[How to defend against an intrusion with an IP of 0.0.0.0 ?]

When using proxies it is possible to spoof the last address that is forwarded to the destination IP address. They could be spoofing the last address so that it shows 0.0.0.0. It helps mask the attacker's exit node, making it more difficult to block the attacker's address. It still may be possible to see the attackers exit node address with a good packet sniffer like Wireshark.

[No option to disabled License Auto-Renew !]

On 10/6/2021 at 5:35 AM, peteyt said:

I will say the quote "by enabling autopay" makes it sounds like it is an option

The entire notice at checkout makes it look like it is being offered as an optional service. The part you quoted strongly supports exactly what I was trying to explain above.

I still never got an answer to my question though, and I started the thread. I don't know why no one from Eset wants to explain why you can't disable auto-pay for your old license after you renew your subscription. When I renewed my subscription I was given a new license key, but it continued to report that auto-pay was enabled for my old key. I logged into Eset store, but it only gave me the option to disable auto-pay for my new key. It seems like this would have to be a bug or something they overlooked by design.

 

I'm seriously not trying to be difficult. I just think a problem like this is something any company would really want to fix.  Surely they wouldn't want to double charge their customers.

[No option to disabled License Auto-Renew !]

On 9/29/2021 at 4:27 AM, Marcos said:

I've received an official statement on license auto-renewal from ESET LLC:

We’ve had the same “forced” autorenew experience in place for several years.

Legal and many many others have had their eyeballs on the current set up and we can confidently say we’re not in violation of any laws. When clicked in cart, this is the disclosure we show to users:

The post purchase receipt email provides direct instructions how to manage one’s autopay settings, including a direct link to the eStore My Account to do so. We also send a notice ~30 days before license expiration, reminding the user about the upcoming charge.

Autopay and myESET are 2 separate systems. The latter will be renamed ESET HOME soon and is where the user can manage their license, set up parental control, etc. The former is a customer portal where the user can update their autopay settings or see their purchased licenses. The eStore My Account will be deprecated in steps over the next several months as we move toward the Global eStore.

The screenshot you posted above about auto-pay does not say anywhere that the user is going to be enrolled in Eset's auto-pay program by making the purchase. It looks like an optional service being offered by Eset that the user needs to click on in order to sign up for. It's highly deceptive. I looked at Bitdefender's auto-pay notice, and it specifically informs the user that they will be signed up for auto-pay by making the purchase. Eset's auto-pay notice sounds like it is being offered as an option. How hard is it to place the following sentence in your notice? "By making this purchase, you will automatically be signed up for Eset's auto-pay service."

I never did see an answer for my question. I had to unmark your post above as the solution. I thought you was going to get an answer for me, so I marked your post above as the solution. I should have waited until I got the answer. My question was how come Eset did not give me an option to disable auto-pay for my old license key? The Eset store did not give me any option to disable auto-pay for my old license key. When I renewed my subscription I was given a new key, but the old key continued to report that it was set up for auto-pay.

The way to reproduce the problem is to renew your Eset subscription at https://www.eset.com/us/estore/myaccount/, and continue using the old key (since it has not expired yet). If you look in Eset's application GUI it will continue to report that the old key is set up for auto-pay. If you go to the estore site it will only give you the option to disable auto-pay for the new key, but auto-pay is still enabled for the old key. I didn't want to be double charged so I removed my debit card info from my account.  You either have a serious design flaw in the payment system, or it takes longer for Eset Internet Security to sync with the changes that have been made to your account.

[No option to disabled License Auto-Renew !]

Yes, I've experienced several other companies using the same or similar tactics. I had a few other companies set up auto-renewal through my Paypal account without me even knowing. Paypal did not even notify me when I made the purchase that the company was setting up the purchase as an Auto-Renewal. I did not even know about it until I found an unknown charge on my bank statement a year later. Let's just say... I was really pissed when I discovered where the charge came from.

I ended up getting the funds returned to my bank account after taking up my time emailing back and forth with their customer service desk over a 3 or 4 day period. I was lucky my account was not over-drafted. I contacted Paypal and asked them why they allowed the auto-renewal purchase to be set up without notifying me during the purchase, and they informed me that it was the sellers responsibility to notify me. I thought that was ridiculous because Paypal was essentially telling me that they don't even attempt to protect their customers from being ripped off by companies attempting to make additional charges to their accounts by abusing Paypal's auto-renewal service. They ended up telling me where to look on my account to see if any auto-renewal payments had been set up and how to remove them.

