Jump to content

zamar27

Members
  • Posts

    112
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by zamar27

  1. On 5/2/2019 at 6:37 PM, itman said:

    It is outside the scope of the Eset firewall to provide these features or such like capability.

    It doesn't seem to be the case. Here's the suggestion I found on How to ensure VPN Only traffic:
    "set up a Public network for VPN network connection (adapter), and block everything through the Firewall sent on Home and Office networks". The task is more suited for advanced Eset users.

    There seems to be several ways for a user to implement it in Eset Firewall settings. For example, a user can take advantage of Eset Firewall Profiles:

    1. View current network connections in Network Protection-Connected Networks;
    2. A
    ssign different Eset Firewall Profiles to various network connections (adapters);
    3. Set  Allow or Deny Any Traffic rules in Firewall Advanced Rules depending on a chosen Firewall Profile.

    Another approach is to use Eset Firewall Zones:

    1. Assign VPN traffic to a new Secure Zone in Firewall Advanced Setup, and add user preferred VPN server remote IP addresses to it;
    2. Set  Allow Any Traffic rule in Firewall Advanced Rules for Trusted Zone to allow LAN traffic;
    3. Set  Allow or Deny Any Traffic rules in Firewall Advanced Rules inside and outside the new Secure Zone.

    In both above approaches or their combination, a user can add extra rules for certain applications or processes within Firewall Zones or Profiles, which traffic should be blocked, passed via VPN tunnel, or outside it thus enabling split tunneling. Some trial and error testing may be required, and one must account for Eset rules evaluation priority, which may change between Eset software versions. One may need to enable Firewall Interactive or Learning mode to teach it how to handle traffic, and advanced logging to create or edit rules using log files. If problems with traffic occur, a user can always export Eset configuration, and revert Firewall settings to Default.

  2. Eset position for some time was "we won't offer VPN". At the same time Eset management recognized that their customers do use VPN, and offered extensive VPN support for its commercial Secure Authentication (ESA) product. When it comes to Home market, Eset staff simply ignores regular customer requests to provide any help on using VPN clients with Eset, despite burgeoning grows of consumer VPN market. 

    Configuring Eset to work with a 3rd party VPN client should not be that hard. This How to use only VPN Connection guide explains how to configure a Windows Firewall to pass a certain app traffic only through VPN. Its obvious from it, instead of passing just one app traffic, a user can configure to pass "ALL Programs" traffic only through VPN.

    However, Eset Firewall not only complies with Windows Firewall rules, but also offers its own set of controls. So why Eset staff persistently refuses to explain in Help, and also on the forum any user questions about VPN and Eset Firewall configuration? What do you offer this forum for, if such popular topics are ignored? The forum is not only for bug reports, but mostly on how to use and improve Eset products, including Eset Firewall and Network & Internet Protection features.

     

  3. Many Windows VPN clients don't have own Firewall or Kill Switch. A VPN Client usually creates a virtual network adapter or MiniPort, which is used by the client instead of physical Ethernet or WiFi adapter, thus creating a separate "Network Connection" in Eset Firewall. Please advice how to best configure Eset Firewall in a way, that all traffic from the PC would pass only through VPN, and any other traffic outside VPN is blocked by Eset Firewall?

    Also, when VPN connection is temporarily interrupted, Eset Firewall should block all PC traffic on all adapters until the VPN connection is restored.

    Can you also explain whether Eset does Real Time Protection on traffic passing through the VPN virtual adapter? If yes, is it done after the traffic has passed the adapter and was decrypted by VPN Client?

  4. I'm testing Eset Internet Security v12.1.34, and it writes to a laptop SSD disk very hard wearing the disk out, when a video is played in Chrome via some extension, plugin, or native client app.

    Why does Eset need to write video fragments to disk instead of processing them in RAM? Why does it write twice as much data than it reads? In the topic "What data Eset writes to SSD, and how to minimize it?" Eset staff replied: "we detect streams and avoid writing them to disk altogether." May be its a bug surfaced again in the latest version?

    I don't want to exclude Chrome browser traffic entirely from protection. Is there a way to automatically pause protection when a streamed video is playing in Chrome, or auto exclude from protection only video stream download and playback in Chrome?

