Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: Greg_E on July 02, 2024, 10:00:49 PM

Title: ecs.office.com - block or allow?
Post by: Greg_E on July 02, 2024, 10:00:49 PM
I just set up my OPN Business on the "permanent" hardware and with it there was an update to Zenarmor that I hadn't done on the "testing" computer I was using before this... I'm now seeing an ecs.office.com block which is some kind of Microsoft "automatic" Office configuration and update utility that was probably running through unseen on the old firewall.

Do I kill it or let it pass? Yes I do have Office (2021 LTSC) installed on pretty much every desktop here. I'm just not familiar with it and wondering two things:

#1 will it mess up my Office installs?

#2 does Office (local install but KMS activated) still work if I block it?

I should mention that the last time I did any real looking at the firewall and what might be getting blocked, I was running Windows 10 LTSC 21h2, now I'm on Windows 11 Education 23h2 so a lot of change on all my desktops.
Title: Re: ecs.office.com - block or allow?
Post by: sy on July 04, 2024, 05:25:51 PM
Hi,

I advise you to allow it. It seems a necessary domain for office.
Title: Re: ecs.office.com - block or allow?
Post by: Greg_E on July 05, 2024, 03:27:48 PM
That's what I thought and what I did. How many domains can Microsoft use for their products? I guess they want to be able to track everything and spread it out so that it doesn't look suspicious. Them and Adobe.

It's also interesting that Zenarmor blocks subdomains, I was using e2gaurdian on PFsense before and it would need to block/pass the entire top level domain.

Title: Re: ecs.office.com - block or allow?
Post by: chemlud on July 05, 2024, 04:31:35 PM
If you want to block MS (as an example):

https://www.reddit.com/r/pihole/comments/m77wcp/windows_10_blocking_list/?rdt=47224

Good luck! :-)
Title: Re: ecs.office.com - block or allow?
Post by: Greg_E on July 05, 2024, 09:57:51 PM
I was seeing a bunch of other things getting blocked under the "Cloud Services", so I just enabled the whole thing for right now why I'm working on something. I'll go back and build exclusions when I have time.
Title: Re: ecs.office.com - block or allow?
Post by: Seimus on July 06, 2024, 11:44:32 AM
Thats the bother of L7 FWs,

No vendor has proper or complete lists that would block or permit everything perfectly. Its up to fine tuning it after deployment.

What you can to help overall, which I do as well. If I find a domain that is blocked but shouldn't be, thus its a false positive, I report it to ZenArmor team and ask for re-categorization. You can do it via their portal on the web page or if you have a huge list open the a ticket via GUI.

Regards,
S.
Title: Re: ecs.office.com - block or allow?
Post by: Greg_E on July 15, 2024, 03:35:08 PM
The blocks that I'm certain shouldn't be blocked, I do report back when I make the exception.
Title: Re: ecs.office.com - block or allow?
Post by: sy on July 15, 2024, 08:35:09 PM
Hi,

The team is processing these entries. Thanks for your feedback.

Text only | Text with Images