With CVE-2018-0950 from Microsoft, if an outlook user clicks on an OLE object in an RTF email, the client will send credentials try to logon. Our security group is quite concerned about this.
While allowing ports 445, 137 and 139 out to the internet is a really bad idea, they want to make sure that it is explicitly blocked. Is the application "ms-netlogon" the app to block? It includes many more ports than just the three mentioned above. Is anyone else doing this? Are 'we' just overreacting?
I would think that your firewall policy would already be preventing that application; either by default or exception.
If not, I don't think it would be over-reacting to ensure it's blocked.
I would probably just ensure that 445, 137, 139 are blocked to the untrust interface. I wouldn't even do this by app-id unless you need those ports open for something else to function correctly. As @Brandon_Wertz already pointed out, this shouldn't be allowed by your configuration anyways.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!