The Scorpion 1 Posted January 28, 2017 Share Posted January 28, 2017 (edited) Ran the Gibson Research Leak test and the personal firewall failed and allowed a connection. So... is the Eset firewall reliable or should I use a standalone firewall? Thanks for any advice. (just tried the Atelier firewall tests (6) and it apparently failed them too) Edited January 28, 2017 by The Scorpion Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 120 Posted January 28, 2017 ESET Insiders Share Posted January 28, 2017 (edited) Just a quick Q: Did you DENY & ALLOW the rules correctly by clicking twice on the OK button after removing/adding the rules for the GRC Leakage Tester, according the sequence advised in this test? Perhaps you could share some screencaps on where ESS failed on you? I want to share my test sequence with you, perhaps other users running this test, being my first! 1. Test sequence start: 2. Run Leakage Tester -> create rule and remember permanent: DENY 3. Result Unable To Connect 4. ESS added the create rule (#417) and remember permanent: DENY 5. Removing (#417 -> #416) the create rule and remember permanent: DENY (note: don't forget to OK + OK the removal!) 6. Run Leakage Tester again -> create rule and remember permanent: ALLOW 7. ESS added the create rule (#417) and remember permanent: ALLOW 8. Result Firewall Penetrated 9. Removing (#417 -> #416) the create rule and remember permanent: ALLOW (note: don't forget to OK + OK the removal!) 10. Close the GRC Leakage Tester application Greetz Edited January 28, 2017 by m4v3r1ck typo's Link to comment Share on other sites More sharing options...
The Scorpion 1 Posted January 29, 2017 Author Share Posted January 29, 2017 Thanks for the reply. Not quite sure what you mean - surely if I create a rule in eset that 'allows' connection to GRC it will defeat the purpose of the test? Like if the rule is to 'allow' then it will. If the rule is 'deny' then it won't. Eset gave no warning at all of the test when I ran the test so as to let me deny or allow it. Sorry if I'm missing something here! Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 120 Posted January 29, 2017 ESET Insiders Share Posted January 29, 2017 2 minutes ago, The Scorpion said: Eset gave no warning at all of the test when I ran the test so as to let me deny or allow it. Sorry if I'm missing something here! What warning were you expecting, I don't quite follow you on this. I've set ESET products always in "interactive mode". Link to comment Share on other sites More sharing options...
The Scorpion 1 Posted January 29, 2017 Author Share Posted January 29, 2017 Maybe I'm not fully understanding how a 'leak test' operates! I thought a leak test simulated the behaviour of a trojan or suchlike that attempts to access the internet. That being so (if that's correct!) then I thought a firewall would automatically block it or automatically give a warning as you would not necessarily know beforehand that you had a 'nasty' on your pc. So maybe that's not the case then and you can't leave the Eset firewall setting on 'Automatic' but have to set Eset settings to 'Interactive' and then give permission or not to everything that pops up. So the 'Automatic' option should be ignored? Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 120 Posted January 29, 2017 ESET Insiders Share Posted January 29, 2017 (edited) Thanks for your reply, appreciated! Yes, to monitor every single connection by any application, inbound and/or outbound the best way to go is using the "interactive mode". It's more time consuming, but sets my own mind at ease. It also gives you a great insight - e.g. when testing beta-software - what the behaviour is in connecting to what server and which protocol its using like http(s). I'm an insider for Windows as well. The ESET SS software goes bananes - in interactive mode - when doing the first time clean install of Windows. Heh, its fun to watch the telemetry entering your computer! The GRC Leakage Tester sends an inbound connection to the firewall, when in "interactive mode" you have the option to rule in/out the connection you find suspicious. See my screens. The last test is to rule out that some other process then the ESET firewall is blocking the connection. The combination of both let's you check if your firewall is oke. If you have any more questions please don't hessitate to ask them here on the forum, a great place te be! I'm still on the steep learning curve myself! ? Greetz Edited January 29, 2017 by m4v3r1ck Typo's Link to comment Share on other sites More sharing options...
