jeffshead

Finally found the setting to disable Home Network Protection. Turning it off stops those firewall log entries. I really don't see the need for it.

I just did a fresh Win7x64 and ESS10.x install for testing. I noticed my gateway firewall log is full of the following entries: 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:42 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="142" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x31d7" app="471" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="152" tos="0x00" prec="0x00" ttl="128" srcport="53964" dstport="1900" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="53087" dstport="137" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x34b6" app="1206" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="17" length="652" tos="0x00" prec="0x00" ttl="128" srcport="61283" dstport="3702" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:44 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61473" dstport="32007" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61474" dstport="62078" tcpflags="SYN" 2016:10:27-09:35:51 gateway ulogd[10367]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="g7:42:56:1d:4h:45" dstmac="f3:fd:4e:df:31:34" srcip="192.168.0.248" dstip="192.168.0.1" proto="6" length="48" tos="0x00" prec="0x00" ttl="128" srcport="61472" dstport="80" tcpflags="SYN" I do not get any of these entries with ESS8.x. I'm assuming this is caused by ESS10's Home Network Protection. Can someone please verify? The destination ports are: 80, 32007, 62078, 137, 1900, 3702

I'll tell everyone what I've tried... So far, so good but need more time to test. I'm on Win7x64. Boot into safe mode and go to the following folder: C:\Program Files\ESET\ESET Smart Security\x86 Rename the following file from: upgrade.exe To: upgrade.exe.BAK I haven't encountered any issues what so ever but I don't know if the upgrade check has taken place since renaming the file. UPDATE (9-18-16): Just removing or renaming upgrade.exe does not work. The file was automatically recreated, today. I renamed the file again and created an empty, dummy upgrade.exe. I'm guessing it will take a month (next check) to see if the dummy file method works. Anyone else want to try this and share your results?

Mod, are you going post those instructions on how to stop displaying the upgrade offer pop-up? I too installed v9 and reverted back to v8 because I encountered issues plus it's NOT as fast or as light on resources as v8. Now I keep getting that crappy upgrade splash screen with v8. I have been a happy customer since v5 but that annoying upgrade pop-up and the way v9 performs makes me think it's time to get serious about finding a replacement for Eset Eset seems to be going the same way a lot of other major software companies are going -- They know what's best for us so they remove options and their software constantly "phones home". Look... Just like Adobe, you can't turn off upgrade checks even though there is a setting for that: ESET Advanced setup->Update->Settings->Advanced update setup

I do not know how to reproduce the issue, at will, so I enabled the logging and let it run until it alerted again. Because logging was running for so long, the resulting EpfwLog.pcapng file is 3.57 GB; too large to attach to an email. I did submit a ticket but I have not received a reply, yet. How can I transfer the EpfwLog.pcapng file? How do I do that for Radmin and will doing so also exclude other, real threats from being handled?

It took me a very long time to diagnose a problem because ESS did not notify me that it was blocking traffic. I thought the issue was caused by my UTM gateway device. I use Adobe Dreamweaver and ESET is interpreting some of the traffic as an exploit. Here are some log entires: When ESS blocks this traffic, it also blocks all access to the computer that the website files are stored on. This means all shares are no longer accessible. It's as if that computer is no longer on the network and there is no warning from ESS so it took me a long time to find the issue. The only way to access that computer's shares again, is to reboot the machine that I'm using, that has ESS installed. I added and IDS Exception but it will only let me add the IPv4 IP address of the computer. By adding this exception, I can continue to access that IP address but ESS still blocks that computere's DNS name (No2). So I can ping "192.168.0.129" but I cannot ping "No2". In order to use the DNS name, I need to add the IPv6 IP address of No2 to the exception but ESS will not accept it. I get a "Failed to change settings" error when I try to add it to the existing exception and when I create a new exception and attempt to add any IPv6 IP address.This appears to be a bug since I can add that same IPv6 address to the "Addresses excluded from active protection (IDS)" rule under Personal Firewall->Zone and Rule Setup->Zones. Once added, the problem is gone. Please fix this bug so individual IDS exploits can be excluded instead of having to exclude an IPv6 IP address from all IDS rules. ------------------------------------------------------------------------------------------------------