Box
-
Posts
15 -
Joined
-
Last visited
Kudos
-
Box gave kudos to itman in EGUI Application Modification Alert
Since the default rule exists, delete any like custom rule you created.
-
Box gave kudos to itman in EGUI Application Modification Alert
Next time the alert appears, click on the "Approve" tab.
-
Box gave kudos to Marcos in EGUI Application Modification Alert
It's still there among the built-in rules and even Kbleft has those rules enabled:
-
Box gave kudos to Marcos in EGUI Application Modification Alert
We'd need step-by-step instructions how to reproduce the issue. Are you able to reproduce it at any time?
-
Box gave kudos to itman in EGUI Application Modification Alert
Check you existing Eset firewall rule set and verify that a rule exists for C:\Program Files\ESET\ESET Security\equi.exe. If one exists, verify it is set to allow inbound and outbound traffic. Otherwise, manually create a new rule for it. Move this equi.exe rule to the bottom of existing default firewall rules. You can use the default existing ekrn.exe rule as a guide for equi.exe rule creation.
I believe this should stop the equi.exe alert after a new app rule is created firewall Interactive mode.
-
Box gave kudos to itman in EGUI Application Modification Alert
This would be normal behavior in firewall Interactive mode if an existing app hash value changed and a previous firewall rule existed for it. However, equi.exe is Eset signed so there might be a bug there.
You're going to keep getting the alert until you respond to keep existing firewall rules which I would select, or to create a new firewall rule for the app.
You can also manually verify that equi.exe in C:\Program Files\ESET\ESET Security is also Eset signed indicating it is legit.
-
Box gave kudos to Marcos in EIS ekrn.exe opens a lot of connections to 93.184.220.29 and clog the internet connection.
According to https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, ESET connects to the IP address to check for certificate revocations.
Probably you've recently established several SSL connections and the product connected to the server to check the revocation status of SSL certificates.