Jump to content

Archived

This topic is now archived and is closed to further replies.

Arash

Eset 10 network protection problems

Recommended Posts

I had the problem with Win10 1607 and now Win10 1703 - I can fix it now most of the time by disabling all 3 Problems (Firewall,IDS,Botnet) -> close the GUI -> open it again and enabling all 3 again without the need for reboot

Share this post


Link to post
Share on other sites
25 minutes ago, Hikester said:

I had the problem with Win10 1607 and now Win10 1703 - I can fix it now most of the time by disabling all 3 Problems (Firewall,IDS,Botnet) -> close the GUI -> open it again and enabling all 3 again without the need for reboot

That's interesting. Had tried toggling disable/enable before unsuccessfully but without closing the GUI in between. Will try that next time as obviously preferable to my workaround of restarting windows.

An additional observation. Just checked windows event logs and the non-functional status appears to correlate with this:

This application took longer than usual to start up, resulting in a performance degradation in the system startup process: 
     File Name        :    ekrn.exe
     Friendly Name        :    ESET Service
     Version        :    10.0.386.0 
     Total Time        :    871ms
     Degradation Time    :    538ms
     Incident Time (UTC)    :    08/04/2017 14:21:09

When I implement my workaround no such message is logged during the post-disable (Firewall, IDS, Botnet) windows boot.

Share this post


Link to post
Share on other sites

Is anybody having these issues even with default firewall settings, in particular with automatic firewall mode and no custom rules created?

Share this post


Link to post
Share on other sites

I was in interactive mode with about 300 rules

 

I just deleted all my rules and put firewall in automatic mode then restart ==> FW was up and seems OK

Then i put in learning rule to create basic rules ==> FW still up and OK

Then i restarted and put FW in interactive mode again.

 

Everything looks good for the moment, I will let you know if it changes. If not, maybe it was because some of my rules ?

Share this post


Link to post
Share on other sites
1 hour ago, Mahoneko said:

Everything looks good for the moment, I will let you know if it changes. If not, maybe it was because some of my rules ?

Suspect one of your rules "bricked" the Windows Filtering Platform which the Eset firewall interacts with. Most likely svchost.exe - BITS.

Share this post


Link to post
Share on other sites

Hi Folks,

good news, at least for me. Issue solved. :)

I just tried to uninstall Smart Security where a window saying "collecting data" appeared during the uninstall process. Nothing weird so far, nevertheless I noted that it took too long to finish the step. So I saw that my connected external USB hard drive was being continously accessed indicating that SS is "collecting data/info" in there, maybe. What the hell is SS collecting on external drive to finish the uninstall process?!.
So I decided to abort the whole procedure by clicking Cancel in which SS after a coupled minutes doesn't responded anymore. So I pulled off the cable from the usb port while hard drive was blinking.
Suddenly, the uninstall process took back its course and aborted the uninstall. I then run the SS again and voilà! I got it back working again AND without the annoying red warning on the GUI -- the PC also got its performance back.
So what I can conclude so far is that in my case the external drive got stuck somehow and interfered SS from functioning properly.

 

Share this post


Link to post
Share on other sites

For the time being avoid using learning mode which is known to cause issues for some reason. If you encounter issues with learning mode, such as not being able to execute files or when network communication is blocked, we'll need to get a complete memory dump from a manually initiated crash when the issue occurs.

Share this post


Link to post
Share on other sites
13 hours ago, Marcos said:

Is anybody having these issues even with default firewall settings, in particular with automatic firewall mode and no custom rules created?

I had one rule with the filtering mode set to Automatic. I have deleted that rule rebooted and all looks good at the moment. There is also another option called 'Also evaluate rules from Windows Firewall'. How is this supposed to be set. Mine is set to 'On'. Is the correct?

Share this post


Link to post
Share on other sites
2 hours ago, cookieboy said:

I had one rule with the filtering mode set to Automatic. I have deleted that rule rebooted and all looks good at the moment. There is also another option called 'Also evaluate rules from Windows Firewall'. How is this supposed to be set. Mine is set to 'On'. Is the correct?

It doesn't matter. It's useful if you had some allowing Windows firewall rules created before installing ESS/EIS. Enabling this option would cause ESS/EIS to honor those rules.

Share this post


Link to post
Share on other sites

@Marcos I am using interactive mode. Not learning or auto.

@ottchris Solution you proposed did not worked for me. Still red badge appears.

@ArashSometimes it just shows a red badge and says disabled meanwhile firewall is working. It asks me (interactive) but sometimes its not, all applications can connect to internet even if I blocked them before... As I said, Random

Share this post


Link to post
Share on other sites

Did you try to delete all your rules, set mode to auto and then restart ? (it worked for me)

Then I switched back to interactive and began to recreate my rules.

Share this post


Link to post
Share on other sites

If you get a red protection status due to a firewall failure, please continue as follows:

- open the advanced ESET setup
- navigate to Tools -> Diagnostics and enable advanced firewall logging
- restart the computer
- if the protection status is red due to a problem with the firewall, disable advanced firewall logging
- collect logs using ESET Log Collector as per the instructions linked in my signature

Drop me a pm with the output archive attached. If it's too large to attach to a pm, upload it to a safe location and pm me a download link.

