dimulec 0 Posted August 30, 2019 Share Posted August 30, 2019 I have ESET Internet Security in interactive mode. Computer is located pretty far from the place I work (within my house) and I connect to it with remote desktop. When an unknown connection is detected ESET displays a usual "allow/deny" popup and I can select whatever I need. If the remote desktop screen is not visible (covered by other windows) and I don't react to that popup right away then after some time all network connections on the remote computer are going down, remote desktop disconnects and I have to go to that computer to close the popup. After that network connections are restored. This is a huge inconvenience and now I have to work with ESET firewall disabled. How can I turn off this behavior? Link to comment Share on other sites More sharing options...
itman 1,743 Posted August 30, 2019 Share Posted August 30, 2019 (edited) Add the local network assigned IP address; i.e. 192.168.xxx.xxx, for the computer you're trying to connect to via RDP, to the Eset firewall Trusted Zone. The existing default Eset firewall rule only allows RDP connections to IP addresses specified in the Trusted Zone. Edited August 30, 2019 by itman Link to comment Share on other sites More sharing options...
dimulec 0 Posted August 30, 2019 Author Share Posted August 30, 2019 (edited) Local subnet is already in the trusted zone. And I did not understand about RDP being only allowed to trusted zone IPs. Then how do I connect to all 120 remote desktops in our colocation? Those IPs are not trusted. I mean I have no problem connecting there. Anyway, thank you for the response. I will try to play with zones a bit. Edited August 30, 2019 by dimulec Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted August 30, 2019 Administrators Share Posted August 30, 2019 Actually if you don't have a rule created to allow connection to your home computer from your work, you shouldn't be able to establish an RDP connection at all. Therefore I assume that the firewall doesn't ask about the RDP communication and the question is what communication the firewall asks about before the connection is terminated. Link to comment Share on other sites More sharing options...
dimulec 0 Posted August 30, 2019 Author Share Posted August 30, 2019 No one reads the original post. Just imagine... a house with wired connections. In one room there is a laptop with a small screen resolution and ESET installed. In another room an iMac with 5K monitor. All on the same wired /24 subnet. Subnet is included in the trusted zone. I use that laptop remotely because for development purposes I need a high resolution screen. Which I have on iMac. Other specs for that laptop are ok for development - i9 CPU and 32 GB of RAM. Now, I also have office 365 on the remote laptop. Office 365 includes a ClickToRun service, that is updated often. I included that exe file in all possible ESET exceptions but still after each update ESET pops up a dialog asking if I am ok with ClickToRun connecting to Internet. And if I did not react in 5 min ALL network connections are disabled on the remote laptop. NOT just RDP or ClickToRun - ALL connections. So I have to walk to that laptop, open it, login and click "allow". After that connections are back up. This issue did not exist until the ESET update a few month ago. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted August 30, 2019 Administrators Share Posted August 30, 2019 In that case RDP should work without the firewall asking you about the RDP communication. You can temporarily switch to learning mode and connect via RDP, then switch to interactive mode and review the rules created in learning mode. Link to comment Share on other sites More sharing options...
dimulec 0 Posted August 30, 2019 Author Share Posted August 30, 2019 20 minutes ago, Marcos said: In that case RDP should work without the firewall asking you about the RDP communication. You can temporarily switch to learning mode and connect via RDP, then switch to interactive mode and review the rules created in learning mode. Are you saying that a couple of months ago when ESET updated to newer version it deleted some rules? Because I am using ESET with personal firewall for as long as it exists on the market. And this started only like 2 months ago. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted August 30, 2019 Administrators Share Posted August 30, 2019 RDP has always been allowed within the trusted zone by default: Since you said that the whole LAN subnet is in the trusted zone, there's no reason why RDP wouldn't be allowed. Therefore I suggested to use learning mode for a while to find out what rules are generated to allow the communication. Maybe they are not RDP-related at all. Link to comment Share on other sites More sharing options...
dimulec 0 Posted August 30, 2019 Author Share Posted August 30, 2019 I guess we are talking about different issues. But that is ok, I will just work with firewall disabled. Link to comment Share on other sites More sharing options...
itman 1,743 Posted August 30, 2019 Share Posted August 30, 2019 3 hours ago, dimulec said: When an unknown connection is detected ESET displays a usual "allow/deny" popup and I can select whatever I need. Based on everything posted so far, I also agree this doesn't seem to be a Eset RDP connection issue. What we need is a screen shot of the alert being displayed by Eset. Another way to get to the bottom of this is to open Eset's Network Connection Wizard. It will show all blocked connections within the last 5/15/60 minutes. 1 hour ago, dimulec said: And if I did not react in 5 min ALL network connections are disabled on the remote laptop. NOT just RDP or ClickToRun - ALL connections. Never heard of anything like this. Sounds like an Eset IDS protection is being enabled and shutting down all inbound connections to the device. Have you inspected your Eset Network Protection log for clues as to what is going on? Link to comment Share on other sites More sharing options...
Recommended Posts