Jump to content

Recommended Posts

Ran the Gibson Research Leak test and the personal firewall failed and allowed a connection.  So... is the Eset firewall reliable or should I use a standalone firewall?

Thanks for any advice.

(just tried the Atelier firewall tests (6) and it apparently failed them too)

Edited by The Scorpion
Link to comment
Share on other sites

  • ESET Insiders

Just a quick Q: Did you DENY & ALLOW the rules correctly by clicking twice on the OK button after removing/adding the rules for the GRC Leakage Tester, according the sequence advised in this test? Perhaps you could share some screencaps on where ESS failed on you?

I want to share my test sequence with you, perhaps other users running this test, being my first! ;)

1. Test sequence start:

ScreenCap 2017-01-28 at 23.36.18.jpg

2. Run Leakage Tester -> create rule and remember permanent: DENY

ScreenCap 2017-01-29 at 00.03.10.jpg

3. Result Unable To Connect

ScreenCap 2017-01-28 at 23.36.49.jpg

4. ESS added the create rule (#417) and remember permanent: DENY

ScreenCap 2017-01-28 at 23.37.35.jpg

5. Removing (#417 -> #416) the create rule and remember permanent: DENY (note: don't forget to OK + OK the removal!)

ScreenCap 2017-01-28 at 23.38.31.jpg

6. Run Leakage Tester again -> create rule and remember permanent: ALLOW

ScreenCap 2017-01-29 at 00.14.21.jpg

7. ESS added the create rule (#417) and remember permanent: ALLOW

8. Result Firewall Penetrated

ScreenCap 2017-01-28 at 23.39.21.jpg

9. Removing (#417 -> #416) the create rule and remember permanent: ALLOW (note: don't forget to OK + OK the removal!)

10. Close the GRC Leakage Tester application

Greetz

Edited by m4v3r1ck
typo's
Link to comment
Share on other sites

Thanks for the reply. Not quite sure what you mean - surely if I create a rule in eset that 'allows' connection to GRC it will defeat the purpose of the test?  Like if the rule is to 'allow' then it will. If the rule is 'deny' then it won't.  Eset gave no warning at all of the test when I ran the test so as to let me deny or allow it.

Sorry if I'm missing something here! 

 

Link to comment
Share on other sites

  • ESET Insiders
2 minutes ago, The Scorpion said:

Eset gave no warning at all of the test when I ran the test so as to let me deny or allow it.

Sorry if I'm missing something here! 

 

What warning were you expecting, I don't quite follow you on this. I've set ESET products always in "interactive mode".

Link to comment
Share on other sites

Maybe I'm not fully understanding how a 'leak test' operates! I thought a leak test simulated the behaviour of a trojan or suchlike that

attempts to access the internet. That being so (if that's correct!) then I thought a firewall would automatically block it or automatically give a warning as you would not necessarily know beforehand that you had a 'nasty' on your pc.

So maybe that's not the case then and you can't leave the Eset firewall setting on 'Automatic' but have to set Eset settings to 'Interactive' and then give permission or not to everything that pops up. So the 'Automatic' option should be ignored?

Link to comment
Share on other sites

  • ESET Insiders

Thanks for your reply, appreciated!

Yes, to monitor every single connection by any application, inbound and/or outbound the best way to go is using the "interactive mode". It's more time consuming, but sets my own mind at ease. It also gives you a great insight - e.g. when testing beta-software - what the behaviour is in connecting to what server and which protocol its using like http(s).

I'm an insider for Windows as well. The ESET SS software goes bananes - in interactive mode - when doing the first time clean install of Windows. Heh, its fun to watch the telemetry entering your computer!

The GRC Leakage Tester sends an inbound connection to the firewall, when in "interactive mode" you have the option to rule in/out the connection you find suspicious. See my screens. The last test is to rule out that some other process then the ESET firewall is blocking the connection. The combination of both let's you check if your firewall is oke.

If you have any more questions please don't hessitate to ask them here on the forum, a great place te be! I'm still on the steep learning curve myself! ?

Greetz

Edited by m4v3r1ck
Typo's
Link to comment
Share on other sites

Appears to be confusion as to the purpose of the GRC leak test and others like it.

