Jump to content

Recommended Posts

I've been in professional IT for over 20 years now, so I'm the family central support guy.  I have used Eset Total Security for many years now and not had a problem, but this morning I got a call from my older sister, to whom I recommended Eset several years ago, saying she was ready to smash all her computers. 

After some troubleshooting, I found she was unable to do anything, and the firewall was showing that it was blocking traffic from every device on the network, including the network firewall/router.  It was also blocking everything going out, including the DNS client!  What's worse is that her daughter's Surface Pro is doing the same.  Trying to bring up a browser gives a security warning just as it is starting.  The browser starts, but nothing displays on it.  She can't even print, as the firewall is showing that it is blocking traffic to (and from, somehow) the network printer.  I live 2 hours from her, so I can't just drive down to troubleshoot and fix this myself.  The earliest I can get down there is Friday.

I don't get it.  I have never seen this behavior from anything before.  The closest I've experienced was when Bitdefender had their bug that identified all x64 executables as viruses.  (That was the reason I switched from them to Eset, so many years ago.)  I directed my sister to call Eset support, but I don't know how well she'll fare with this.  Her temper is legendary, and she is riled up right now, and I don't know how well non-family will handle that.  (I really hated to throw her their way, but I had nothing for her.) 

Has anyone else experienced this?  If so, what caused it?  I'm baffled.  

Link to comment
Share on other sites

  • Administrators

In automatic (default) mode, the firewall allows all outgoing communication and blocks all non-initiated communication unless blocked by custom rules.

Please carry on as follows:
- with EIS v11.1.54 installed, in the main gui navigate to Help and support -> Details for Customer care and select "Create advanced logs"
- reproduce the issue
- disable logging
- gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link.

Link to comment
Share on other sites

3 hours ago, dgingerich said:

It was also blocking everything going out, including the DNS client!  What's worse is that her daughter's Surface Pro is doing the same.

If two separate devices each with their own installed EIS copy that connect through the gateway are exhibiting this behavior, odds are the issue lies with the gateway/router and/or possibility their ISP. It could also be a wiring issue with the connection to the ISP. I would start by contacting their ISP and run diagnostics on their connection.

Link to comment
Share on other sites

2 hours ago, Marcos said:

In automatic (default) mode, the firewall allows all outgoing communication and blocks all non-initiated communication unless blocked by custom rules.

So basically in default mode ESET firewall behaves like Windows firewall.

Link to comment
Share on other sites

1 hour ago, claudiu said:

So basically in default mode ESET firewall behaves like Windows firewall.

Yes and no.

Its rules are also conditioned/modified upon what IDS settings are enabled or disabled.  Also what profile is selected; public, Home/Office network, or use of the Windows firewall profile. Other than that, it will allow all outbound traffic by default. To monitor outbound traffic, it must be set to Interactive mode and rules created manually for each outbound connection as it is detected.

Edited by itman
Link to comment
Share on other sites

4 hours ago, itman said:

If two separate devices each with their own installed EIS copy that connect through the gateway are exhibiting this behavior, odds are the issue lies with the gateway/router and/or possibility their ISP. It could also be a wiring issue with the connection to the ISP. I would start by contacting their ISP and run diagnostics on their connection.

It's showing under "Connected Home Monitor" it shows a yellow exclamation point on the computer (the center) and shows that traffic was blocked, and when clicking on that, it shows that "Microsoft DNS client" was blocked 400+ times.  That's local.  That is definitely NOT the router.

Link to comment
Share on other sites

3 hours ago, claudiu said:

So basically in default mode ESET firewall behaves like Windows firewall.

That is if it is operating normally.  My sister's aren't.

I have found out that this came up right after a "big update" that installed itself.  The computers that are not working are now on built 1709 of Windows 10, of which I know for certain last month one was still on 1703.  I'm having her uninstall Eset, install all the available updates (to 1803) and then reinstall Eset.  I think this might do it.

Edited by dgingerich
Link to comment
Share on other sites

12 hours ago, dgingerich said:

It's showing under "Connected Home Monitor" it shows a yellow exclamation point on the computer (the center) and shows that traffic was blocked, and when clicking on that, it shows that "Microsoft DNS client" was blocked 400+ times.  That's local.  That is definitely NOT the router.

The router also has a DNS server which is used by default unless changed either on the router or overridden locally on the Window IPv4 network adapter settings when a third party DNS provider is used. The IP address for the router's DNS server is usually the same as the router/gateway e.g. 192.168.1.254.

Eset in its Network Protection settings stores the DNS server/s it uses in Firewall - > Configure - > Advanced - > Zones. The firewall's default DNS rules will try to connect to the DNS servers listed under a corresponding DNS setting in Zones settings.

All the above settings need to be verified that they show the correct values.

Another thing I don't know if you tried is to do a hard reset(power down) on the router to see if that corrects the issue. Then from a Win command prompt window, enter - ipconfig /flushdns.

I have never had an issue with the Eset firewall in regards to DNS on any version of Win 10 I have used including the versions you mentioned.

Edited by itman
Link to comment
Share on other sites

1 hour ago, itman said:

The router also has a DNS server which is used by default unless changed either on the router or overridden locally on the Window IPv4 network adapter settings when a third party DNS provider is used. The IP address for the router's DNS server is usually the same as the router/gateway e.g. 192.168.1.254.

Eset in its Network Protection settings stores the DNS server/s it uses in Firewall - > Configure - > Advanced - > Zones. The firewall's default DNS rules will try to connect to the DNS servers listed under a corresponding DNS setting in Zones settings.

All the above settings need to be verified that they show the correct values.

Another thing I don't know if you tried is to do a hard reset(power down) on the router to see if that corrects the issue. Then from a Win command prompt window, enter - ipconfig /flushdns.

I have never had an issue with the Eset firewall in regards to DNS on any version of Win 10 I have used including the versions you mentioned.

Yes, I'm well aware of this.  I'm a systems admin, and I set up their router.  It's a Cisco RV320 small business router, and is not as easily hacked as the off the shelf consumer routers, and it also quite a bit more reliable.  I'm certain it is not the router.  

The DNS config is handed to these machines via DHCP, so they're definitely correct. 

The router, wireless AP, and modem have been fully power cycled repeatedly, as have the system, so I know the DNS cache is flushed on each of them.  There are a total of 4 computers with this issue: the main computer, the parents' laptop, the middle daughter's Surface Pro, and the youngest's laptop.  

Attempting an uninstall, update, and reinstall yielded no change.  They were able to access the internet through wired connections without trouble as long as Eset was not installed, but as soon as it was reinstalled, the trouble began again.  (I think they messed up the connection for the wireless AP because they unplugged it while troubleshooting on their own.  I think they may have plugged it into the second WAN port.)  

Link to comment
Share on other sites

20 hours ago, Marcos said:

In automatic (default) mode, the firewall allows all outgoing communication and blocks all non-initiated communication unless blocked by custom rules.

Please carry on as follows:
- with EIS v11.1.54 installed, in the main gui navigate to Help and support -> Details for Customer care and select "Create advanced logs"
- reproduce the issue
- disable logging
- gather logs with ESET Log Collector, upload the generated archive to a safe location and drop me a message with a download link.

The soonest I can do this is Friday afternoon.  

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...