sdnian 6 Posted May 23, 2018 Posted May 23, 2018 I setup an IP address for excluded web protection scanning, but it doesn't work in the version 6.6.2078.5. Could someone check it? The older version work well with the same settings.
ESET Staff MichalJ 434 Posted May 23, 2018 ESET Staff Posted May 23, 2018 Hello @sdnian Can you share a bit more details about what is not working? Especially the address you want to exclude and the actual exclusion. We need more data for analysis.
sdnian 6 Posted May 23, 2018 Author Posted May 23, 2018 7 minutes ago, MichalJ said: Hello @sdnian Can you share a bit more details about what is not working? Especially the address you want to exclude and the actual exclusion. We need more data for analysis. For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5.
Administrators Marcos 5,739 Posted May 23, 2018 Administrators Posted May 23, 2018 We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from http://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection?
sdnian 6 Posted May 23, 2018 Author Posted May 23, 2018 1 hour ago, Marcos said: We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from hxxp://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection? Okay.. I try it by your steps. Yes, it really scan by HTTP filter.
sdnian 6 Posted May 23, 2018 Author Posted May 23, 2018 4 hours ago, Marcos said: We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from hxxp://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection? I've test the same settings in version 6.6.2072.4. There is no such issue.
Administrators Marcos 5,739 Posted May 23, 2018 Administrators Posted May 23, 2018 Please carry on as follows: 1, Install Wireshark. 2, Enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics. 3. Start logging with Wireshark. 4, Reproduce the issue. 5. Disable logging, save the Wireshark log (pcap/pcapng) and compress it. 6. Gather logs with ESET Log Collector. Upload the generated archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.
Administrators Marcos 5,739 Posted May 24, 2018 Administrators Posted May 24, 2018 We have confirmed this to be a bug in the latest ESET Endpoint Antivirus 6.6.2078.5. It will be fixed in the next version of EEA. ESET Endpoint Security is not affected which is why I was initially unable to reproduce it.
Recommended Posts