sdnian 4 Posted May 23, 2018 Share Posted May 23, 2018 I setup an IP address for excluded web protection scanning, but it doesn't work in the version 6.6.2078.5. Could someone check it? The older version work well with the same settings. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 423 Posted May 23, 2018 ESET Staff Share Posted May 23, 2018 Hello @sdnian Can you share a bit more details about what is not working? Especially the address you want to exclude and the actual exclusion. We need more data for analysis. Link to comment Share on other sites More sharing options...
sdnian 4 Posted May 23, 2018 Author Share Posted May 23, 2018 7 minutes ago, MichalJ said: Hello @sdnian Can you share a bit more details about what is not working? Especially the address you want to exclude and the actual exclusion. We need more data for analysis. For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,198 Posted May 23, 2018 Administrators Share Posted May 23, 2018 We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from http://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection? Link to comment Share on other sites More sharing options...
sdnian 4 Posted May 23, 2018 Author Share Posted May 23, 2018 1 hour ago, Marcos said: We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from hxxp://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection? Okay.. I try it by your steps. Yes, it really scan by HTTP filter. Link to comment Share on other sites More sharing options...
sdnian 4 Posted May 23, 2018 Author Share Posted May 23, 2018 4 hours ago, Marcos said: We have tested it on 2 machines and it indeed works. Please try the following: 1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering 2, Download Eicar from hxxp://www.eicar.org/download/eicar.com Is Eicar really detected by Web and email protection? I've test the same settings in version 6.6.2072.4. There is no such issue. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,198 Posted May 23, 2018 Administrators Share Posted May 23, 2018 Please carry on as follows: 1, Install Wireshark. 2, Enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics. 3. Start logging with Wireshark. 4, Reproduce the issue. 5. Disable logging, save the Wireshark log (pcap/pcapng) and compress it. 6. Gather logs with ESET Log Collector. Upload the generated archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links. Link to comment Share on other sites More sharing options...
sdnian 4 Posted May 24, 2018 Author Share Posted May 24, 2018 @Marcos PM sent, please check it. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,198 Posted May 24, 2018 Administrators Share Posted May 24, 2018 We have confirmed this to be a bug in the latest ESET Endpoint Antivirus 6.6.2078.5. It will be fixed in the next version of EEA. ESET Endpoint Security is not affected which is why I was initially unable to reproduce it. Link to comment Share on other sites More sharing options...
Recommended Posts