Jump to content

Excluded IP address for Web Protection don't work in version 6.6.2078.5


sdnian

Recommended Posts

I setup an IP address for excluded web protection scanning, but it doesn't work in the version 6.6.2078.5. Could someone check it? The older version work well with the same settings.

Screenshot_2018-05-23_15-11-50.thumb.png.507b99bce5d98b571d14a9ebbf13b1ec.png

Link to comment
Share on other sites

  • ESET Staff

Hello @sdnian

Can you share a bit more details about what is not working?
Especially the address you want to exclude and the actual exclusion. We need more data for analysis. 

Link to comment
Share on other sites

7 minutes ago, MichalJ said:

Hello @sdnian

Can you share a bit more details about what is not working?
Especially the address you want to exclude and the actual exclusion. We need more data for analysis. 

For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5.

Link to comment
Share on other sites

  • Administrators

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from http://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

Link to comment
Share on other sites

1 hour ago, Marcos said:

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

Okay.. I try it by your steps. Yes, it really scan by HTTP filter.

VirtualBox_ACW7E_23_05_2018_19_17_09.png.86074e178c5164040d98793ee7ec58db.pngVirtualBox_ACW7E_23_05_2018_19_17_49.png.64b2db8f99f5eb57fae017bf06aa5cba.png

 

Link to comment
Share on other sites

4 hours ago, Marcos said:

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

I've test the same settings in version 6.6.2072.4. There is no such issue.

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

1, Install Wireshark.
2, Enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics.
3. Start logging with Wireshark.
4, Reproduce the issue.
5. Disable logging, save the Wireshark log (pcap/pcapng) and compress it.
6. Gather logs with ESET Log Collector.

Upload the generated archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.

 

Link to comment
Share on other sites

  • Administrators

We have confirmed this to be a bug in the latest ESET Endpoint Antivirus 6.6.2078.5. It will be fixed in the next version of EEA. ESET Endpoint Security is not affected which is why I was initially unable to reproduce it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...