Jump to content

cutting_edgetech

ESET Insiders
  • Posts

    285
  • Joined

  • Last visited

  • Days Won

    1

cutting_edgetech last won the day on February 18 2018

cutting_edgetech had the most liked content!

About cutting_edgetech

  • Rank
    Newbie
    Newbie

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

1,464 profile views
  1. I enabled prerelease updates and installed Eset Smart Security Version 14.2.10.0, but it may be a while before I know if that fixed the problem. I just updated all the applications on my machine yesterday, and I will have to wait until there are application updates to install before I can see if installing prerelease updates fixed the problem.
  2. Eset Firewall is not working for me either in Interactive Mode after updating to Eset version 14.1.20.0. I'm not sure if this bug affects the other modes. The problem only occurs when an application updates; Eset does not detect changes have occurred to the application that has updated. Eset gives no prompt informing the user that changes have occurred to the application that has updated. Then when trying to use the application that has updated again, Eset silently blocks that application from accessing the Internet. This has happened to me with all application that have updated so far, Firefox, Waterfox, Torrent Clients, etc.. In order to fix the problem I had to go to advanced firewall rules, and delete the rule for the applications that updated from Eset. Then I had to try using the application again to see if Eset would give me a prompt again for the updated application's attempt to access the Internet. If Eset still was unable to detect the application's attempt to access the Internet, then I had to reboot my system. Eset was then able to detect the application's attempt to access the Internet and gave me the option to create a new firewall rule for the application. I'm using Windows 10x64 Pro 20H2, Eset version 14.1.20.0.
  3. That's not really the solution I want, but I may try it if all else fails. Thanks! I have to do some Network, and Database work now for school.
  4. Anyway, I still don't understand why Eset requires the user to elevate privileges to create a firewall rule when responding to firewall prompts. I don't believe disabling UAC is a good ideal, so that's not a good solution. Maybe Eset can make a change in their design. As I stated above, it took me 3 attempts to get Windows to boot today. The only change I made to my system was changing Eset to Interactive Mode. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet. As soon as the desktop successfully loaded on the 3rd attempt, I had to respond to about 15 UAC prompts one after the other since I had to create 15 outbound rules.
  5. I created an Admin account when installing Windows. It's the only account that was created. I would have to check to see what Accounts Windows creates by default. I believe it still creates an Admin Account that can only be used by the OS. I had to take ownership of a registry key a couple of days ago, and I believe I remember seeing another Admin Account in there that had been created by the OS. This is my first time using Windows in 2 years, so that's why I did not know Eset removed the option in the UI, "Require full administrator rights for limited administrator accounts". I had been using Eset since 2003 up until 2 years ago. I have only been using Linux for the last 2 years (Windows 10 broke compatibility with my MB firmware), but I have to use Windows 10 for some of my classes this semester due to some of the Enterprise Software I use. I will have to get reoriented with Windows since many OS changes have been made over the last 2 years. The last version of Windows 10 I used was Windows 10 Pro version 1709. That was the last version of Windows 10 that was compatible with my PC.
  6. Something from Windows 10 or Microsoft Apps for Enterprise (Microsoft Office) is always requested outbound internet access. I have been creating rules since yesterday and i'm still being bombarded with Microsoft outbound request. I just had to respond to about 15 outbound request, one after the other after the desktop appeared. My computer would not boot the first 2 attempts, it stalled at the login screen, I waited for about 15 minutes, before trying to reboot each time. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet.
  7. Why does Eset require users using Full Admin Accounts to answer UAC prompts if they choose to remember the action they took (create a firewall rule) when responding to firewall prompts? I'm using a Full Admin Account. I'm the only account on the system other than the default accounts that come preinstalled on Windows 10, like the the built in Admin Account that is used by the OS itself. I've tested all the other major AV vendors at one time or another and none of them have required using UAC to respond to a firewall prompt.
  8. How do I stop Eset from requiring me to elevate my Windows privileges each time I respond to Eset's firewall prompts in Interactive Mode?
  9. Where has the setting for, "Require full administrator rights for limited administrator accounts" been moved to? Eset is driving me insane by having to elevate my window's privileges each time I respond to Eset's Firewall in Interactive Mode. I don't understand the purpose of this option, i'm not a limited Admin, yet Eset always makes me elevate my privileges to respond to firewall prompts. I'm the only Admin on the Computer other than the System Admin Account that is built into Windows 10 by default. I'm using Eset 13.2.18.0 on Windows 10 x64 Pro version 2004.
