Surfrat 0 Posted May 13, 2019 Share Posted May 13, 2019 (edited) Hi, Eset Internet Security v12.1.34.0 Windows 10 1809 (Build 17763.475) I recently removed all my rules as I run in Interactive mode and wanted a fresh start. After saving a few rules Eset Internet Security throws an error on saving the rule "Failed to create rule". I then went into Advanced Settings - Network Protection - Enable Firewall and tried to turn the firewall off. I then got the error "An error occurred while saving settings. Please make sure that you have permissions to change settings." I have removed and reinstalled Eset Internet Security. The only way to get it saving rules again is to reboot. So what is happening here is that Windows has blocked Eset from saving any rules/settings. This has happened on two different computers. Is there a fix/ workaround? Thanks. Edited May 13, 2019 by Surfrat typo Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted May 13, 2019 Administrators Share Posted May 13, 2019 Sounds like a permission issue. Please provide a Procmon log from the time when you attempt to save settings. Are you logged in as a standard user or administrator? Link to comment Share on other sites More sharing options...
Surfrat 0 Posted May 13, 2019 Author Share Posted May 13, 2019 Administrator, log will be sent when it happens again. Link to comment Share on other sites More sharing options...
zamar27 5 Posted May 13, 2019 Share Posted May 13, 2019 8 hours ago, Surfrat said: The only way to get it saving rules again is to reboot. Try to relogin to Windows instead of reboot after the error happens. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 13, 2019 Share Posted May 13, 2019 (edited) 11 hours ago, Surfrat said: After saving a few rules Eset Internet Security throws an error on saving the rule "Failed to create rule". I have been getting this same error occasionally in ver. 12.1.34 and I run the firewall in Automatic mode. So it is not unique to Interactive mode. Also, I have had a similar type error occur occasionally when creating HIPS rules. What I have discovered is the rule is actually created; at least on my current Eset installation. It appears to me the problem is some type of Eset GUI alert bug not effecting any actual Eset functionality. Edited May 13, 2019 by itman Link to comment Share on other sites More sharing options...
zamar27 5 Posted May 13, 2019 Share Posted May 13, 2019 (edited) 2 hours ago, itman said: some type of Eset GUI alert bug At changing settings, Eset may be saving several files to different dirs, so it looks like some of these files may be saved with Read Only flag, which may be visible in ProcMon log, and also in Resmon. Edited May 13, 2019 by zamar27 Link to comment Share on other sites More sharing options...
Surfrat 0 Posted May 14, 2019 Author Share Posted May 14, 2019 Some more feedback: Yesterday I hod no problems. Today I started my PC and after about 5 UAC prompts and saving of rules in a row, the problem occurred. Before I could investigate, I had an hour long Skype call. After the call I noticed that the rules were saving again. Conclusion: Windows is blocking Eset temporarily when too many rules (UAC prompts) are created in a short time period. I searched for more info on this Windows behavior but I could not find anything. This should be easy to test. On a PC with lots of applications, set Eset to Interactive Mode, delete all rules and reboot. I bet that you will see the problem as you will get a ton of rule creation prompts. Link to comment Share on other sites More sharing options...
zamar27 5 Posted May 14, 2019 Share Posted May 14, 2019 Check next time if these files are Read Only, and your user has Write permissions. Link to comment Share on other sites More sharing options...