[No option to disabled License Auto-Renew !]

5 hours ago, Marcos said:

There is no connection between my.eset.com and e-store except that the license manager allows to open the license in e-store. I will need to discuss the subscription / auto-renewal system employed by ESET LLC with colleagues from ESET LLC but I'd expect that autorenewal can be disabled if you don't want it.

I'm going to type this post again. I have the worst luck with this forum! I hit backspace to correct a typo in my post and Firefox went to the previous page I had visited, and I lost my entire post!!!! This has happened so many times on this forum! I have over 5000 post on Wilders and it has never happened on Wilders. The most annoying thing! I think i'm jinxed on this forum.

The user should be given the option to opt out of auto-renewal when they purchase a license and it should be easy to see. Also, it is confusing on where to go to opt out of auto-renewal once you have been enrolled. I thought myeset.com would be the place to opt out since that is the site for managing License and Devices. I wasted a lot of time looking for an option to opt out of auto-renewal on myeset.com. I finally found the option to opt out of auto-renewal on store.eset.com. It only gave me the option to opt out for the license I had just purchased. My old license still reported that it was set up for auto-renewal within the Eset Application.  I never was able to find any option on either website to disable auto-renewal for my old license.

 Please read my last response to itman above for more information and one possible solution for this problem. That will save me from having to type everything again.

[No option to disabled License Auto-Renew !]

8 hours ago, itman said:

First, verify your credit card data has been deleted from both your Eset eStore account and your myEset.com account.

When I likewise did my Eset license renewal via EIS GUI option, it set up a myEset.com account w/o my permission and set it to auto renewal! Also stored in that myEset account is the credit card number used for the purchase. Given all the security issues with myEset.com accounts being hacked, I also deleted the myEset.com account.

I for one have had it with Eset's overly aggressive license renewal/management . It's just "one more nail added to the Eset coffin" in regards to terminating the future use of this product.

Thank you for the response itman. Its nice to see others voicing their dismay of being automatically enrolled in the auto-renew license program without their consent. If there was an option to opt out then I did not see it when I made the purchase. Also, it should be easy to find the option to opt out of auto-renew when you log into your account. I like to never found the option. I kept looking in my  https://my.eset.com/home account and there is no option to do it there. I then logged into https://store.eset.com/us/estore/myaccount/ where I finally found the option to opt out after some searching. 

I see at least two problems here with automatically enrolling users in the auto-renew license program. The user gets automatically enrolled in the auto-renew program without their consent, and it's not clear how to opt out of the auto-renew program after the user has been enrolled. I kept searching everywhere on myeset.com for the option to opt out since that's the Eset site for managing License and devices. One would think that there would be an option to opt out of auto-renew on myeset.com since that is the site for managing license and devices. Unfortunately there is no option to opt out of auto-renew on myeset.com. I just wasted a lot of time looking for it.  After that I began searching through my bookmarks to find the eset site for purchasing license. After I logged into store.eset.com xxxxxx I found the option to opt out of auto renew for the license I had just purchased. The problem is that there was no option to disable auto-renew for the old license key and the Eset application continued to report that the old license key was still set up for auto-renew. I could not find any option on either site to opt out of auto-renew for the old license key, so I had no choice other than to remove my debit card info, which I normally do anyways.

The point is there was no option I could find anywhere to disable auto-renew for the old license key and the Eset application continued to report that the old key was set up for auto-renew. I looked on myeset.com and store.eset.com. It would be best if Eset allowed the user to continue to use the same license key by adding additional time to the same key they are already using after they renew their license. Eset could update the number of devices allowed for the key if the user chose to purchase less or more devices for the key. The user would not have to worry about disabling auto renew for old license keys that are about to expire. Also, add an option to myset.com to opt out of auto-renewal, and make it easy to find. Making the option to opt out of auto-renewal difficult to find and automatically enrolling the user in auto-renewal is a dirty way to make extra revenue.

[No option to disabled License Auto-Renew !]

I went ahead and deleted my credit card information from my account, but still wondering how to make sure auto-renew is disabled for all license keys for an account.

[No option to disabled License Auto-Renew !]

