kapela86 11 Posted November 17, 2017 Share Posted November 17, 2017 (edited) Hi, I just noticed that IDS component in eset blocked some connections I didn't get any notifications for this, I also looked around settings and couldn't find anything about it. I also looked in Tools -> logs but there is nothing from IDS there. I'm using v6.6.2046.1 Edited November 17, 2017 by kapela86 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted November 17, 2017 Administrators Share Posted November 17, 2017 I don't think these connections were blocked by IDS. Click Unblock (Odblokuj) to create an allow rule for the blocked communication. Link to comment Share on other sites More sharing options...
kapela86 11 Posted November 17, 2017 Author Share Posted November 17, 2017 It says "blocked 12x", and I don't want to allow it as it is out DVR and after seeing this I suspect it may be part of botnet. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted November 17, 2017 Administrators Share Posted November 17, 2017 There's a link to show details about the blocked communication. If you are having issues with DVR because of this blocked communication, you should allow it. If you don't experience any issues, I'd leave it as is. Link to comment Share on other sites More sharing options...
kapela86 11 Posted November 17, 2017 Author Share Posted November 17, 2017 I doesn't matter if I want to block it or not, what matters is that Eset doesn't notify users that IDS blocked something. There should be an option to enable such notifications. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted November 17, 2017 Administrators Share Posted November 17, 2017 How do you know it was IDS which blocked the communication? Link to comment Share on other sites More sharing options...
kapela86 11 Posted November 17, 2017 Author Share Posted November 17, 2017 (edited) You can translate it to "Packet blocked by active defensive system (IDS)" Edited November 17, 2017 by kapela86 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted November 17, 2017 Administrators Share Posted November 17, 2017 I reckon this happens in automatic mode when an uninitiated inbound communication for which no rule exists is attempted. If the firewall was to notify about every blocked packet, many users would be constantly flooded with notifications. Link to comment Share on other sites More sharing options...
kapela86 11 Posted November 17, 2017 Author Share Posted November 17, 2017 Yes we use default "Automatic" firewall setting. If you are worried about constant flood of notifications, then add an user configurable option to show notifications for IDS and set it to off by default. And in this notification there could be some checkbox like "don't notify for this IP address" or something. This way everyone will be happy. Link to comment Share on other sites More sharing options...
Recommended Posts