I recently upgraded from Veeam 9.0 Update 1 to Veeam 9.5 Update 1. I noticed after the upgrade that it re-enabled all firewall rules that were previously disabled within the Windows Firewall.
Is there any way that this can be removed or put an option to disable firewall changes during the upgrade? I'm not sure if this applies to a same version update as well (9.5U1 to 9.5U2) but if so it would be nice to have that as well.
The reason I ask is because our Veeam servers are locked down, off the domain. We have all Windows firewall rules disabled to only allow necessary Veeam functionality. However after the upgrade which I did Friday, the install re-enabled a lot of the File and Printer Sharing rules, to include the SMB-In rules. All of these were previously disabled to avoid possible encryption via Cryptolocker attacks. But the update left us vulnerable to the latest ETERNALBLUE exploit that exploded this weekend.
Also, as a side question, is there any reason the install even enables all these file and printer sharing features in the first place? We have had them disabled since we built the server and all functionality (backups, backup-copy, application aware processing, SureBackups, etc) has not been affected. I even remember gostev saying a few times in his weekly digest that disabling these firewall rules (specifically SMB) would be a good idea to avoid specific attacks like what happened this weekend.