I just renewed my Eset License by clicking on Renew within the Eset Internet Security Application. I was given a new License key after renewing, but it says auto-renew is still enabled for the old key. It does not give me any option to disabled auto-renew for the old key at https://my.eset.com/licenses

I was able to disabled auto-renew for the current license key at " https://store.eset.com/us/estore/myaccount/", but there is no option to disable auto-renew for the old key.  How do I disable auto-renew for the old license key?  The account with the old license key is marked with the red box below. It says next payment for the old key is 10/31/2021. The key I just purchased expires 9/25/2022, and I was able to successfully disabled auto-renew for it.



 

 

 

[Eset Firewall Interactive Mode doesn't work after upgrade to v. 14.1.19]

1 hour ago, Marcos said:

Hm, this was supposed to be already fixed. Does switching to the pre-release update channel and updating the program to v14.2 make a difference?

I enabled prerelease updates and installed Eset Smart Security Version 14.2.10.0, but it may be a while before I know if that fixed the problem. I just updated all the applications on my machine yesterday, and I will have to wait until there are application updates to install before I can see if installing prerelease updates fixed the problem.

[Eset Firewall Interactive Mode doesn't work after upgrade to v. 14.1.19]

Eset Firewall is not working for me either in Interactive Mode after updating to Eset version 14.1.20.0. I'm not sure if this bug affects the other modes. The problem only occurs when an application updates; Eset does not detect changes have occurred to the application that has updated. Eset gives no prompt informing the user that changes have occurred to the application that has updated. Then when trying to use the application that has updated again, Eset silently blocks that application from accessing the Internet. This has happened to me with all application that have updated so far, Firefox, Waterfox, Torrent Clients, etc..

In order to fix the problem I had to go to advanced firewall rules, and delete the rule for the applications that updated from Eset. Then I had to try using the application again to see if Eset would give me a prompt again for the updated application's attempt to access the Internet. If Eset still was unable to detect the application's attempt to access the Internet, then I had to reboot my system. Eset was then able to detect the application's attempt to access the Internet and gave me the option to create a new firewall rule for the application.

I'm using Windows 10x64 Pro 20H2, Eset version 14.1.20.0.

[Require full administrator rights for limited administrator accounts]

16 minutes ago, itman said:

One solution here is to create a firewall rule to allow all outbound traffic. Set its logging severity level to Warning. Move the rule to the bottom of the existing rule set. This will create a Network protection log entry for every outbound request the rule is triggered for.

Create the rule just prior to shutting down the PC for the night. When you do a cold boot the next morning and the desktop appears and the system settles down, review the Network protection log for entries generated by the above rule. You can then create permanent firewall rules for the processes associated with these log entries as you see fit.

Note that monitoring all Win 10 outbound system and Store network activity is pretty an effort in futility.  System package and Store app directory and/or file names change with each app update.

 

That's not really the solution I want, but I may try it if all else fails. Thanks! I have to do some Network, and Database work now for school.

[Require full administrator rights for limited administrator accounts]

Anyway, I still don't understand why Eset requires the user to elevate privileges to create a firewall rule when responding to firewall prompts. I don't believe disabling UAC is a good ideal, so that's not a good solution.  Maybe Eset can make a change in their design.

As  I stated above, it took me 3 attempts to get Windows to boot today. The only change I made to my system was changing Eset to Interactive Mode. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet. As soon as the desktop successfully loaded on the 3rd attempt, I had to respond to about 15 UAC prompts one after the other since I had to create 15 outbound rules.

[Require full administrator rights for limited administrator accounts]

7 hours ago, itman said:

The default account in Win 10 is limited Admin. Appears you are running instead under a standard user account? This is why you are getting the UAC alerts. Note that Microsoft has removed the full hidden Admin account from Home and I beleive Pro versions some time ago.

If you run as limited admin which BTW runs with standard user privileges and elevates to Admin status via UAC when required, this should eliminate these UAC alerts from Eset firewall in Interactive mode assuming UAC is set to default level. If UAC is set to max. level (recommended), the UAC alerts will continue.

I created an Admin account when installing Windows. It's the only account that was created. I would have to check to see what Accounts Windows creates by default. I believe it still creates an Admin Account that can only be used by the OS. I had to take ownership of a registry key a couple of days ago, and I believe I remember seeing another Admin Account in there that had been created by the OS.

This is my first time using Windows in 2 years, so that's why I did not know Eset removed the option in the UI, "Require full administrator rights for limited administrator accounts". I had been using Eset since 2003 up until 2 years ago. I have only been using Linux for the last 2 years (Windows 10 broke compatibility with my MB firmware), but I have to use Windows 10 for some of my classes this semester due to some of the Enterprise Software I use. I will have to get reoriented with Windows since many OS changes have been made over the last 2 years. The last version of Windows 10 I used was Windows 10 Pro version 1709. That was the last version of Windows 10 that was compatible with my PC.