  10. All I want to do is make Eset Log inbound blocks for when there is no allow or deny rule. Eset blocks the connection attempt when there is no allow or deny rule and does not log it. I'm going to let Eset developers know about attacks they may not be aware of, and request a way to log them. If I create a rule to block all protocols then Eset will block all inbound access, and log all inbound connection attempts. My firewall log would be humongous and it would take an enormous amount of work to sort attacks from harmless connection attempts. I think it's best to sort this out with development if they are willing to add some additional capabilities.
  11. Sorry for the late reply. I was out of town for several days, and when I came back we had no internet which is typical of this area. My ISP is TDS, and they are incapable of fixing the internet outages here. I have no internet whenever it rains. Water is getting into the lines, and they have been unable to locate the problem after supposedly trying to for years. So, I have the TDS version of the router. I have always used the high setting for the "Security Firewall". The only visible thing that changes in the GUI is it unticks most of the default allowed inbound ports, but almost none of them are related to vulnerable Windows Services. It seems the High Setting is not much more secure than the Low. I have WAN Ping Block mode enabled, but I still get pinged to death if I use a VPN (which bypasses router's firewall). I have NAT enabled in the settings, but there is no mention of SPI anywhere in the GUI. I went through the router settings with a fine tooth comb when I got it, and I have everything configured with Security in mind. Disabling Remote Telenet Login, and changing the default password was the first thing I did when I got the router. I also changed the SSID to something false to cause hackers a little more work in order to know what kind of router I have. I have UPnP, and WPS disabled. I'm using WPA / WPA2 encryption. I also have almost all Windows Services disabled that uses an open port. I'm hoping Eset will want to make some changes to the positioning of the buttons used in the Network Wizard, UI changes to the Firewall, and provide better logging options. I tried using the diagnostic logging to see how much it logged, but you receive a nagging prompt reminding you to disable it about once a minute. Also, I think the IDS/IPS could be improved. I think it only detects a low percentage of the port scans that actually occur on my system. I will know more when I get a chance to test the firewall myself which I hope is very soon! Btw.. I have a degree in InfoSec, and Networking. I just graduated in May so I don't have much experience, but I do know quite a bit about Networking and Firewalls. I know I need more experience before I would be considered an expert. I think I may have just gotten a Networking Job at a Large Hospital though, i'm keeping my fingers crossed. Edited: 7/3/19 @ 5:35
  12. I'm beginning to wonder if my router even has SPI. I can't find anything that says it does. Also, Actiontec recently came out with a new DSL modem router combo that advertises that their latest product does have SPI, as if the prior didn't. This legacy product of theirs may not have SPI. If it does then I can't find any documentation stating that it does, and nothing in the user interface says it does. Also, the only logging feature I see in the UI says System Log with no options to change the logging level.
  13. Even when i'm not using a VPN, which is most of the time, my router does not log any blocked IP other than an IPV6 link-local address. It blocks that address over and over again. I'm using IPV4, and I have IPv6 disabled on my network adapter. I don't see any options to adjust the router's logging capability. I've ran plenty of port scans on my router, and never found any open ports. I have all unnecessary windows services disabled. I only have 5 services running that are listening, and their ports are filtered by Eset Firewall. There's not much to exploit on my machine by way of network attacks.
  14. The only thing my router ever logs as being blocked is some IPV6 address, and I have IPV6 disabled on my Network Adapter. I don't know how to log packets dropped from Eset's SPI filtering without turning on diagnostic logging. Eset does not recommend using diagnostic logging except for trouble shooting. The Nework Wizard does show packets dropped due to it's SPI filtering. I see them often. It says something like packet does not belong to any open connection. I would not have to use the Network Wizard if Eset had a better logging system. Also, Eset should not unblock blocked connections in the connection wizard when the user isn't even clicking on the unblock button. They should not have placed the drop down 1 hour selection directly over the unblock button, and also not ask the user for any confirmation before unblocking. Also the close details window button is over the unblock button. Maybe if they make a few UI changes, and ask the user to confirm before unblocking IPs then it would not be a problem at all.
×
×
  • Create New...