Jump to content

jeffshead

Members
  • Posts

    17
  • Joined

  • Last visited

About jeffshead

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA

Recent Profile Visitors

662 profile views
  1. Under URL management -- What is the difference between List of allowed addresses and List of addresses excluded from content scan? Let's say there is a website that ESET is blocking but I want to access it anyway. If I add it to List of allowed addresses, will ESET then let me access that page but still scan for malware whereas adding it to List of addresses excluded from content scan will let me access the site and not scan it for malware? Is my assumption correct? If so, then if I add a URL to List of allowed addresses and ESET lets me access the page but finds malware, ESET will still block the page? So if the malware is a false positive, the only way to access that page is to then add it to List of addresses excluded from content scan? Is all of the above correct? If not, please elaborate.
  2. I am trying to rule out ESET as being the cause of an issue. How can I totally disable all protections without uninstalling the product? I know simply right-clicking the systray icon and selecting "Pause" for the firewall and Protection does not remove all protections. I remember being able to do this, years ago. It required booting to SafeMode, disabling something and rebooting. The problem I'm encountering is that I cannot delete or move some folders/exe's after viewing them. I get the following error: If I wait for about a minute, I can move/delete them. I'm wondering if ESET is locking the file/folders.
  3. Can Endpoint be installed on Windows Server in order to get eset firewall on a server? I know the eset product that is designed for Windows Servers does not come with a firewall.
  4. I cannot find a setting that tells ESS to quarantine suspected email attachments rather than delete them. I see that you can set it (Email client protection) to not clean but that means it won't quarantine, doesn't it? I had someone email a JavaScript file to me in a zip container but ESS deleted the file (false positive) and I don't see anyway to recover the file. It would make more sense to quarantine email attachments rather than delete them so you can recover safe files.
  5. Thank you. That makes sense, now. I'm just used to going into routers' firewall logs where everything is logged and easier to find. Since the VPN subnet is not automatically added to ESET's "Known networks", what is the best approach to allowing VPN connections as if they were just another PC on the same subnet as the PC on which ESET is installed? Is that a bad idea? What are the differences between adding 10.1.1.0/24 to the Trusted zone versus manually adding 10.1.1.0/24 to the Known networks? EDIT: I did what another user suggested (https://forum.eset.com/topic/8274-endpoint-security-homework-network-not-being-treated-as-trusted-zone/?tab=comments#comment-43989) and added the VPN subnet to the already existing Known network and it seems to work just fine.
  6. 10.1.1.0/24 is not in the known networks setup. Only 192.168.1.0/24. The firewall troubleshooting wizard is what I was looking for. It does not make sense to me why the Personal Firewall log does not show all blocked communications. Why must users have to hunt for blocked communications in different locations of the GUI?
  7. I have ESS 10 on a PC on my local network. I have a SSL VPN set up on my router so I can access my local network when abroad. My LAN IP's are 192.168.1.xxx. My VPN IP's are 10.1.1.xxx. I have tried every setting I could find but I cannot access this PC over the VPN. I am in interactive mode but have never gotten an alert when I try to connect. I have tried disabling IDS, adding the VPN IP to IDS exclusions and disabling HIPS. I have also set HIPS to log all events but I see nothing about my connection attempts in the logs. The only way I can connect via VPN is to "Pause firewall (allow all traffic)". How can I find out exactly why ESS is blocking my VPN connection? Why is it not being logged?
  8. I must concede to some of your points and apologize for getting off topic. I still hold firm on the fact that there should be an option to opt-out of the nag screen or at least being able to turn it off until two weeks before EOF of the version that is currently installed.
  9. Because ESET wants to sell annual upgrades, every year. ESET is getting more bloated, with useless cr@p, with each release. ESET is marketing to the less savvy. Half of this isn't needed if you are behind a good gateway and know what you should and shouldn't be doing. It's really sad when company's think it's perfectly fine to spam their paying customers with ads that they cannot opt out of. If the main reason for the nag is safety, then why are you still supporting v8.x until 12/18? The annoying nags shouldn't start until the installed version is close to EOF. Not 2+ years before EOF. That's spam being generated by the same company that you are doing business with and they are telling you that they don't care. We (ESET) are going to continue annoying you whether you like it or not because we already have your money and we don't care what you want because we know better than you. Now click on the upgrade button to stop the annoying nag screen and send more money.
  10. I decided to leave Home Network Protection enabled and see if the added network traffic is worth it. I added a firewall rule to not log the dropped packets so my logs are not so cluttered. One annoyance is the fact that the types of devices to select from is very limited. There's no option to add a custom device type, either. I'm referring to identifying "Unknown" device types as indicated below: ESET should add the following device types: Wireless access points UPS's Media players A custom type so you can add whatever text you want to describe the type of device. The ability to add your own image would be really nice.
  11. Thanks for the replies 192.168.0.1 is the router and 148 is the PC. Exactly what protection does Home Network Protection provide? I use a business class gateway/router that allows only explicit traffic so it's always going to drop the Home Network Protection packets. I could create a rule to stop logging that traffic but I don't need ESET to "test your home router for vulnerabilities". If the only other action it performs is to tell me what other devices are on the network, then I will keep it disabled. So does Home Network Protection do anything else?
  12. Finally found the setting to disable Home Network Protection. Turning it off stops those firewall log entries. I really don't see the need for it.
  13. I just did a fresh Win7x64 and ESS10.x install for testing. I noticed my gateway firewall log is full of the following entries: 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" I do not get any of these entries with ESS8.x. I'm assuming this is caused by ESS10's Home Network Protection. Can someone please verify? The destination ports are: 80, 32007, 62078, 137, 1900, 3702
  14. I'll tell everyone what I've tried... So far, so good but need more time to test. I'm on Win7x64. Boot into safe mode and go to the following folder: C:\Program Files\ESET\ESET Smart Security\x86 Rename the following file from: upgrade.exe To: upgrade.exe.BAK I haven't encountered any issues what so ever but I don't know if the upgrade check has taken place since renaming the file. UPDATE (9-18-16): Just removing or renaming upgrade.exe does not work. The file was automatically recreated, today. I renamed the file again and created an empty, dummy upgrade.exe. I'm guessing it will take a month (next check) to see if the dummy file method works. Anyone else want to try this and share your results?
  15. Mod, are you going post those instructions on how to stop displaying the upgrade offer pop-up? I too installed v9 and reverted back to v8 because I encountered issues plus it's NOT as fast or as light on resources as v8. Now I keep getting that crappy upgrade splash screen with v8. I have been a happy customer since v5 but that annoying upgrade pop-up and the way v9 performs makes me think it's time to get serious about finding a replacement for Eset Eset seems to be going the same way a lot of other major software companies are going -- They know what's best for us so they remove options and their software constantly "phones home". Look... Just like Adobe, you can't turn off upgrade checks even though there is a setting for that: ESET Advanced setup->Update->Settings->Advanced update setup
×
×
  • Create New...