j_mo

Hello, I am using someone else's LAN at the moment, and I am trying to only trust the IP of one other device. I think I have the trusted zone configured correctly, I just don't know if it's blocking all the multicast. Usually when I create a specific blocking rule there is tons of blocked connections. I have it configured with zones and it doesn't log anything. I wanted to make sure it is still working.

Hello all, I noticed the firewall notifications that appear in Interactive Mode do not have the time of the attempted connection. This seems like a pretty easy thing to add, and not having it causes issues, at least for me. If I come back to my PC and there is a notification from a process I don't recognize, or a Windows system process or some such, I often cross reference the notification with sysmon to figure out when it ran and why. This would be a lot easier to do with the time on the notification. It is very time-consuming to try to find it in ESET's logs

I'm gonna be that guy and put it out there that Chrome has some security issues and weird advertising and analytics projects like FLoC embedded in it, where you don't even know if you're a participant unless you investigate the code yourself or use one of the detection sites, and I don't recommend it for anyone. Much better off using a Chromium based browser like Vivaldi, or even Edge over Chrome.

Hi, I have set up an Unbound resolver running on localhost. All is well, except that ESET can't connect to LiveGrid. I gather this is because it wants to use the Windows DNS client. Well, it can't, because I murdered it. Got tired of it not listening to me. Leaking DNS all the time, and my ISP has a transparent proxy so my router DNS settings are meaningless. In fact, the router won't even allow the static routes for the DNS to be deleted. They just magically reappear. So, maybe not just a proxy, but tampered hardware. I'm going to complain to the technician when they come on Tuesday. That's beside the point. I just want ESET to accept 127.0.0.1 as a DNS server. It will not accept any manually entered configuration.

Well, thanks for assisting me in locating the source of the issue. I do not use Edge except on very rare occasions where I need a Chromium browser and it's already there. My main browser is a Firefox fork so unfortunately not supported by ESET. I'll try to look into the technical workings of the secured browser to see what benefit if any it provides to what I already have. Do you know if ESET plans to incorporate any virtualization technology into their software, akin to what Kaspersky and some others have now? That should essentially secure the memory, keyboard, etc. of many programs on the system, rather than only a few supported popular browsers.

For example, Windows UWP apps change their paths every time they update. It would be very helpful to wildcard part of the path. It seemed to work in the past but I don't think my rules where I do that are working anymore.

I fixed that problem by turning off the secured browser. That's what was generating those blocks. They're gone now. I guess "OPP" is Online Payment Protection or something like that would be my guess,

Judging from the documentation it looks like some features require exact processes and some don't; I'm just having trouble figuring out which will allow paths. It looks like performance exclusions will, but HIPS Deep Behavioral Inspection only says "processes." It would be helpful to be able to make firewall rules with paths/wildcards as well but I don't see an answer for that.

Actually, I just had a thought that the Edge browser being set to secured may be causing that. Glad you mentioned the banking protection. I'll turn the always secure thing off and see if that helps.

I don't think it's very good behavior to have processes like Edge blocked from system applications by default. I don't see any way I can override that OPP protected process rule, it's a hidden rule basically. I will have to turn Self-Defense off which is a shame.

So just to confirm, in all the rules of the entire application, the only one that accepts wildcards are registry HIPS rules? What about paths?

No, when you look in the HIPS log you can see that Self-Defense protects other processes than just ESET's. Edge is one. It's under a separate rule called OPP Protected Process. I'm trying to let some programs access Edge. Windows Error Reporting can't even get access for pete's sake: Time;Application;Operation;Target;Action;Rule;Additional information 2022-01-29 9:00:09 PM;C:\Windows\System32\WerFault.exe;Get access to another application;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;Blocked;OPP protected process;Modify state of another application,Terminate/suspend another application I have HIPS on Automatic currently. I only have two manual rules and they have nothing to do with this.

Is there a way to modify the OPP Protected processes rule? Like exclude msedge.exe as a protected process without having to disable the whole Self-Defense?

I looked in documentation but I never found that.

Hello, are wildcards or paths allowed in rules or not? It seemed like they were in the past. If they aren't, why are they accepted as valid inputs? Thanks.