[Require full administrator rights for limited administrator accounts]

6 hours ago, stackz said:

FWIW the only time in Interactive mode that I get a UAC prompt is when I'm saving a rule.

Something from Windows 10 or Microsoft Apps for Enterprise (Microsoft Office) is always requested outbound internet access. I have been creating rules since yesterday and i'm still being bombarded with Microsoft outbound request. I just had to respond to about 15 outbound request, one after the other after the desktop appeared. My computer would not boot the first 2 attempts, it stalled at the login screen, I waited for about 15 minutes, before trying to reboot each time. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet.

[Require full administrator rights for limited administrator accounts]

Why does Eset require users using Full Admin Accounts to answer UAC prompts if they choose to remember the action they took (create a firewall rule) when responding to firewall prompts? I'm using a Full Admin Account. I'm the only account on the system other than the default accounts that come preinstalled on Windows 10, like the the built in Admin Account that is used by the OS itself. I've tested all the other major AV vendors at one time or another and none of them have required using UAC to respond to a firewall prompt.

[Require full administrator rights for limited administrator accounts]

How do I stop Eset from requiring me to elevate my Windows privileges each time I respond to Eset's firewall prompts in Interactive Mode?

[Require full administrator rights for limited administrator accounts]

Where has the setting for, "Require full administrator rights for limited administrator accounts" been moved to? Eset is driving me insane by having to elevate my window's privileges each time I respond to Eset's Firewall in Interactive Mode. I don't understand the purpose of this option, i'm not a limited Admin, yet Eset always makes me elevate my privileges to respond to firewall prompts. I'm the only Admin on the Computer other than the System Admin Account that is built into Windows 10 by default. I'm using Eset 13.2.18.0 on Windows 10 x64 Pro version 2004.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

1 hour ago, itman said:

There is one last thing you can try. In theory, this should eliminate the Network Wizard entries and allow you to block all inbound traffic for further review.

Create a firewall rule to deny all inbound communication; that is "ALL" protocols. The only other settings required are to set logging level to warning and to be alerted which I assume you don't want. Note: this rule must always remain at the end of the existing rule set.

The only possible glitch with this how Eset handles inbound Windows Firewall traffic assuming you have that default allow option enabled. If Eset parses the Win firewall rules after all its rules are parsed, this rule will block all that traffic. I believe the Win firewall rule checking is done prior to Eset rule checking but not sure of this.

All I want to do is make Eset Log inbound blocks for when there is no allow or deny rule. Eset blocks the connection attempt when there is no allow or deny rule and does not log it. I'm going to let Eset developers know about attacks they may not be aware of, and request a way to log them.

If I create a rule to block all protocols then Eset will block all inbound access, and log all inbound connection attempts. My firewall log would be humongous and it would take an enormous amount of work to sort attacks from harmless connection attempts. I think it's best to sort this out with development if they are willing to add some additional capabilities.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

On 6/29/2019 at 9:03 AM, itman said:

 

https://www.actiontec.com/wp-content/uploads/2017/02/ActiontecGT784WNncsdatasheet.pdf

It appears there is no user manual with detailed setting explanations. The best I could find is: https://setuprouter.com/router/actiontec/gt784wnv/manual-1341.pdf . I ran into the same issue with my AT&T provided router. I had to do web research to determine the actual mfg. of the router and determine their equivalent model number. With that information, I was able to download an user manual with settings options and details. 

Also there is a Verizon version of this router; if that is what you have. That version's firmware might have been modified to prevent end users from accessing the detailed protection settings options.

-EDIT- Here's a web site that shows all setting screen shots for the Verizon model: https://setuprouter.com/router/actiontec/gt784wnv/screenshots.htm .

The firewall has four settings; NAT, low, medium, and high. Click on the firewall screen shot for further details. Note the following. The default firewall security level is set to "Off". Suspect this results in only NAT being shown?  I believe you may have disabled NAT in its stand-alone setting since it is not compatible with VPN? It appears the low - high firewall settings control what Win network protocols(services) and their corresponding ports are monitored.

I don't believe if the firewall is off, it would affect SPI. However, disabling NAT would expose the actual sending port used by Windows.

