Excluded IP address for Web Protection don't work in version 6.6.2078.5

[sdnian 6]

I setup an IP address for excluded web protection scanning, but it doesn't work in the version 6.6.2078.5. Could someone check it? The older version work well with the same settings.

[MichalJ 434]

Hello @sdnian

Can you share a bit more details about what is not working?
Especially the address you want to exclude and the actual exclusion. We need more data for analysis. 

[sdnian 6]

7 minutes ago, MichalJ said:

Hello @sdnian

Can you share a bit more details about what is not working?
Especially the address you want to exclude and the actual exclusion. We need more data for analysis. 

For example.. I'd like to exclude IP address 192.168.1.10 by web protection scanning. So I setup '192.168.1.10' in the 'Excluded IP addresses' list. Then I try to download eicar.com from 192.168.1.10. It should be detected by real-time protection. Right? But this file be detected by HTTP scanner in version 6.6.2078.5.

[Marcos 5,074]

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from http://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

[sdnian 6]

1 hour ago, Marcos said:

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

Okay.. I try it by your steps. Yes, it really scan by HTTP filter.

 

[sdnian 6]

4 hours ago, Marcos said:

We have tested it on 2 machines and it indeed works.

Please try the following:
1, Add 213.211.198.62 to the list of IP addresses excluded from protocol filtering
2, Download Eicar from hxxp://www.eicar.org/download/eicar.com

Is Eicar really detected by Web and email protection?

I've test the same settings in version 6.6.2072.4. There is no such issue.

[Marcos 5,074]

Please carry on as follows:

1, Install Wireshark.
2, Enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics.
3. Start logging with Wireshark.
4, Reproduce the issue.
5. Disable logging, save the Wireshark log (pcap/pcapng) and compress it.
6. Gather logs with ESET Log Collector.

Upload the generated archives to a safe location (e.g. Dropbox, OneDrive, etc.) and drop me a message with download links.

 

[sdnian 6]

@Marcos PM sent, please check it.

[Marcos 5,074]

We have confirmed this to be a bug in the latest ESET Endpoint Antivirus 6.6.2078.5. It will be fixed in the next version of EEA. ESET Endpoint Security is not affected which is why I was initially unable to reproduce it.