AGH1965 12 Posted May 14, 2019 Share Posted May 14, 2019 (edited) A few weeks ago I had a similar issue with 12.1.34.0 and I use interactive mode. Since the issue occurred only once, I didn't pay much attention to it, but this is what I remember: I was editing a firewall rule and at that moment another program without firewall rule tried to access the internet. The dialog popped up to ask if I wanted to create a rule and I tried to do that, but it could not be saved. After that all firewall rules I tried to edit, could not be saved either. After a reboot everything was back to normal. Edited May 14, 2019 by AGH1965 Link to comment Share on other sites More sharing options...
jimmerthy 0 Posted July 7, 2019 Share Posted July 7, 2019 I am suddenly being affected by this on two computers (Win10 1903 and Win 8.1, both x64). ESET Internet Security 12.1.34.0 The Win 10 computer installation is only hours old, I discovered this during its setup. To reproduce: Switch to Firewall Interactive mode Make an outgoing connection that triggers an ESET interactive firewall dialog Choose 'create rule and remember permanently' then click 'deny' or 'allow' (doesn't matter which for the test purpose) Observe no UAC prompt (normally you'd expected UAC prompt at this point) Observe that the ESET firewall interactive dialog closes Right click on tray icon > Log Files Switch to log type of 'events' Observe 'failed to create rule' event Repeating this with ProcMon collection, I get this suspicious correlation with the time of the ESET event log error...12:35:53.0120436 ekrn.exe 2576 RegOpenKey HKLM\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG\Notifications NAME NOT FOUND Desired Access: Read 12:35:53.0122737 ekrn.exe 2576 RegOpenKey HKLM\Software\ESET\ESET Security\CurrentVersion\Config\era\gui\UI_CONFIG\Notifications NAME NOT FOUND Desired Access: Read 12:35:53.0125818 ekrn.exe 2576 WriteFile C:\ProgramData\ESET\ESET Security\Logs\warnlog.dat SUCCESS Offset: 3,528, Length: 36, Priority: Normal Sure enough, the 'gui' reg key is missing on both problematic installations. On a Windows 7 installation running the same version of Internet Security, the regkey is present. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 7, 2019 Share Posted July 7, 2019 (edited) 2 hours ago, jimmerthy said: Sure enough, the 'gui' reg key is missing on both problematic installations. On my Win 10 1809 build running EIS 12.1.34, this reg. key is present: HKLM\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG\ What is missing is "Notifications" which is assume is a subordinate reg. key of UI_CONFIG key.? Edited July 7, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 7, 2019 Share Posted July 7, 2019 Following up on my prior posting, I switched the Eset firewall to Interactive and had no issue in creating an outbound firewall rule. Therefore, the "Notifications" reg. key is not needed or used in Win 10. Link to comment Share on other sites More sharing options...
jimmerthy 0 Posted July 7, 2019 Share Posted July 7, 2019 Thanks for ruling that out itman, I was about to start trying to mess around with the registry, so that's saved lots of wasted time. Anyway, I now have a very clear reason for why it's happening... If I use Microsoft Remote Desktop Connection to access the PC in question then I cannot 'create rule and remember permanently' - the UAC prompt is never shown. If I immediately then switch to using the PCs desktop console and repeat the exact same test, then it works. Same behaviour Win81 or Win10. I've only just noticed this on my Win81 machine (a VM) because I'd switched from administering it via RealVNC to RDP only this week, so that was an unhelpful coincidence. RealVNC emulates the desktop console. In the same way, the Win10 machine (laptop) also behaves fine if I use ESET on it locally. I'd switched to using RDP half way through the long job of setting it up, so I could work on it from another PC with better ergonomics. I hadn't made the connection that when I switched to RDP, ESET interactive firewall prompts stopped working properly. As a workaround I can use RealVNC for a bit, but it would be important for me for this to get fixed. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 8, 2019 Administrators Share Posted July 8, 2019 In the currect v 12.1.34 there is a known issue with creating rules in interactive mode when connected via Remote Desktop. The bug will be fixed in v12.2. Link to comment Share on other sites More sharing options...
jimmerthy 0 Posted July 8, 2019 Share Posted July 8, 2019 Superb, thanks for feeding that back. Link to comment Share on other sites More sharing options...
torbenmelander 0 Posted July 12, 2019 Share Posted July 12, 2019 The bug is also present in ESET Endpoint Security (7.1.2053.0 and prior version) Link to comment Share on other sites More sharing options...
Recommended Posts