Share this post


Link to post
Share on other sites
On 10/04/2017 at 9:43 AM, gencer said:

@Marcos I am using interactive mode. Not learning or auto.

@ottchris Solution you proposed did not worked for me. Still red badge appears.

@ArashSometimes it just shows a red badge and says disabled meanwhile firewall is working. It asks me (interactive) but sometimes its not, all applications can connect to internet even if I blocked them before... As I said, Random

As you might expect :-( my workaround which apart from the odd occasion consistently worked, refused to work this morning despite half a dozen reboots. Every time I tried to enable the three network protection components they came up non-functional. So I followed Mahoneko's solution and deleted all 338 firewall rules bar 2 (which were to block a specific exploit). Having done that I was able to enable the three network protection components without difficulty. The only difference to Mahoneko's solution is that I kept clear of learning mode, i.e. remained in interactive mode.

If a particular rule *is* the culprit it's of course possible that it may be recreated at some point and the problem start again. If that happens I will do as Marcos has just requested.

Share this post


Link to post
Share on other sites

@Marcos Yup. Firewall rules are the problem.

 

I did not reset my settings but I did those:

  • I removed all firewall rules
  • I allow / trust store apps only and rest is interactive.

Since 3 days no issue. All works.

Note: I of course added many apps to the rule list. No issue.

Share this post


Link to post
Share on other sites

Have also the problem, the Worarounds bring unfortunately no real improvement! I hope the Eset that quickly, because this is the firewall is not really use!

(German: Habe auch das Problem, die Worarounds bringen leider keine wirkliche Besserung! Ich Hoffe das Eset das zügig behebt, denn so ist die Firewall nicht wirklich zugebrauchen!)

Share this post


Link to post
Share on other sites

@SlashRose You said you tried all workarounds but did not help. Me too. Until I manually deleted all rules and add everything in time manually. In interactive mode.

I want to give a note, since days no issue here. Especially EIS updated to 10.1. All works.

Share this post


Link to post
Share on other sites
3 hours ago, gencer said:

@SlashRoseBis ich manuell alle Regeln gelöscht und alles zeitlich manuell hinzugefügt habe. Im interaktiven Modus.

Did you delete the predefined rules?

( German: Hast du auch die vordefinierten Regeln gelösch?)

Share this post


Link to post
Share on other sites
2 hours ago, SlashRose said:

Did you delete the predefined rules?

( German: Hast du auch die vordefinierten Regeln gelösch?)

No. I deleted all defined not predefined rules myself. After that I no longer get any error. almost a week and everything is working. Just remove all of your rules. Basically reset the firewall.

All of my PREdefined rules remain same. I only deleted my own custom rules.

Share this post


Link to post
Share on other sites

Will try this after work times and then reports if it helped!

( German: Werde das nach Arbeit mal Probieren und dann Berichten ob es geholfen hat!)

Share this post


Link to post
Share on other sites
4 minutes ago, gencer said:

No. I deleted all defined not predefined rules myself. After that I no longer get any error. almost a week and everything is working. Just remove all of your rules. Basically reset the firewall.

All of my PREdefined rules remain same. I only deleted my own custom rules.

This is an ongoing experiment which may or may not produce a revelation tomorrow. A week or so ago, I did remove all 'custom' rules (excluding predefined rules and bar two manual rules related to a specific exploit) and for a day all seemed well. Then the issue reoccurred and given that I run ESET in interactive mode I assumed a 'rogue' rule had been recreated. My previously reported workaround worked this time but expecting the issue to reoccur again I turned on firewall advanced logging (FAL) prior to powering down for the night. Next morning no issue! So I turned off FAL and turned it on again just before powering down. Next morning no issue again. This cycle has repeated now for 5 days. So tonight I will not turn on FAL and see what happens tomorrow.

Of course it's possible that the issue may not be limited to having just one cause (i.e. one or more rogue or corrupted rules) so one users solution may not resolve the issue for another user. I have wondered from the beginning whether in my case system loading at startup played a part and that initially fitted in with clearing down the rules solution. However, without knowing the nuts and bolts of FAL I can conceive that it could have an impact on the issue by slowing down the startup process in a controlled fashion and thereby allowing the firewall and the other internet protection components to start up normally. We will have to wait until tomorrow to see if there is any further mileage to be made in investigating that area further.

Share this post


Link to post
Share on other sites

It is however only the Windows own apps which cause the firewall error and always ask

Share this post


Link to post
Share on other sites

These are, unfortunately, not just the Windows apps, but apps are also affected by dritters!

(German: Das sind leider nicht nur die Windows Apps, es sind auch Apps von drittherstellern Betroffen!)

Share this post


Link to post
Share on other sites

something with the rules is definetely wrong, tryed every workaround here, yesterday I installed EIS 10.1.204.3 from the scratch (deinstalled every rest of ESET with the Eset cleaner) changed the Firewall to Interactive Mode and recreated the rules - and now I got a message from Eset for the Windows 10 "backgroundTaskHost.exe" - but I have already created a rule (permit all outgoing traffic) for exactly that file yesterday

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...