We recently read an article about ransomeware and one of the recommendations was to make sure you take good quality backups but also secure the backup server in a way that nothing can communicate to the machine outside of specific fireware rules. we have turned off all the firewall rules with the exception of a few. the backup software for one but the symantec firewall rules as well.
My quesiton is, can any of these 4 rules be disabled. If not, can someone explain or link me to an explicaiton of their purpose.
While we have no issue with them being enabled, we just want to get an idea of why. (we just like to know the nitty gritty of things. we are weird like that)
The frewall rules are as follows:
SMC Service - Private - allow for all TCP - Program - ccSvcHst.exe
--the second rule is similar, but allow for all UDP
SNAC Service - Private - allow for all TCP - Program - snac64.exe
--the second rule is similar, but all for all UDP
Thank you for any responces.
Ian