     

    EsetDisk.jpg

  5. Eset retains Interactive Mode setting in its GUI after switching Firewall Off and On again. The problem is, it does NOT read the set Interactive Mode rules upon returning back from Firewall Off state. I can try re-reading the rules each time by the manual mode reset, but its a bug, and it looks like it has already been fixed. Thanks!

  6. I'm using Eset Internet Security 12.1.31.0 . Eset Firewall is set to Interactive Mode to monitor which programs try to access internet. Is there a way to look at daily & weekly statistics what programs attempted access to what sites, and with what kind of traffic?

    There seems to be a bug in this mode. After switching Firewall Off for some time, and then switching it back On, Eset fails to read already stored rules in Interactive mode, and keeps popping up requests from programs that are long saved in Rules. It reads rules again only upon reboot, while simple user log out and re-login doesn't fix the issue.

  7. I couldn't find it on the web, so may i ask to clarify whether Eset Internet Security offers protection and notification:

    - against Keyloggers?

    - against unauthorized desktop and open program windows screenshots taking apps?

    - against intercepting clipboard content apps?

    If yes, please explain how to activate them, and suggest apps allowing to test each such Eset capability separately. If not, can you suggest another program that adds these protections?

  8. 4 hours ago, itman said:

    and never will

    I think Marcos is more optimistic about it than you are. 😊 This is important because he translates user needs to Eset devs. And objectively it aims at Eset being a better product with higher user demand, so everyone here is on the same boat. It doesn't have to be namely Firewall section grouped feature, I rather mean broader Eset capability.

  9. However, URLs are known to Eset one way or another, which is evident when using Interactive Firewall mode. This info should not be discarded, but instead Eset devs should use their ingenuity to include and use it as selected by the user in that popup. 😎 I still believe it should be treated as a bug, because the created rule doesn't match user choice (and often doesn't make sense).

    What I suggest, Eset adding the URL to Firewall Rule, and then next time same program tries to send packets to that URL, Eset will analyse the new IP for that URL coming from DNS server, and dynamically block or allow access to it.

     

    Eset URL Rules.jpg

  10. Both laptop Mic and integrated Speakers are listed under Sound, Video and Game Controllers as one controller "Realtek High Definition Audio". They are listed separately as Speakers and Mic in Windows Sounds Panel. That's were Eset should look for Mics.... and Speakers to monitor access to. 😉

    However, my suggestion is to monitor Audio Card (the controller) and allow programs access to Mic and Speaker streams only upon user permission. This will prevent spy programs from intercepting in-progress audio sessions like PC VoIP phone calls, which are passed as clear local stream through the audio card despite most being now encrypted at WebRTC or similar internet stream source. Now spy programs can locally record encrypted internet conversations in clear from audio card stream to Wav file, and Eset offers no protection. 😥 In fact, I don't know any program which does, so its a huge market opportunity for Eset.

  11. 19 hours ago, Marcos said:

    On the firewall level it's possible to create rules only for IP addresses since these are present in packets that are processed by firewalls.

    Eset Firewall in Interactive Mode shows destination URLs in "User Permission" window popups for each program trying to access internet. This means URLs are clearly present in at least some (initial) DNS server requests, and this data can be used to block program access by URL instead of IP. 

    However, when Eset adds the user rule to Rules DB, it unjustly omits the URL the user allowed or denied access to in the above popup. Hence its a clear Eset bug, and should be fixed. In particular, Eset added in interactive mode rules (any URL allowed or denied) are much broader than the user actually permitted in the popup (only a certain URL), hence they are inaccurate. To fix the issue, the devs need to add URL field to Remote Tab in Advanced Firewall rules

  12. Thanks Marcos,

    However, I need to block access to a particular domain name only for a certain program (an email client), but allow it for all other programs like web browsers, another email client, etc.  Can you add this feature to Eset to allow create app based rules in Web Protection? In many instances current URLs are unknown to a user or keep changing, so allowing to block a certain program access to a domain name instead of IP address would be more convenient or the only possible option.

    Or, can you suggest a workaround?

  13. Why Eset Camera Control doesn't have internal Microphone control option? It makes a little sense to control programs or web access to a camera, but not internal microphone?

