Protocol filtering is disabled

[j-gray 32]

This warning appears on Win10 clients with ESET version 6.6.2086.1 and the latest agent.  The error detail shows Protocol Filtering is a subproduct of the Firewall.

We have the Firewall completely disabled via policy. 

Why do we receive a Critical error state for a component that is disabled?  How do we fix this issue?

[j-gray 32]

I should also note that all of the Firewall-related statuses are disabled (both 'Show' and 'Send') via policy, as well.

[Marcos 4,841]

Please provide me with ELC logs generated on that machine as well as a screen shot of the main gui with the error.

[j-gray 32]

@Marcos

ERA console looks like this:

Client GUI looks like this:

We have email protection enabled, but not protocol filtering. This is under the 'Web and Email' policy section, so not sure why it's reported as a Firewall Subproduct.

Either way, this shows as a 'Critical' issue only on the latest 6.6 client. Previous versions do not show any errors, despite the same policy applied.

Edited August 10, 2018 by j-gray

[j-gray 32]

I disabled Email Client Integration entirely by policy. The client GUI accurately reflects that 'Email Client Protection' is disabled permanently.  However, the critical Protection Status error persists: Email protection by protocol filtering is non-functional.

In order to clear this issue I had to:

1. Go to Web and Email policy section and turn on 'Enable application protocol content filtering'
2. Go to Web and Email > Email Client Protection > Email Protocols and turn off 'Enable email protection and protocol filtering'
3. Go back to Web and Email policy section and turn back off 'Enable application protocol content filtering'

I had to perform step #1 because the policy item in step #2 is enabled but grayed out and cannot be toggled.

It really seems that if you disable a parent policy (e.g. Email Client Protection) it should inactivate all child policies automatically.

 

Edited August 10, 2018 by j-gray

[Marcos 4,841]

Protocol filtering is as crucial protection feature as real-time protection. With it disabled, you expose the computer to Internet-borne threats. Blocking of malicious urls won't work and the program won't scan http/https, imap/imaps and pop3/pop3s communication either. It could be acceptable only in case that the computer is completely offline and does not communicate over the Internet whatosever.

[j-gray 32]

On 8/10/2018 at 10:40 PM, Marcos said:

Protocol filtering is as crucial protection feature as real-time protection. With it disabled, you expose the computer to Internet-borne threats. Blocking of malicious urls won't work and the program won't scan http/https, imap/imaps and pop3/pop3s communication either. It could be acceptable only in case that the computer is completely offline and does not communicate over the Internet whatosever.

Perhaps this is the case in a home environment.  We have dedicated firewall appliances and dedicated web filters that handle this. We have no POP/IMAP clients.

[Marcos 4,841]

It is up to you. In another topic a user claimed he didn't need to use protocol filtering because of having another web filtering solution and I proved that malware was able to slip through it while ESET was able to block it with Web protection. Having it enabled won't hurt and will only increase the level of protection from Internet-borne threats.