j_mo

Hello, I am using someone else's LAN at the moment, and I am trying to only trust the IP of one other device. I think I have the trusted zone configured correctly, I just don't know if it's blocking all the multicast. Usually when I create a specific blocking rule there is tons of blocked connections. I have it configured with zones and it doesn't log anything. I wanted to make sure it is still working.

Hello all, I noticed the firewall notifications that appear in Interactive Mode do not have the time of the attempted connection. This seems like a pretty easy thing to add, and not having it causes issues, at least for me. If I come back to my PC and there is a notification from a process I don't recognize, or a Windows system process or some such, I often cross reference the notification with sysmon to figure out when it ran and why. This would be a lot easier to do with the time on the notification. It is very time-consuming to try to find it in ESET's logs

I'm gonna be that guy and put it out there that Chrome has some security issues and weird advertising and analytics projects like FLoC embedded in it, where you don't even know if you're a participant unless you investigate the code yourself or use one of the detection sites, and I don't recommend it for anyone. Much better off using a Chromium based browser like Vivaldi, or even Edge over Chrome.

Hi, I have set up an Unbound resolver running on localhost. All is well, except that ESET can't connect to LiveGrid. I gather this is because it wants to use the Windows DNS client. Well, it can't, because I murdered it. Got tired of it not listening to me. Leaking DNS all the time, and my ISP has a transparent proxy so my router DNS settings are meaningless. In fact, the router won't even allow the static routes for the DNS to be deleted. They just magically reappear. So, maybe not just a proxy, but tampered hardware. I'm going to complain to the technician when they come on Tuesday. That's beside the point. I just want ESET to accept 127.0.0.1 as a DNS server. It will not accept any manually entered configuration.

Well, thanks for assisting me in locating the source of the issue. I do not use Edge except on very rare occasions where I need a Chromium browser and it's already there. My main browser is a Firefox fork so unfortunately not supported by ESET. I'll try to look into the technical workings of the secured browser to see what benefit if any it provides to what I already have. Do you know if ESET plans to incorporate any virtualization technology into their software, akin to what Kaspersky and some others have now? That should essentially secure the memory, keyboard, etc. of many programs on the system, rather than only a few supported popular browsers.

For example, Windows UWP apps change their paths every time they update. It would be very helpful to wildcard part of the path. It seemed to work in the past but I don't think my rules where I do that are working anymore.

I fixed that problem by turning off the secured browser. That's what was generating those blocks. They're gone now. I guess "OPP" is Online Payment Protection or something like that would be my guess,

Judging from the documentation it looks like some features require exact processes and some don't; I'm just having trouble figuring out which will allow paths. It looks like performance exclusions will, but HIPS Deep Behavioral Inspection only says "processes." It would be helpful to be able to make firewall rules with paths/wildcards as well but I don't see an answer for that.

Actually, I just had a thought that the Edge browser being set to secured may be causing that. Glad you mentioned the banking protection. I'll turn the always secure thing off and see if that helps.

I don't think it's very good behavior to have processes like Edge blocked from system applications by default. I don't see any way I can override that OPP protected process rule, it's a hidden rule basically. I will have to turn Self-Defense off which is a shame.

So just to confirm, in all the rules of the entire application, the only one that accepts wildcards are registry HIPS rules? What about paths?

No, when you look in the HIPS log you can see that Self-Defense protects other processes than just ESET's. Edge is one. It's under a separate rule called OPP Protected Process. I'm trying to let some programs access Edge. Windows Error Reporting can't even get access for pete's sake: Time;Application;Operation;Target;Action;Rule;Additional information 2022-01-29 9:00:09 PM;C:\Windows\System32\WerFault.exe;Get access to another application;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;Blocked;OPP protected process;Modify state of another application,Terminate/suspend another application I have HIPS on Automatic currently. I only have two manual rules and they have nothing to do with this.

Is there a way to modify the OPP Protected processes rule? Like exclude msedge.exe as a protected process without having to disable the whole Self-Defense?

I looked in documentation but I never found that.

Hello, are wildcards or paths allowed in rules or not? It seemed like they were in the past. If they aren't, why are they accepted as valid inputs? Thanks.

Nobody has any insight? Guess I'll ask support then.

I'm not having any technical issues per se, more like a little configuration confusion. In other firewalls I've used, they will usually have a distinct local/LAN zone and a WAN/internet zone. ESET seems to have instead by default a localhost zone, LAN zone and "DNS servers" zone. In addition to the port visibility zone; if someone could explain that to me it would help because it isn't in the docs. I assumed that the DNS server zone was comparable to a WAN zone, since it included my router gateway IP, but when I make rules using that zone it does not grant access to the internet. I assume it is only granting access to that gateway IP. What is the point of that? To deny access to the internet? That's the only one I can think of. It seems a bit inaccurate to call my gateway IP a DNS server anyway since I do not even use the DNS servers configured in the router. My encrypted DNS traffic simply passes through with everything else. So in the absence of a WAN zone, I need to create a deny rule for the trusted zone in order to only grant it internet access? I guess that's not really a big deal. For example, I keep getting alerts for the BITS service wanting to connect to the gateway IP. I'm not sure why it is the only one that does this and why it's doing it. Everything else shows the remote destination, or the LAN IP of a specific host, or a multicast or network broadcast IP. Never the gateway, I don't really want to allow that connection until I know what it is. BITS is a pain in the , because it's the one service/dll I can't easily figure out what launched it. Its event log will tell me the URL BITS is trying to connect to, but that doesn't always help. So why is BITS's requests showing the gateway IP instead of the destination? Any assistance would be appreciated.