    External Device Control feature allows to control access to an external USB Microphone as stated in Help.  However, when I try to add a new control Rule in Eset 12.1.31.0 Advanced Setup - Devices, the Device Type dropdown menu doesn't show Microphone option in the list. Why is that, and how to add an external Mic rule, what option to choose instead, like "Portable Devices" etc?

    Why only a program access to external devices can be blocked? How I can block a program from accessing an internal laptop Mic or device?  Windows Settings - Microphone Privacy window shows a list of mostly Windows internal apps or loaded from Windows Store, for which Mic access can be allowed or denied. But how to monitor & control access to internal Mic by ANY installed app, or a remote website or service?

    More generally, can you add internal Audio Device Control feature to Eset? The security hole I see now is some programs like legit VAC, VoiceMeeter and spyware can silently add virtual "audio cables" allowing for another 3rd party app to monitor and silently record all phone and room conversations on a Windows 10 PC by intercepting clear audio card stream from mic and speakers, thus bypassing source stream encryption like web browser's WebRTC call stream.  Such recordings can later be uploaded to a cloud server and accessed anonymously by an intruder, or sent to his email.

    Is it possible for Eset to control such unauthorized access changes and intercepts of internal audio card streams? If not, can you add that? What program can do it now? How I can see a list of all installed programs having access to audio card streams on a Windows PC?

  14. Eset Firewall Advanced setup offers to allow or deny a certain program sending traffic to a certain IP address or addresses list. But some domains have a range of IP addresses, and it may change over time, while other domains regularly change their IP address.

    How in this case to block a certain program from accessing a given domain instead of IP address? Example: I want to allow a certain mail client to access only imap.gmail.com , but no any other sites,  i.e. no access to smtp.gmail.com or any other?

  15. I got "a variant of Win32/Kryptik.FXGV" on the attached program that appears false-positive based on other engines reports in Virustotal. The program is useful, it can redirect a received Skype call to a regular phone number via Windows PC modem. The developer's website is no longer online. Can you confirm or deny the threat?

    twilight-utilities-skype-forwarder-1766.zip

  16. My PC has updated to 10.1.210.0 long ago, but the option to pause protection is still missing in Tray Menu. Is there a way I can add it by adding some Eset related registry key?

    Or the only way to add it is reinstalling Eset - with or without remnants cleanup? In this case, can I install a new version without uninstalling the previous one? If not, how to keep Firewall and other settings?

  17. In this case, since Eset saves stream segments in 2MB files in Temp, why simply not increase Eset 1 file RAM limit to 2-3MB, and that would solve the issue with streams checking completely in RAM. All other downloads are variable in time, they may happen once or two a week, but not on ongoing basis like streams for most users. And browser pages content processing doesn't result in regular ongoing writes to Temp either. Pls consider instead of simply denying it. You have to resolve this major SSD wear issue anyway, since streams playback is prevalent now, and almost completely replaced movie torrent downloads. Namely streams with Eset ongoing writes cause primary SSD wear, because any other web content is sporadic for most users.

  18. Thanks MMx,

    Yes, I mean there is usually a mounting space for only one disk inside laptops, and lately these are SSD drives only.

    I'm not sure why you hesitate to define a RAM disk size? While Eset may process simultaneously multiple downloads, it segments each download into small parts for processing (if I understand it correctly). Then probably I need to ask a different question: is it possible to direct to RAM disk only Eset activity related to web stream processing, but keep it as is all other activity related to various file downloads and web browsing, because it results in much less frequent and smaller in total writes to SSD?

  19. 4 hours ago, MMx said:

    Have you considered moving the temp directory away from SSD?

    I'm using excellent Link Shell Extension for that purpose, mostly to relocate various browsers Profile & Cache folders from the system drive to pollute it less. However, in modern laptops, there is often no way to use SSD as a system drive, and a 2nd internal HDD as a service drive. So, people just create several SSD volumes for that. But this is not going to address the wear issue due to ongoing writes.

    I'm considering RAMDisk software like this one or similar free packages. My question is, what RAMDisk size would you consider optimal? Will it work OK for Eset? It should flash its data to SSD when shutting down the PC. While analyzing Eset writes, Marcus suggested to look at system writes as well. I found that System process writes routinely 15-30GB a day to SSD, which was a shocking discovery. Not sure if its related to Eset though, some of it is Windows Telemetry (spying) activity, some are Event logs, but why such a huge amount of data System continuously writes to disk? Can you guys look at the Process Monitor log I will send, to suggest what is the bulk of data System Process writes to disk, what activity its related to?

