Hi,

You would need to enable incoming connections on port TCP/135 to the workstations you wish to allow WMI.

You first find your firewall policy that is applied to your workstations and make a new rule to allow incoming TCP/135.

There would also be some dynamic port ranges that may need to be opened along side TCP/135 you can find out by reviewing your logs with the method below.

Ideally you would make it more secure by adding a network location that the connections will come from (The server/workstation that is sending out the WMI requests.) In Edit Rule > Networks

You can troubleshoot on your endpoint by opening up your FirewallEventMonitor  log located on your workstation in c:\programdata\mcafee\Endpoint Security\Logs\ and look for any connections to TCP/135

Depending on how busy your network traffic is to the workstation i prefer to use cmtrace and watch the log in real time while trying to connect.

Regards,

Dev

FYI, the original post was over 2 years ago.

Like @DEViANCE stated, review the FirewallEventMonitor.log file for logged details regarding the network connection that WMI uses.  Ref https://kc.mcafee.com/corporate/index?page=content&id=KB90662

In doing some testing with WMIC in my test environment (where ENSFW is on the remote host that I'm using the WMIC command), I am see the below network traffic used by this connection.  You'll need to identify if it's the same and determine how to best configure your firewall rules to allow it securely.

1. Incoming TCP traffic for svchost.exe - high random source and destination ports 1024-65535 (my testing showed it was typically in the 50000 range).
2. Incoming TCP traffic for svchost.exe from remote host high random (1024-65535) to local port 135

Alternatively, if you want to configure the Firewall to allow all network traffic to/from specific IP addresses, you can configure them as DEFINED NETWORKS -> TRUSTED in the Firewall Options policy.  This is less secure, but will accomplish what you mentioned earlier.