jeffshead

Members
  • Content count

    14
  • Joined

  • Last visited

About jeffshead

  • Rank
    N/A

Recent Profile Visitors

143 profile views
  1. I cannot find a setting that tells ESS to quarantine suspected email attachments rather than delete them. I see that you can set it (Email client protection) to not clean but that means it won't quarantine, doesn't it? I had someone email a JavaScript file to me in a zip container but ESS deleted the file (false positive) and I don't see anyway to recover the file. It would make more sense to quarantine email attachments rather than delete them so you can recover safe files.
  2. Thank you. That makes sense, now. I'm just used to going into routers' firewall logs where everything is logged and easier to find. Since the VPN subnet is not automatically added to ESET's "Known networks", what is the best approach to allowing VPN connections as if they were just another PC on the same subnet as the PC on which ESET is installed? Is that a bad idea? What are the differences between adding 10.1.1.0/24 to the Trusted zone versus manually adding 10.1.1.0/24 to the Known networks? EDIT: I did what another user suggested (https://forum.eset.com/topic/8274-endpoint-security-homework-network-not-being-treated-as-trusted-zone/?tab=comments#comment-43989) and added the VPN subnet to the already existing Known network and it seems to work just fine.
  3. 10.1.1.0/24 is not in the known networks setup. Only 192.168.1.0/24. The firewall troubleshooting wizard is what I was looking for. It does not make sense to me why the Personal Firewall log does not show all blocked communications. Why must users have to hunt for blocked communications in different locations of the GUI?
  4. I have ESS 10 on a PC on my local network. I have a SSL VPN set up on my router so I can access my local network when abroad. My LAN IP's are 192.168.1.xxx. My VPN IP's are 10.1.1.xxx. I have tried every setting I could find but I cannot access this PC over the VPN. I am in interactive mode but have never gotten an alert when I try to connect. I have tried disabling IDS, adding the VPN IP to IDS exclusions and disabling HIPS. I have also set HIPS to log all events but I see nothing about my connection attempts in the logs. The only way I can connect via VPN is to "Pause firewall (allow all traffic)". How can I find out exactly why ESS is blocking my VPN connection? Why is it not being logged?
  5. I must concede to some of your points and apologize for getting off topic. I still hold firm on the fact that there should be an option to opt-out of the nag screen or at least being able to turn it off until two weeks before EOF of the version that is currently installed.
  6. Because ESET wants to sell annual upgrades, every year. ESET is getting more bloated, with useless cr@p, with each release. ESET is marketing to the less savvy. Half of this isn't needed if you are behind a good gateway and know what you should and shouldn't be doing. It's really sad when company's think it's perfectly fine to spam their paying customers with ads that they cannot opt out of. If the main reason for the nag is safety, then why are you still supporting v8.x until 12/18? The annoying nags shouldn't start until the installed version is close to EOF. Not 2+ years before EOF. That's spam being generated by the same company that you are doing business with and they are telling you that they don't care. We (ESET) are going to continue annoying you whether you like it or not because we already have your money and we don't care what you want because we know better than you. Now click on the upgrade button to stop the annoying nag screen and send more money.
  7. ESS 10.x - Ports

    I decided to leave Home Network Protection enabled and see if the added network traffic is worth it. I added a firewall rule to not log the dropped packets so my logs are not so cluttered. One annoyance is the fact that the types of devices to select from is very limited. There's no option to add a custom device type, either. I'm referring to identifying "Unknown" device types as indicated below: ESET should add the following device types: Wireless access points UPS's Media players A custom type so you can add whatever text you want to describe the type of device. The ability to add your own image would be really nice.
  8. ESS 10.x - Ports

    Thanks for the replies 192.168.0.1 is the router and 148 is the PC. Exactly what protection does Home Network Protection provide? I use a business class gateway/router that allows only explicit traffic so it's always going to drop the Home Network Protection packets. I could create a rule to stop logging that traffic but I don't need ESET to "test your home router for vulnerabilities". If the only other action it performs is to tell me what other devices are on the network, then I will keep it disabled. So does Home Network Protection do anything else?
  9. ESS 10.x - Ports

    Finally found the setting to disable Home Network Protection. Turning it off stops those firewall log entries. I really don't see the need for it.
  10. I just did a fresh Win7x64 and ESS10.x install for testing. I noticed my gateway firewall log is full of the following entries: 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" I do not get any of these entries with ESS8.x. I'm assuming this is caused by ESS10's Home Network Protection. Can someone please verify? The destination ports are: 80, 32007, 62078, 137, 1900, 3702
  11. I'll tell everyone what I've tried... So far, so good but need more time to test. I'm on Win7x64. Boot into safe mode and go to the following folder: C:\Program Files\ESET\ESET Smart Security\x86 Rename the following file from: upgrade.exe To: upgrade.exe.BAK I haven't encountered any issues what so ever but I don't know if the upgrade check has taken place since renaming the file. UPDATE (9-18-16): Just removing or renaming upgrade.exe does not work. The file was automatically recreated, today. I renamed the file again and created an empty, dummy upgrade.exe. I'm guessing it will take a month (next check) to see if the dummy file method works. Anyone else want to try this and share your results?
  12. Mod, are you going post those instructions on how to stop displaying the upgrade offer pop-up? I too installed v9 and reverted back to v8 because I encountered issues plus it's NOT as fast or as light on resources as v8. Now I keep getting that crappy upgrade splash screen with v8. I have been a happy customer since v5 but that annoying upgrade pop-up and the way v9 performs makes me think it's time to get serious about finding a replacement for Eset Eset seems to be going the same way a lot of other major software companies are going -- They know what's best for us so they remove options and their software constantly "phones home". Look... Just like Adobe, you can't turn off upgrade checks even though there is a setting for that: ESET Advanced setup->Update->Settings->Advanced update setup
  13. I do not know how to reproduce the issue, at will, so I enabled the logging and let it run until it alerted again. Because logging was running for so long, the resulting EpfwLog.pcapng file is 3.57 GB; too large to attach to an email. I did submit a ticket but I have not received a reply, yet. How can I transfer the EpfwLog.pcapng file? How do I do that for Radmin and will doing so also exclude other, real threats from being handled?
  14. It took me a very long time to diagnose a problem because ESS did not notify me that it was blocking traffic. I thought the issue was caused by my UTM gateway device. I use Adobe Dreamweaver and ESET is interpreting some of the traffic as an exploit. Here are some log entires: When ESS blocks this traffic, it also blocks all access to the computer that the website files are stored on. This means all shares are no longer accessible. It's as if that computer is no longer on the network and there is no warning from ESS so it took me a long time to find the issue. The only way to access that computer's shares again, is to reboot the machine that I'm using, that has ESS installed. I added and IDS Exception but it will only let me add the IPv4 IP address of the computer. By adding this exception, I can continue to access that IP address but ESS still blocks that computere's DNS name (No2). So I can ping "192.168.0.129" but I cannot ping "No2". In order to use the DNS name, I need to add the IPv6 IP address of No2 to the exception but ESS will not accept it. I get a "Failed to change settings" error when I try to add it to the existing exception and when I create a new exception and attempt to add any IPv6 IP address.This appears to be a bug since I can add that same IPv6 address to the "Addresses excluded from active protection (IDS)" rule under Personal Firewall->Zone and Rule Setup->Zones. Once added, the problem is gone. Please fix this bug so individual IDS exploits can be excluded instead of having to exclude an IPv6 IP address from all IDS rules. ------------------------------------------------------------------------------------------------------