  20. 5 hours ago, Marcos said:

    Browsers do not need to keep data from streams'

    We keep 1 MB of data in memory and the rest is saved to a disk. Antivirus programs cannot allocate too much memory in order to to store all data they need to scan.

    Thanks Marcus for your help. Sorry for sending you the wrong log, I took several with different filters. I will try to use Web Access Protection functionality the way you suggested. Never had to modify it before. I'm still concerned to use it with movie streaming sites, since you never know what they may package within the movie stream. :unsure: But for TV stations its probably OK, though some also insert certain hypnosis & brain manipulation segments into the TV stream, like bright light flashes and certain fast pace non recognizable visual sequences targeting subconscious. But this is not filtered by Eset anyway. :blink: (May be a good idea for future development?)

    As to saving stream to disk for processing, I prefer MS Edge for stream playback due to highly optimized CPU load and codecs smoothness. It doesn't save stream to disk, but instead it seems to be done by System process, which temp saves segments of the stream to:

    C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.loglog
    C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
    C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

    Of course Google Chrome and Firefox also temp save stream segments cache in their corresponding directories. I noticed, during stream playback Eset keeps saving and deleting 2MB segments of the stream to C:\Windows\Temp\htt58AD.tmp . It appears redundant to me for 2 reasons:
    - Eset can instead use stream cache segments temp saved by the browser;
    - why not dedicate 10-20MB RAM space for that task instead of 1MB RAM? Current PCs seldom come with less than 8-16GB RAM, so 10MB is really nothing noticeable, unless using a Pentium PC. May be you can allow a user to set this limit in Eset advanced prefs? I think its very important, given the proliferation of SSDs as primary disks nowadays, and their suffering from ongoing writes.

  21. 4 hours ago, Marcos said:

    If you use an IP camera to stream video and if it causes a lot of data to be written to a disk,you can exclude its IP address from protocol filtering.

    But your advice seems to be related to Eset Firewall, but not to Real Time Antivirus Protection? How exactly I can do this, including for certain website urls such as TV streaming websites? Can you give a particular example for Eset Smart Security v10 GUI controls instead of a generic suggestion? The TV & Movie streaming is done via MS Edge browser, and it doesn't seem to write streams to disk, but System writes its cache to disk. System Swap file was not updated for 4 days as per File Explorer.

    I sent you the requested Process Monitor log by email (Case #46490).

  22. Hi Marcos,

    I'll collect the PM log. These are regular activities I see in monitoring software. Note, System for some reasons regularly accessing Eset stats and local.db - is that Eset itself masking as System? Also, Eset reads back only a small portion of what it writes to disk. I can't believe small Eset logs and stats create 4GB write activity a day. This is the largest single daily write contributor to disk after System as per Process Explorer.

    And below you can see, Eset continuously writes to disk an internet TV station stream, not IP camera. That's what namely creates such unnecessary wear workload on SSD, given the fact Eset seldom reads back the temp data it writes to disk. However, I can't find any Eset user tools that easily allow to eliminate certain websites or streams from being continuously real time monitored, or switch Eset to monitor them in RAM, where these stream fragments are already continuously loaded by the browser's player. That means, if TV or movies play in the background all day, especially in HD or 4K format now prevalent, your SSD is going to be weared out very fast by Eset, which doesn't even read this temp data it keeps writing to disk.

    So my questions are:

    1. How I can exclude certain TV and Movie website streams from Eset Real Time Protection? If not possible, can you add this type of control to Eset User Control Panel?
    2. Can Eset process these ongoing stream segments in RAM (given small 2MB temp file size it keeps writing to disk and erasing, and because they are already loaded to RAM by the browser player), instead of continuously writing these stream segments to SSD?
    3. Why Firefox and its Flash player don't write the web streams to disk, but instead play them from RAM, which is obvious from Process Explorer stats, but Eset keeps writing them to disk instead of using data already loaded to RAM by the browser?

    Eset.jpg

    Eset2.jpg

    Eset3.jpg

×
×
  • Create New...