First, note that you download and subsequently execute the GRC leak test. The purpose of this test is to determine if your firewall can detect the outbound connection.

By default, the Eset firewall will allow all outbound connections. In this configuration, the firewall will fail every leak test. If that is a concern, then set the firewall to Interactive mode as previously discussed.

However, you should fully access the impact of using the firewall in Interactive mode. Unless you are an advanced user with technical knowledge of outbound connections required by both the Windows OS and application software, there is a high likelihood that you will block necessary outbound connections required by this software to function properly.

Additionally if you search the web for discussions on whether outbound firewall monitoring is necessary, you will find conflicting statements on such activity. The best overall statement on the subject is that outbound firewall traffic monitoring only is useful if malware has already installed itself. If this has occurred, the user has other issues than just outbound firewall traffic to be concerned about. Other uses of outbound firewall monitoring are privacy related. For example Windows 10 telemetry activities are a concern to many users. The problem with monitoring outbound telemetry traffic is it is also used for system diagnostics purposes and other legitimate traffic. Again, it requires technical knowledge to differentiate between valid system traffic and "spying" like activities.

Bottom line - for the average PC user, the Eset firewall best setting is its default allow all outbound Internet traffic. 

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
3 hours ago, itman said:

Appears to be confusion as to the purpose of the GRC leak test and others like it.

First, note that you download and subsequently execute the GRC leak test. The purpose of this test is to determine if your firewall can detect the outbound connection.

By default, the Eset firewall will allow all outbound connections. In this configuration, the firewall will fail every leak test. If that is a concern, then set the firewall to Interactive mode as previously discussed.

However, you should fully access the impact of using the firewall in Interactive mode. Unless you are an advanced user with technical knowledge of outbound connections required by both the Windows OS and application software, there is a high likelihood that you will block necessary outbound connections required by this software to function properly.

Additionally if you search the web for discussions on whether outbound firewall monitoring is necessary, you will find conflicting statements on such activity. The best overall statement on the subject is that outbound firewall traffic monitoring only is useful if malware has already installed itself. If this has occurred, the user has other issues than just outbound firewall traffic to be concerned about. Other uses of outbound firewall monitoring are privacy related. For example Windows 10 telemetry activities are a concern to many users. The problem with monitoring outbound telemetry traffic is it is also used for system diagnostics purposes and other legitimate traffic. Again, it requires technical knowledge to differentiate between valid system traffic and "spying" like activities.

Bottom line - for the average PC user, the Eset firewall best setting is its default allow all outbound Internet traffic. 

I always thought interactive was best in case you are unsure about some applications.

I always have my firewall as interactive so if a suspicious program tries to connect to the internet I can block it or if I'm unsure allow it to connect just once. I find it handy if I'm installing something that may come with unwanted extras - if Eset doesn't detect this extra's I can at least stop them from connecting.

Also I've always wondered if automatic mode can make the wrong choice - e.g. block something good and allow something dangerous or suspicious. At least in interactive mode I know it's down to me which I suppose could confuse those who aren't very computer literate.

Link to comment
Share on other sites

  • Administrators
3 hours ago, peteyt said:

Also I've always wondered if automatic mode can make the wrong choice - e.g. block something good and allow something dangerous or suspicious. At least in interactive mode I know it's down to me which I suppose could confuse those who aren't very computer literate.

Automatic mode is suitable for most users as it allows all outgoing communication and blocks all non-initiated incoming communication. Of course, if you are running an HTTP server for instance, the firewall would block incoming communication unless allowed by a rule, however, this is not a common scenario on home computers.

Speaking about "leak tests", I rather associate this term with DLP which ESET isn't so testing ESET for something that is meant to be handled by a DLP solution is not correct.

Link to comment
Share on other sites

  • ESET Insiders

Thank you @itman and @Marcos for chiming in and adding some valuable additional info's. Of course automatic mode in ESET is for the 'average' PC user  but when installing beta/preview software, it's nice to know - even for a much lesser tech savvy person like myself - what connections are made in- and/or outbound. For me that's one of the fun part testing beta's.

Greetz

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...