How to Close a Network Port via ESET PROTECT on clients running ESET Endpoint Security.
This guide contains detailed instructions on how to block a specific port on Firewall on clients running ESET Endpoint security through ESET PROTECT console.
If you use ESET PROTECT to manage your endpoint security, you can enforce strict firewall rules across your network to improve security and limit unwanted communication. In this guide, we will show you how to block a firewall port using an ESET PROTECT policy, step by step.
How to Create a Firewall Policy in ESET PROTECT that block the traffic in a Specific Network Port on ESET Endpoint Clients.
To create a new ESET PROTECT that close/block a specific port on all managed ESET Endpoint security clients:
1. In ESET PROTECT, select Policies on the left pane and then choose NEW POLICY on the right.
2. In the New Policy wizard, type a name and optionally a description for the new policy and click CONTINUE.
3. In Settings, choose ESET Endpoint for Windows and below select PROTECTIONS > Network access protection.
4. Then, on the right, expand Firewall and next to Rules click Edit.
5a. On Rules window, click Add.
5b. Now on the Add Rule window, do the following actions and when done click Save:
-
-
Type a Name for the new rule, (e.g. "Block 3389/RDP")* and below apply the following settings:
-
Set the rule to: Enabled
-
ACTION: Block
-
DIRECTION: In
-
IP PROTOCOL: TCP
-
LOCAL PORT: 3389
-
PROFILE: Any
-
* Note: In this example, we will block the incoming Remote Desktop connections (RDP) on port 3389, in all Network profiles (Private & Public)
5c. After adding the new rule, click More filters.
5d. Set the Hide built-in rules switch to OFF and click Apply.
5e. Now scroll down the list of rules and at the end, select the new rule you created and press the 
button to move the rule to the top. When done, click Save.
5f. Once you move the rule on the top click Save.
5g. Back to Settings options, click CONTINUE.
6a. Now click ASSIGN to assign he policy to clients/workstations.
6b. Select the workstations where you want to apply the new ESET policy and click OK.
7. Finally click FINISH to close the New Policy wizard and you're ready! The policy you created will be applied to client computers the next time the ESET Management Agent of the workstations connects to ESET PROTECT.
How to verify if ESET PROTECT policy is applied to clients?
To see the progress of a policy implementation in ESET PROTECT console:
1. Go to Policies > Custom Policies > ESET Endpoint for Windows
2. Click on the policy you created and click Show Details
3. On the Overview tab, you can see the total number of workstations to which the policy was applied, and if you click on the displayed number, you will also see their names.
How to Force Apply the ESET PROTECT Policy to a client?
To immediately apply a policy to a specific client, either restart the client or do the following in ESET PROTECT console:
1. Navigate to Computers section, select the client you want and from the 3-dot menu next to computer's name click Send Wake-up Call.
![image_thumb[24]](https://www.wintips.org/wp-content/uploads/2025/05/image_thumb24.png "image_thumb[24]")
2. After doing the above, click again on that client, select Show Details and navigate to Configuration > Applied Policies to verify that the policy is applied.
![image_thumb[25]](https://www.wintips.org/wp-content/uploads/2025/05/image_thumb25.png "image_thumb[25]")
What to do if a client does not receive the ESET policy?
For ESET PROTECT policies to be successfully applied to workstations, the workstations must be running the latest version of the ESET Management Agent.
Therefore, if after sending the wake-up call, the workstation does not receive the policy, proceed to upgrade the ESET Management Agent on it. For this task, read the instructions on this related article mentioned below:
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Frequently Asked Questions
How can I create a policy in ESET PROTECT to block a specific network port on clients?
To create a policy that blocks a specific network port in ESET PROTECT, navigate to Policies, select NEW POLICY, and follow the New Policy wizard. Define settings under ESET Endpoint for Windows > Network access protection, add a new rule in Firewall settings, and specify the desired port to block.
How do I verify if a policy in ESET PROTECT is applied to client computers?
To verify policy application in ESET PROTECT, go to Policies > Custom Policies > ESET Endpoint for Windows, select your policy, and click Show Details. The Overview tab displays the number of workstations the policy was applied to, and by clicking the number, you can view their names.
What steps should be taken if a client doesn't receive an ESET policy?
If a client doesn't receive the policy, ensure it's running the latest version of the ESET Management Agent. If not, upgrade the agent on the workstation. If issues persist, refer to the related article on fixing policy application issues.
How can I force apply a policy to a specific client in ESET PROTECT?
To force apply a policy, either restart the client or go to the Computers section in ESET PROTECT, select the client, and send a Wake-up Call from the menu. Afterward, verify the policy application under Configuration > Applied Policies.