The Scorpion 1 Posted January 29, 2017 Author Share Posted January 29, 2017 OK. Thanks. Will leave settings in 'Interactive mode'. Link to comment Share on other sites More sharing options...
itman 1,751 Posted January 29, 2017 Share Posted January 29, 2017 (edited) Appears to be confusion as to the purpose of the GRC leak test and others like it. First, note that you download and subsequently execute the GRC leak test. The purpose of this test is to determine if your firewall can detect the outbound connection. By default, the Eset firewall will allow all outbound connections. In this configuration, the firewall will fail every leak test. If that is a concern, then set the firewall to Interactive mode as previously discussed. However, you should fully access the impact of using the firewall in Interactive mode. Unless you are an advanced user with technical knowledge of outbound connections required by both the Windows OS and application software, there is a high likelihood that you will block necessary outbound connections required by this software to function properly. Additionally if you search the web for discussions on whether outbound firewall monitoring is necessary, you will find conflicting statements on such activity. The best overall statement on the subject is that outbound firewall traffic monitoring only is useful if malware has already installed itself. If this has occurred, the user has other issues than just outbound firewall traffic to be concerned about. Other uses of outbound firewall monitoring are privacy related. For example Windows 10 telemetry activities are a concern to many users. The problem with monitoring outbound telemetry traffic is it is also used for system diagnostics purposes and other legitimate traffic. Again, it requires technical knowledge to differentiate between valid system traffic and "spying" like activities. Bottom line - for the average PC user, the Eset firewall best setting is its default allow all outbound Internet traffic. Edited January 29, 2017 by itman Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted January 29, 2017 Most Valued Members Share Posted January 29, 2017 3 hours ago, itman said: Appears to be confusion as to the purpose of the GRC leak test and others like it. First, note that you download and subsequently execute the GRC leak test. The purpose of this test is to determine if your firewall can detect the outbound connection. By default, the Eset firewall will allow all outbound connections. In this configuration, the firewall will fail every leak test. If that is a concern, then set the firewall to Interactive mode as previously discussed. However, you should fully access the impact of using the firewall in Interactive mode. Unless you are an advanced user with technical knowledge of outbound connections required by both the Windows OS and application software, there is a high likelihood that you will block necessary outbound connections required by this software to function properly. Additionally if you search the web for discussions on whether outbound firewall monitoring is necessary, you will find conflicting statements on such activity. The best overall statement on the subject is that outbound firewall traffic monitoring only is useful if malware has already installed itself. If this has occurred, the user has other issues than just outbound firewall traffic to be concerned about. Other uses of outbound firewall monitoring are privacy related. For example Windows 10 telemetry activities are a concern to many users. The problem with monitoring outbound telemetry traffic is it is also used for system diagnostics purposes and other legitimate traffic. Again, it requires technical knowledge to differentiate between valid system traffic and "spying" like activities. Bottom line - for the average PC user, the Eset firewall best setting is its default allow all outbound Internet traffic. I always thought interactive was best in case you are unsure about some applications. I always have my firewall as interactive so if a suspicious program tries to connect to the internet I can block it or if I'm unsure allow it to connect just once. I find it handy if I'm installing something that may come with unwanted extras - if Eset doesn't detect this extra's I can at least stop them from connecting. Also I've always wondered if automatic mode can make the wrong choice - e.g. block something good and allow something dangerous or suspicious. At least in interactive mode I know it's down to me which I suppose could confuse those who aren't very computer literate. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted January 29, 2017 Administrators Share Posted January 29, 2017 3 hours ago, peteyt said: Also I've always wondered if automatic mode can make the wrong choice - e.g. block something good and allow something dangerous or suspicious. At least in interactive mode I know it's down to me which I suppose could confuse those who aren't very computer literate. Automatic mode is suitable for most users as it allows all outgoing communication and blocks all non-initiated incoming communication. Of course, if you are running an HTTP server for instance, the firewall would block incoming communication unless allowed by a rule, however, this is not a common scenario on home computers. Speaking about "leak tests", I rather associate this term with DLP which ESET isn't so testing ESET for something that is meant to be handled by a DLP solution is not correct. Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 120 Posted January 31, 2017 ESET Insiders Share Posted January 31, 2017 Thank you @itman and @Marcos for chiming in and adding some valuable additional info's. Of course automatic mode in ESET is for the 'average' PC user but when installing beta/preview software, it's nice to know - even for a much lesser tech savvy person like myself - what connections are made in- and/or outbound. For me that's one of the fun part testing beta's. Greetz Link to comment Share on other sites More sharing options...
Recommended Posts