One thing I don't like is this router has the ability to support remote GUI andTelnet login to the router. I believe there have been multiple remote attack instances against Actiontec routers using this feature. Make sure it's preferably disabled or strong password used.

In theory, a firewall with SPI and NAT should block most unwanted inbound external network traffic. Also, SPI only works for stateful protcols; namely TCP. UDP and ICMP for example are stateless protocols. Most routers will block incoming unsolicited ICMP pings by default. So UDP is the protocol that needs attention and can be blocked effectively by simply disabling unnecessary services that use it such as UPnP.

If the router has default password of "Admin," change it to sometime more secure.

 

Sorry for the late reply. I was out of town for several days, and when I came back we had no internet which is typical of this area. My ISP is TDS, and they are incapable of fixing the internet outages here. I have no internet whenever it rains. Water is getting into the lines, and they have been unable to locate the problem after supposedly trying to for years.

So, I have the TDS version of the router. I have always used the high setting for the "Security Firewall". The only visible thing that changes in the GUI is it unticks most of the default allowed inbound ports, but almost none of them are related to vulnerable Windows Services. It seems the High Setting is not much more secure than the Low. I have WAN Ping Block mode enabled, but I still get pinged to death if I use a VPN (which bypasses router's firewall).  I have NAT enabled in the settings, but there is no mention of SPI anywhere in the GUI.

I went through the router settings with a fine tooth comb when I got it, and I have everything configured with Security in mind. Disabling Remote Telenet Login, and changing the default password was the first thing I did when I got the router. I also changed the SSID to something false to cause hackers a little more work in order to know what kind of router I have. I have UPnP, and WPS disabled. I'm using WPA / WPA2 encryption. I also have almost all Windows Services disabled that uses an open port.

I'm hoping Eset will want to make some changes to the positioning of the buttons used in the Network Wizard, UI changes to the Firewall, and provide better logging options. I tried using the diagnostic logging to see how much it logged, but you receive a nagging prompt reminding you to disable it about once a minute.

Also, I think the IDS/IPS could be improved. I think it only detects a low percentage of the port scans that actually occur on my system. I will know more when I get a chance to test the firewall myself which I hope is very soon! Btw.. I have a degree in InfoSec, and Networking. I just graduated in May so I don't have much experience, but I do know quite a bit about Networking and Firewalls. I know I need more experience before I would be considered an expert. I think I may have just gotten a Networking Job at a Large Hospital though, i'm keeping my fingers crossed.

Edited: 7/3/19 @ 5:35

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

I'm beginning to wonder if my router even has SPI. I can't find anything that says it does. Also, Actiontec recently came out with a new DSL modem router combo that advertises that their latest product does have SPI, as if the prior didn't. This legacy product of theirs may not have SPI. If it does then I can't find any documentation stating that it does, and nothing in the user interface says it does. Also, the only logging feature I see in the UI says System Log with no options to change the logging level.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

2 minutes ago, itman said:

What is the router make and model number?

https://www.actiontec.com/products/wifi-routers-gateways/dsl/gt784wn/

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

37 minutes ago, itman said:

You finally mentioned that you are using a VPN. As such, you are in essence bypassing the router's firewall. This is one reason I have never considered VPN use.

Even when i'm not using a VPN, which is most of the time, my router does not log any blocked IP other than an IPV6 link-local address. It blocks that address over and over again. I'm using IPV4, and I have IPv6 disabled on my network adapter. I don't see any options to adjust the router's logging capability. I've ran plenty of port scans on my router, and never found any open ports. I have all unnecessary windows services disabled. I only have 5 services running that are listening, and their ports are filtered by Eset Firewall. There's not much to exploit on my machine by way of network attacks.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

On 6/27/2019 at 10:58 AM, itman said:

Let's back up a bit.

The Eset firewall is stateful. It will block any inbound connection:

1. That is not associated with a previous outbound connection.

2. Where an explicit block rule exists to prevent the inbound connection.

All the Network Troubleshooting Wizard shows in regards to the above no. 1). are connections that were blocked. There  is no need to create additional user firewall rules to handle these stateful blocked inbound connections. This is why they are not logged , eventually time out, and no longer are displayed by the Wizard. There is also the risk that by manually creating firewall rules to block this activity, they are not properly created.

