Jump to content

Archived

This topic is now archived and is closed to further replies.

Surfrat

Failed to create rule - No permission to save settings

Recommended Posts

Hi,

Eset Internet Security v12.1.34.0

Windows 10 1809 (Build 17763.475)

I recently removed all my rules as I run in Interactive mode and wanted a fresh start. After saving a few rules Eset Internet Security throws an error on saving the rule "Failed to create rule".

I then went into Advanced Settings - Network Protection - Enable Firewall and tried to turn the firewall off. I then got the error "An error occurred while saving settings. Please make sure that you have permissions to change settings."

 

I have removed and reinstalled Eset Internet Security. The only way to get it saving rules again is to reboot.

 

So what is happening here is that Windows has blocked Eset from saving any rules/settings. This has happened on two different computers.

 

Is there a fix/ workaround?

 

Thanks.

Share this post


Link to post
Share on other sites

Sounds like a permission issue. Please provide a Procmon log from the time when you attempt to save settings. Are you logged in as a standard user or administrator?

Share this post


Link to post
Share on other sites

Administrator, log will be sent when it happens again.

Share this post


Link to post
Share on other sites
8 hours ago, Surfrat said:

The only way to get it saving rules again is to reboot.

Try to relogin to Windows instead of reboot after the error happens.

Share this post


Link to post
Share on other sites
11 hours ago, Surfrat said:

After saving a few rules Eset Internet Security throws an error on saving the rule "Failed to create rule".

I have been getting this same error occasionally in ver. 12.1.34 and I run the firewall in Automatic mode. So it is not unique to Interactive mode. Also, I have had a similar type error occur occasionally when creating HIPS rules. What I have discovered is the rule is actually created; at least on my current Eset installation. It appears to me the problem is some type of Eset GUI alert bug not effecting any actual Eset functionality.

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

some type of Eset GUI alert bug

At changing settings, Eset may be saving several files to different dirs, so it looks like some of these files may be saved with Read Only flag, which may be visible in ProcMon log, and also in Resmon.

Share this post


Link to post
Share on other sites

Some more feedback:

Yesterday I hod no problems.

Today I started my PC and after about 5 UAC prompts and saving of rules in a row,  the problem occurred.

Before I could investigate, I had an hour long Skype call.

After the call I noticed that the rules were saving again.

 

Conclusion:

Windows is blocking Eset temporarily when too many rules (UAC prompts) are created in a short time period. I searched for more info on this Windows behavior but I could not find anything.

 

This should be easy to test. On a PC with lots of applications, set Eset to Interactive Mode, delete all rules and reboot. I bet that you will see the problem as you will get a ton of rule creation prompts.

 

 

 

 

Share this post


Link to post
Share on other sites

Check next time if these files are Read Only, and your user has Write permissions.

Share this post


Link to post
Share on other sites

A few weeks ago I had a similar issue with 12.1.34.0 and I use interactive mode. Since the issue occurred only once, I didn't pay much attention to it, but this is what I remember: I was editing a firewall rule and at that moment another program without firewall rule tried to access the internet. The dialog popped up to ask if I wanted to create a rule and I tried to do that, but it could not be saved. After that all firewall rules I tried to edit, could not be saved either. After a reboot everything was back to normal.

Share this post


Link to post
Share on other sites

I am suddenly being affected by this on two computers (Win10 1903 and Win 8.1, both x64).
ESET Internet Security 12.1.34.0
The Win 10 computer installation is only hours old, I discovered this during its setup.

To reproduce:

  • Switch to Firewall Interactive mode
  • Make an outgoing connection that triggers an ESET interactive firewall dialog
  • Choose 'create rule and remember permanently' then click 'deny' or 'allow' (doesn't matter which for the test purpose)
  • Observe no UAC prompt (normally you'd expected UAC prompt at this point)
  • Observe that the ESET firewall interactive dialog closes
  • Right click on tray icon > Log Files
  • Switch to log type of 'events'
  • Observe 'failed to create rule' event

Repeating this with ProcMon collection, I get this suspicious correlation with the time of the ESET event log error...
12:35:53.0120436    ekrn.exe    2576    RegOpenKey    HKLM\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG\Notifications    NAME NOT FOUND    Desired Access: Read
12:35:53.0122737    ekrn.exe    2576    RegOpenKey    HKLM\Software\ESET\ESET Security\CurrentVersion\Config\era\gui\UI_CONFIG\Notifications    NAME NOT FOUND    Desired Access: Read
12:35:53.0125818    ekrn.exe    2576    WriteFile    C:\ProgramData\ESET\ESET Security\Logs\warnlog.dat    SUCCESS    Offset: 3,528, Length: 36, Priority: Normal

Sure enough, the 'gui' reg key is missing on both problematic installations.
On a Windows 7 installation running the same version of Internet Security, the regkey is present.

Share this post


Link to post
Share on other sites
2 hours ago, jimmerthy said:

Sure enough, the 'gui' reg key is missing on both problematic installations.

On my Win 10 1809 build running EIS 12.1.34, this reg. key is present:

HKLM\Software\ESET\ESET Security\CurrentVersion\Config\gui\UI_CONFIG\

What is missing is "Notifications" which  is assume is a subordinate reg. key of UI_CONFIG key.?

Share this post


Link to post
Share on other sites

Following up on my prior posting, I switched the Eset firewall to Interactive and had no issue in creating an outbound firewall rule.

Therefore, the "Notifications" reg. key is not needed or used in Win 10.

Share this post


Link to post
Share on other sites

Thanks for ruling that out itman, I was about to start trying to mess around with the registry, so that's saved lots of wasted time.

Anyway, I now have a very clear reason for why it's happening...

If I use Microsoft Remote Desktop Connection to access the PC in question then I cannot 'create rule and remember permanently' - the UAC prompt is never shown. If I immediately then switch to using the PCs desktop console and repeat the exact same test, then it works. Same behaviour Win81 or Win10.

I've only just noticed this on my Win81 machine (a VM) because I'd switched from administering it via RealVNC to RDP only this week, so that was an unhelpful coincidence. RealVNC emulates the desktop console.

In the same way, the Win10 machine (laptop) also behaves fine if I use ESET on it locally. I'd switched to using RDP half way through the long job of setting it up, so I could work on it from another PC with better ergonomics. I hadn't made the connection that when I switched to RDP, ESET interactive firewall prompts stopped working properly.

As a workaround I can use RealVNC for a bit, but it would be important for me for this to get fixed.

Share this post


Link to post
Share on other sites

In the currect v 12.1.34 there is a known issue with creating rules in interactive mode when connected via Remote Desktop. The bug will be fixed in v12.2.

Share this post


Link to post
Share on other sites

The bug is also present in ESET Endpoint Security (7.1.2053.0 and prior version)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...