Just my humble two cents here, but I don't understand why anyone would use this service. Some quick research will show they've been plagued by security incidents for years. They are owned by LogMeIn, a company that tolerates widespread scamming and data ransoming activity with their applications and does little to nothing about it. It is counterproductive to say the least to think the solution to keeping your passwords safe is to hand them over to a corporation. Especially one that has shown it has difficulty keeping its servers secure. The whole model is wrong. People's sensitive data should not be concentrated in one location, ever. That's just asking for trouble, both from outside attacks and unscrupulous parties within. Personally, I use SafeinCloud. I'm not trying to advertise for anyone (there are many other options, it's the setup not the software maker that's important) and I'm not some super network security or cryptography guru, but as I understand it, it encrypts your password database and uploads it to whatever cloud service you choose, including your own if you wish via WebDAV. Neither they nor the cloud provider can access your passwords. An attacker, even if they somehow acquired your master password, would have to hunt down your file in the sea of the internet or run across it by chance; there is no convenient company data center to attack. The one small convenience disadvantage is that you can't quickly install an extension on a browser you're using on a public or guest computer and get your passwords. This has never really been a big issue for me, and is also a tradeoff for better security. The browser extensions are just pulling from the local database on the device, and letting you autofill as opposed to having to copy and paste from the main program. My app costs a little money for premium features like Windows Hello support, that's it. No one should have to pay a monthly fee to someone just to secure their passwords. Do not let anyone convince you that is something that should be. You can even use completely free and open source programs like KeePass, where not only are you keeping your own passwords in a location you actually know, you or someone you trust can examine the source code yourself and know exactly what is being done with them.

Adguard has no antivirus function. It's not even a firewall really. Just adblocking, some cookie/script modification and a local DNS resolver. It has a 'Browser Security' module but I have never had it do anything. Just malware blocklists akin to what is already in the browser I think. I have always had less issues with networking applications that utilize the BFE as opposed to those with their own drivers. A major reason for its existence is to increase compatibility and prevent driver conflicts. Some of those third-party driver firewalls are a nightmare on Windows 10/11.

I don't seem to be having any more issues now. I added the entire ESET directory to the advanced settings of Adguard so all the programs in that path are excluded entirely from Adguard's BFE filters. I also took the Adguard service off of ESET's SSL/TLS filtering list, and set ESET to ignore Adguard's certificate. I did not need to revert to the legacy drivers but I will do that if I encounter any more issues.

I'm using Waterfox which is based on Gecko 91. There is no error message actually, just a blank page. No error in the console or anything. It's working at the moment, I think because I set ESET to ignore Github and Microsoft's certificates. So those sites aren't protected I guess. Or it may be that Waterfox isn't a "known browser" so ESET didn't add the root certificate automatically, and I may have needed to reboot after I added it myself. That's probably it, because I just turned scanning back on for the Microsoft certificate and it is still working. I honestly don't really know the point of SSL filtering anyway...makes sense for content blocking, but for an anti-virus the real-time scanner should be picking up everything being accessed anyway, regardless of where it came from. Plus Firefox already comes safe browsing blocklists from Google and Mozilla.

Hello, I am having problems accessing some sites, e.g. microsoft.com, probably due to a conflict with my Adguard client which filters HTTPS/SSL also. I know it's Adguard because the sites work when I disconnect it. It doesn't affect most sites though. I've tried adding the Adguard CA certificate to ESET, and my browser. Doesn't help. It's already in the Windows store. Reinstalled it just for good measure. I'm trying to avoid having to disable ESET's protocol filtering for the browser, but that's what I'll have to do if I can't resolve it. Adguard being able to filter the ads and trackers out of the HTTPS traffic is more important to me than having antivirus scanning on it. Any help would be appreciated.

Thanks for the info. I was a bit heated at the time because of losing all my rules, so sorry if I came across as rude. I have to go in and delete rules from time to time for apps that don't seem to work with the AMD, otherwise I get a huge list of defunct rules.

I don't have the kind of time to waste after I've spent a while editing firewall rules to lose them all to these mysterious "conflicts." The best part is when I finally give up and exit, and then it asks me again, are you SURE you want to exit without saving?? No, I am very sure I do NOT!!

Do you understand that I mean a ruleset large enough to extend over multiple pages? If a rule is on the last page, you can move it to the top, but it's stuck there. There's no way to move it up further up the list to a previous page. This makes it impossible to put newly created rules up to the highest priority. Why the list is broken up into pages anyway, and not just one scrollable list like most other firewalls, is beyond me.