Jump to content
dimulec

ESET popup blocks all network connections

Recommended Posts

I have ESET Internet Security in interactive mode. Computer is located pretty far from the place I work (within my house) and I connect to it with remote desktop. When an unknown connection is detected ESET displays a usual "allow/deny" popup and I can select whatever I need. If the remote desktop screen is not visible (covered by other windows) and I don't react to that popup right away then after some time all network connections on the remote computer are going down, remote desktop disconnects and I have to go to that computer to close the popup. After that network connections are restored. This is a huge inconvenience and now I have to work with ESET firewall disabled. How can I turn off this behavior?

Share this post


Link to post
Share on other sites
Posted (edited)

Add the local network assigned IP address; i.e. 192.168.xxx.xxx, for the computer you're trying to connect to via RDP, to the Eset firewall Trusted Zone. The existing default Eset firewall rule only allows RDP connections to IP addresses specified in the Trusted Zone.

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Local subnet is already in the trusted zone. And I did not understand about RDP being only allowed to trusted zone IPs. Then how do I connect to all 120 remote desktops in our colocation? Those IPs are not trusted. I mean I have no problem connecting there. Anyway, thank you for the response. I will try to play with zones a bit.

Edited by dimulec

Share this post


Link to post
Share on other sites

Actually if you don't have a rule created to allow connection to your home computer from your work, you shouldn't be able to establish an RDP connection at all. Therefore I assume that the firewall doesn't ask about the RDP communication and the question is what communication the firewall asks about before the connection is terminated.

Share this post


Link to post
Share on other sites

No one reads the original post. Just imagine... a house with wired connections. In one room there is a laptop with a small screen resolution and ESET installed. In another room an iMac with 5K monitor. All on the same wired /24 subnet. Subnet is included in the trusted zone. I use that laptop remotely because for development purposes I need a high resolution screen. Which I have on iMac. Other specs for that laptop are ok for development - i9 CPU and 32 GB of RAM. Now, I also have office 365 on the remote laptop. Office 365 includes a ClickToRun service, that is updated often. I included that exe file in all possible ESET exceptions but still after each update ESET pops up a dialog asking if I am ok with ClickToRun connecting to Internet. And if I did not react in 5 min ALL network connections are disabled on the remote laptop. NOT just RDP or ClickToRun - ALL connections. So I have to walk to that laptop, open it, login and click "allow". After that connections are back up. This issue did not exist until the ESET update a few month ago.

Share this post


Link to post
Share on other sites

In that case RDP should work without the firewall asking you about the RDP communication. You can temporarily switch to learning mode and connect via RDP, then switch to interactive mode and review the rules created in learning mode.

Share this post


Link to post
Share on other sites
20 minutes ago, Marcos said:

In that case RDP should work without the firewall asking you about the RDP communication. You can temporarily switch to learning mode and connect via RDP, then switch to interactive mode and review the rules created in learning mode.

Are you saying that a couple of months ago when ESET updated to newer version it deleted some rules? Because I am using ESET with personal firewall for as long as it exists on the market. And this started only like 2 months ago.

Share this post


Link to post
Share on other sites

RDP has always been allowed within the trusted zone by default:

image.png

Since you said that the whole LAN subnet is in the trusted zone, there's no reason why RDP wouldn't be allowed. Therefore I suggested to use learning mode for a while to find out what rules are generated to allow the communication. Maybe they are not RDP-related at all.

Share this post


Link to post
Share on other sites

I guess we are talking about different issues. But that is ok, I will just work with firewall disabled.

Share this post


Link to post
Share on other sites
3 hours ago, dimulec said:

When an unknown connection is detected ESET displays a usual "allow/deny" popup and I can select whatever I need.

Based on everything posted so far, I also agree this doesn't seem to be a Eset RDP connection issue. What we need is a screen shot of the alert being displayed by Eset.

Another way to get to the bottom of this is to open Eset's Network Connection Wizard. It will show all blocked connections within the last 5/15/60 minutes.

1 hour ago, dimulec said:

And if I did not react in 5 min ALL network connections are disabled on the remote laptop. NOT just RDP or ClickToRun - ALL connections.

Never heard of anything like this. Sounds like an Eset IDS protection is being enabled and shutting down all inbound connections to the device.

Have you inspected your Eset Network Protection log for clues as to what is going on?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...