Jump to content

 rESET 

Members
  • Posts

    6
  • Joined

  • Last visited

Posts posted by  rESET 

  1. it is not small, forum resize seems small on your screen because it is to large. feel free to klick on it to open screen in full size. or right click, open image in new tab.

     

    https://content.invisioncic.com/Meset/monthly_2017_01/esetignorance.png.6e2c1ebfde92493509ab8fc39f71e97c.png

     

    out of luck, windows firewall rule evaluation is disabled already. i believe it is not windows problem. it must be eset10 firewall driver. since eset9 works with same setting just fine. back in eset9 have windowsfirewall rule disabled also. would like to use "rule based mode" as i configured a whitelist ruleset in eset. but the problem is not my rules. before reporting this i use fresh and clean eset10. 

  2. 17 hours ago, itman said:

    Based on the screen shot you just posted, I see no evidence that a IPv6 connection has established via DHCP IPv6. I see no public or private IPv6 address assignment. The only thing I see is the fe80:: local link scope address.

     

     

    yes, because i disabled ipv6 connection in router as long eset firewall does not protect this.

     

    17 hours ago, itman said:

     

    Also the loopback adapter is showing 10.0.0.0/16 CIDR address. That is not a valid localhost loopback address as far as I am aware of. Are you using a VPC such as Amazon Cloud?

     

    this is not a adress, that is the configured "eset trusted zone" that i manually have added recently for hopefully allowing local traffic. i removed this. i have no vpc connection.

     

    17 hours ago, itman said:

     

    -EDIT- Also the existence of the Teredo Tunneling adapter indicates that you are not connecting via IPv6 but instead are receiving IPv6 communication in a pseudo fashion; the IPv6 communication is being "tunneled" through an IPv4 connection using a Teredo server connection.

    Teredo is ok, but i have disabled now. now my eset adapter view looks same as yours.. with the problem persist. instead my isp gives me ipv6 only. ipv4 is pseudo because dslite tunnel. that is why i need working ipv6 firewall.

     

    17 hours ago, itman said:

     

    1. allow outbound TCP/UDP protocol traffic from local IP address ::1 to remote IP address 10.0.0.0 - 10.0.255.255

    2. allow inbound TCP/UDP protocol traffic from remote IP address 10.0.0.0 - 10.0.255.255 to local IP address ::1

    Add rule 1 first and see if that solves the issue. If not, add the second firewall rule.

    Important: Move both rules to the top of all existing firewall rules.

    If this doesn't solve the problem, make sure you delete both firewall rules.

    Note: I can't vouch for the security of the above since Teredo tunnels are inherently insecure. 

     

    i have added both rules for testing. see eset ignorance:

    esetignorance.png

    as i have used eset firewall rules before, i understand that both should work as same if selected direction BOTH. only one rule must be needed. But this didnt solve anything. since the problem is localhost connection is being blocked. and firewall rules are ignored. eset does not apply it set firewall rule. Only if in interactive mode i set allow temporaly for processID.

    i would say. teredo or any other tunnel mechanism is fine if you have a WORKING firewall with ipv6 support as eset is supposed to as advertised. it is only insecure if you believe your NAT makes you secure, tunnel passes forwarding through.

     

     

    eset does block any local connection i cannot even reach my local webserver Environment, it's blocked. cannot browse to from chrome. see screenshot.

     

    eset does interpret ::1 as unknown device. see "firewallproblem window" right bottom corner. it reads "unblocked" in the same time it says in detail, that no rule was applied. if i remove exclusion rule, the "unblock button" is back enabled ... eset 10 is very buggy. will this be patched or i have to only solution downgrade back to eset 9?

     

    please note, i did a mistake in error report translation, i said training mode instead interactive mode. interactive mode gives the dialog box to allow remember connections.

  3. ok, i have found log collector link inside eset support tools. tried to capture this behavior. But i havent got the egui firewall dialog again. But the problem is the ::1 is detected as "unknown device" /"remote host" for every app/service connection no matter. same rule mismatching

    if run cmd>nslookup eset.com ::1

    this happens also for me. with eset 9 on same configuration not. perhaps can i somehow tell eset10 to know ::1 is the localadress zone? because localadress in zones cannot be edited.

     

    i tried to capture it. firewall log is full of entries. if more info needed let me know.firewall_detailrulenotfound_while_adressunlockedbyrule.pngunknown_device_localhost.png

  4. hello in 2016 i have tried upgrade to eset 10 on windows 8.1 but i had to run av_remove.exe and downgrade to eset v9 because it was incompatible with IPv6 

     not as local address

     

    now we have 2017 and i have upgraded to esetv10 with win10 same issue. removed and installed it clean same issues.

     

    ESET 10 blocks itself. ::1 is detected as remotecomputer not in local address. this is wrong. version9 is working fine with same setting.esetwtf.png

     

     

    i put exclusions for ::1 in firewall rules. in network block view it says. UNBLOCKED but still "no rule found" and so it is still blocked even while it says unblocked. the only way to unblock is to set interactive mode mode and start app and eset pops up asking firewall rule. than choose second option, remember until programquit. this works. if i choose to create rule and remember permanently, it is still blocked.

     

    in https://support.eset.com/kb2266/?locale=en_US  no solution.eset.png

    win10x64 enterprisev1607
    Signaturdatenbank: 14766 (20170113)
    Soforteinsatz-Modul: 9341 (20170113)
    Updates: 1009 (20161205)
    Viren- und Spyware-Schutz: 1508 (20170103)
    Advanced Heuristik: 1175 (20161110)
    Archivunterstützung: 1258 (20161117)
    Säuberungstechnologie: 1128 (20161025)
    Anti-Stealth-Unterstützung: 1106 (20161017)
    Personal Firewall: 1328.1 (20161206)
    ESET SysInspector: 1264 (20161108)
    Lokalisierungsunterstützung: 1567B (20161222)
    HIPS-Unterstützung: 1259 (20161213)
    Internet-Schutz: 1290 (20170104)
    Web-Inhaltsfilter: 1052 (20160620)
    Erweiterter Spam-Schutz: 4927 (20170113)
    Datenbank: 1087 (20161107)
    Konfigurationsmodul (33): 1466.2 (20170104)
    LiveGrid-Kommunikationsmodul: 1022 (20160401)
    Spezielles Säuberungsprogramm: 1012 (20160405)
    Sicheres Online-Banking und Bezahlen: 1094 (20170104)
    Rootkit-Erkennungs- und Bereinigungsmodul: 1006 (20160715)
    Netzwerk-Schutzmodul: 1348 (20170112)
    Prüfmodul für Routerschwachstellen: 1024 (20161201)
    Schutz vor skriptbasierten Angriffen: 1010 (20161205)
     
     
    my hostfile have added ::1 localhost 
     
×
×
  • Create New...