This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I would like to know how to setup an allow rule for Windows Management Instrumentation (WMI-in), aka this:
into Endpoint Firewall:
I dont know why but the interface is complicated and i cannot just simply "transfer" the rule from client to Endpoint.
I have tried also the migration tool (https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-firewall-rule-tool) but the PS is hanging about 20min as i am writing this so that is a no go.
Thank you
@Tonito Dux Thanks for posting in our Q&A.
Please refer to the following article to create windows firewall rules:
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune
Honestly, I'm not familiar with this feature. It is suggested to try to create an online support ticket to get more accurate help. Here is the support link:
https://learn.microsoft.com/en-us/mem/get-support
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 79%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
I am confused on this. This rule allows all inbound TCP traffic from any local or remote address, right? How is this locking it down to only WMI?
Hi,
to answer to myself:
In screenshot nr.1 under "Network Types" I have selected FW_PROFILE_TYPE_DOMAIN and PRIVATE.
Protocol 6 can be found in windows local firewall under "advanced settings":
Cheers!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 98%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
We're battling the same issue...
I think I'm missing something, how exactly do we get to screenshot #1? We've tried ""Network Types" I have selected FW_PROFILE_TYPE_DOMAIN and PRIVATE." but don't see the same options.
Can you please explain it as you would to a 5 year old. I'd really appreciate it.
Thank you!
Hi,
I will answer you tomorrow. think the screenshot is pretty clear but ok, willing to help just not today :)
Cheers
So Konrad, if i understood you correctly you are wondering how to get to MY 1st screenshot in my ORIGINAL question.
When this is the case then you need to create or edit an existing policy in Endpoint Manager -> Endpoint Security - > Firewall
If you are referring to my screenshot in my ANSWER then:
You click on your existing rule:
Scroll down until you see "configuration settings"->Edit:
After you click edit your are presented with the possibility to add your rules or edit the existing ones:
editing an existing rule or creating a new one - it is all the same and then you will be on the correct path to "configure instance" like in my answer:
Cheers!
Very much appreciated Sir! Thank you!
Will be implementing this on Friday. Hopefully the Nessus scan goes without a hitch after these changes.
No Problem Konrad,
if it helped - I am happy for it.
Cheers!