status information to the GFI EndPointSecurity server. This includes a "beep" that is a CRC check of the policy (so that the Console knows if the policy is up to date) and the events that the Agent sent back to the Console for storage in the SQL backend database.

By default, this connection is done on port 1116, but can be changed from:

• GFI EndPointSecurity configuration > Options > Advanced Options > Communication

GFI EndPointSecurity needs access to the registry service on the target machine where the Agent is going to be installed. Detailed information on how to enable access to the Remote Registry service of the target machine is discussed in the following article: http://go.gfi.com/?pageid=esec_remoteregistry.

The following services are required to be running on the agent machines:

• Server service
• Workstation service
• Remote Registry Service
• Remote Procedure Call

Ensure that the following are met:

• The account under which the GFI EndPointSecurity service is running has administrative rights on the GFI EndPointSecurity server as well as the target machines.

• Access to the C$ hidden share is required to install/uninstall the agent, ensure you can browse to this hidden share from the GFI EndPointSecurity server.

• Access to the ADMIN$ hidden share is also required to update the Agent. Ensure you can browse to this hidden share from the GFI EndPointSecurity server.

UAC policies may block the installation of the main installation or the agent. It is recommended to set UAC to run elevated tasks without a prompt.

To change the behavior of UAC:

1. Go to Start and run secpol.msc
2. If the User Account Control dialog box appears click Yes.
3. In the console tree, go to Local Policies > Security Options.
4. In the details pane, scroll to the Group Policy setting and double-click User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.
5. Select Elevate without prompt and click OK.