Earlier versions of Eset did not have the Network Wizard. Hence the user was totally unaware of the above activity; just as if they they would be if using a router with a stateful firewall. As a rule, router firewalls log all blocked activity which allows the user to be aware of this activity for forensic purposes. On any given day, my router's firewall log contains dozens of blocked inbound connections; primarily port 23, Telnet, attempted access. The Network Wizard's primarily purpose in this context is to provide the ability for example, to inform and create an allow rule for some internal network legitimate inbound connection that was blocked for some reason.

I assume Eset does not log stateful activity blocked inbound connections to prevent the Network Connections log from becoming too large. Another reason would be not to be "bombarded" in this forum with never ending questions about these firewall stateful blocked log enties.

One suggestion to Eset you might request in like forum topic section is Eset provide an option for the Network Connection log where all Network Wizard blocked connections are logged. Similar to like HIPS logging capability, this option would be disabled by default.

The only thing my router ever logs as being blocked is some IPV6 address, and I have IPV6 disabled on my Network Adapter.

I don't know how to log packets dropped from Eset's SPI filtering without turning on diagnostic logging. Eset does not recommend using diagnostic logging except for trouble shooting. The Nework Wizard does show packets dropped due to it's SPI filtering. I see them often. It says something like packet does not belong to any open connection.

I would not have to use the Network Wizard if Eset had a better logging system. Also, Eset should not unblock blocked connections in the connection wizard when the user isn't even clicking on the unblock button. They should not have placed the drop down 1 hour selection directly over the unblock button, and also not ask the user for any confirmation before unblocking. Also the close details window button is over the unblock button. Maybe if they make a few UI changes, and ask the user to confirm before unblocking IPs then it would not be a problem at all.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

On 6/26/2019 at 4:09 PM, itman said:

Set the logging severity to "Warning" for all existing Eset firewall "Block" rules. This includes the default ones. This will result in a log entry always being created.

Not that I am aware of. The HIPS has such capability; but only for blocked activity.

On the other hand, Network Wizard shown "Blocked" activity is primarily a result of existing Eset firewall block rules. Hopefully by modifying logging severity as noted above, you will be provided with most of the detail you desire.

You don't have to set the Logging Level to warning in order for Eset to log blocked connections to the Log File. You can set it to Information Level, and it will Log the event as well. I have been using Information Level. I don't know what the difference is in Information Level, and Warning Level. They both produce an entry in the Log file when an IP has been blocked. I will try to find it in the manual after I have finished this post.

The Network Wizard will show several different types of attacks that I have found no way to Log using Eset's Logging. I would not even know about them without the Network Wizard. That seems to be a flaw in Eset's design. Eset is seriously lacking on their logging capability, or i'm not finding the options if they do exist. I get a lot of attacks on port 500 on my VPN, but I can't block inbound connections to port 500 or my VPN will not work. The attacks show up in the Network Wizard as being blocked due to no allow or block rule being found. If Eset can not find an allow rule or block rule then it drops the packets. Also packets blocked by their SPI filtering shows up in the Network Wizard. I see them in the Network Wizard often. I do not remember the exact wording Eset uses, but it says something like blocked due to not belonging to any open connection. The only way I could log the blocked attacks I see in the Network Wizard is to turn on diagnostic logging which Eset does not recommend except for trouble shooting. It says it will fill your log file up quickly and i'm assuming it is a drain on resources.

[Serious Flaw/bug in Eset Firewall Troube Shooting Wizard]

51 minutes ago, itman said:

One additional comment about Eset's Network Trouble Shooting Wizard. You should not be relying on this as your primary method to block unwanted inbound network traffic. The Wizard was actually designed primarily to automated firewall rule creation for internal apps that are being blocked for some reason. And as far as I am concerned, it creates very permissive rules.

If your router does not employ a stateful firewall that will block any incoming unsolicited network traffic, you should seriously consider purchasing one that does. The router is the point where you want to block any unwanted inbound traffic.

I have to use the Network Wizard to get the IP addresses for attackers that get blocked due to there not being an allowed rule or an explicit deny rule for. It's the only way I can get them, and I only have 1 hour to do it before they are lost.

I totally agree with you on needing a new router. My router security sucks. We only get DSL here, and there are only 3 routers on the market that will work with my DSL. The other ones suck worse than the one I have.

I have its settings configured for max security, but I can not block specific ports on my router unless it is one of the ports on the list of options for the router. Almost none of the vulnerable ports that belong to Windows services are on the list.  I also can not block specific IP addresses on my router. My router does not state whether it uses SPI, which it would be a travesty if it does not!