eab

The following was sent to ESET Support: When accessing the URL, for example in a web browser or using curl in the terminal, from a device and network/Internet connection which is IPv6-ready, the IPv6 address is automatically tried first. And if the IPv6 address does not work/resolve, then the web browser, or curl, tries to use the IPv4 address. However, when accessing the URL from a device and network/Internet connection which is not IPv6-ready, the IPv4 address is automatically tried first. In the case of this particular URL, the IPv4 address is working, whereas the IPv6 address is not working - this particular issue is not a problem with ESET. However, this is where ESET does introduce a problem: When this URL is accessed from a device and network/Internet connection which is IPv6-ready, and the IPv6 address fails to resolve, ESET seems to stop the diversion to the IPv4 address. On the other hand, when accessing the URL from a device and network/Internet connection which is not IPv6-ready, the IPv4 address is automatically tried first, and the site loads without problems - ESET does not block it. This man-in-the-middle-ing by ESET/WAP effectively disrupts the handover of a URL from IPv6-to-IPv4, and most likely also vice-versa. You and your technicians and/or developers should have no trouble reproducing this. I will add here as well that I recently was setting up a new Synology server and also experienced ESET/WAP blocking the Synology setup web page, which is the only way to correctly setup a Synology server. So it seems pretty clear that WAP is far too aggressive, especially for a PC-grade security tool, and needs to be thoroughly tested.

New finding! It seems that accessing the NASA website (https://www.giss.nasa.gov) via IPv6 is blocked, whereas via IPv4 is not blocked. Ideas?

I don't have another router to test. But how would that help even if I did? I have the: FRITZ!Box 7590

Look at this - my fritz.box router page is also "blocked" by ESET/WAP - all I get is a white page: I already did! They haven't done anything yet to help. I have now redirected them to this forum thread .. 🙄 This WAP feature is extremely buggy!

And again today this URL is not loading: And the only change to the policy is disabling WAP -> SSL/TLS. Yesterday this same URL magically loaded with the same policy on the same PC, and today it's not loading again. With eea service stopped, or WAP completely disabled, the website loads. Exclusion lists do not work! 😠

Could you please show me what the settings are for your 'Enable product auto-update' policy?

The only difference seems to be the 'Policy Product' name - you have 'Auto-updates' and I have 'Common features'. The 'Policy Name' is identical. This is what the settings for my 'Enable product auto-update' policy looks like: This policy should work for both the Windows and Linux ESET Endpoint products which we use: For our Linux PCs it shows up correctly: Whereas for our Windows PCs it shows up as disabled with the 'Product not installed' message: One thing I did notice was that the 'Parent Name' for the policy in Linux is 'Linux Computers', whereas for the policy in Windows its 'All'. Is this 'Parent Name' column referring to the Computer Group that the policy is assigned to? Because, if so, that's wrong - the policy is assigned to the 'Windows computers' Computer Group, and not to 'All':

Now magically the website is loading with WAP enabled, SSL/TLS disabled, and no URLs in the Allowed or Exceptions lists. 🤷‍♂️

Is there any way to get the assigned policy to update right away? It seems like sometimes it's updated on the client immediately, and other times it takes 10 minutes or so. And Linux command to pull the new policy settings from the server?

Thanks for testing @Marcos. But do you have WAP enabled as well? And if so, are you saying that, with WAP enabled that URL loads for you in the web browser?

OK, the reply from ESET support was completely predictable: No, I didn't do that because I wanted to know from ESET Business support why this URL was being blocked in the first place. In any case, I decided to try to add it as to the Allowed and Excluded lists: This does nothing to solved the problem. I know for a fact that WAP is blocking this website because if I disable WAP completely the website loads immediately. So what gives? (Yes, I already replied with this info to ESET Business support, but they take a day or two to reply each time 😕 )

This is really confusing. I never manually set this 'Common features' policy, and I cannot locate any policy named 'Auto-updates' either. We used to host ESET Protect on-site, and then we migrated to the Cloud-based ESET Protect. Is there any way to completely reset all policies to the "default"/"original" state? The only official documentation containing a list of policies for Windows ESET Endpoint Security that I can find is this one for on-prem ESET Protect: https://help.eset.com/ees/11/en-US/how_apply_policy.html?how_apply_policy.html ... and it doesn't say anything about an anto-update or 'common features' policy. It seems like 'Common features' is not even a policy, but a policy group. All policies inside are locked with 'Managed by ESET Protect' appearing when you hover over with the mouse cursor. Only the very first one, 'Enable product auto-update', is assigned, and it's assigned to the 'All' computer group. This must be the equivalent of your 'Auto-updates' policy.

Are you using the same client software? (we are using ESET Endpoint Security 11) If so, why is it that we have this 'Common features' policy set by default? And, as you can see in the screenshots, we don't even have any 'Auto-updates' policy. 🤷‍♂️ What's even more bewildering is that the 'Common features' policy shows on the PC info (screenshots above) as being disabled (grayed out) with the status 'Product not installed'.

We are trying to figure out what the official default policies are for the ESET Endpoint products. Starting with Windows, we are using the ESET Endpoint Security client software, and some of our PCs have 4 applied policies: While other PCs have 3 applied policies: Meanwhile, these are the policies offered by ESET Protect: And this one is listed under Custom policies: Which of these policies is currently the official default for ESET Security Endpoint on Windows?

Done. Ticket #00727066. Let's see what comes of it 🤷‍♂️