Ports configured to be on when on Domain, but unable to scan.
Experts! I'm using Manage Engine's Service Desk Plus to manage my HelpDesk. The product offers a network inventory feature which is quite useful. I recently started having issues with failed scans. After much digging it seems that some applied GPOs are causing the issue. I have a few Defender Firewall rules set up to allow the required ports (22, 135, 139, 445) to be open when the windows device is on the Domain network, but closed when on Private or Public. When the the Probe scans the device on Domain its failing. If I modify the GPO to allow the ports to be open while on Domain, Private or Public the scan is successful. I don't want to allow devices to have the ports open when on public or private networks as this poses a security risk. Any suggestions on how to resolve? I guess I could add the IP address of the Probes to be only allowed to scan these ports, but that could potentially be used to access these ports if these IPs are known and the device is on a public network with the same subnet. I have worked with support on this and they are drawing blanks.
Glad you got it resolved.
Are the systems having issues, use a third party firewall Internet security type of application?
Use GPMC on the server to run the group policy results to see whether Location within the AD has/causes this issue or something else is preventing the application of the GPO.