paul.f 0 Posted October 31, 2019 Share Posted October 31, 2019 I have a computer that I white list the domains the user is able to access, this has been working fine for hundreds of websites. Today I tried to white list *anydesk.com* and it didn't work, so I turned on the notification message on the blocked list (*.*) to see what was going on and I noticed that the domain anydesk.com resolves into many different IP addresses when the app anydesk is launched. Bottom line, I can't be white listing every single IP address instead of the domain, and these IPs may change in the future. I need to white list *anydesk.com and I need ESET Endpoint Security to understand that when I launch the app and let it go instead of blocking it. Is there a setting that has to be toggled in order to fix this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted October 31, 2019 Administrators Share Posted October 31, 2019 It doesn't matter if a domain resolves to a particular IP address or multiple IP addresses. Adding "*anydesk.com*" to the list of allowed addresses will allow it in case you have "*" in the list of blocked addresses for instance. Link to comment Share on other sites More sharing options...
paul.f 0 Posted October 31, 2019 Author Share Posted October 31, 2019 30 minutes ago, Marcos said: It doesn't matter if a domain resolves to a particular IP address or multiple IP addresses. Adding "*anydesk.com*" to the list of allowed addresses will allow it in case you have "*" in the list of blocked addresses for instance. Thank you, that's what I was expecting to happen but instead I get the denied notifications, I tried browsing the IP addresses that get denied and all of them resolve to anydesk.com. I'll make a video do demonstrate it. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted October 31, 2019 Administrators Share Posted October 31, 2019 For me it works like a charm. Link to comment Share on other sites More sharing options...
paul.f 0 Posted October 31, 2019 Author Share Posted October 31, 2019 1 hour ago, Marcos said: For me it works like a charm. Yeah the website loads fine, but the app doesn't, it won't connect to the servers thus rendering it useless. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted October 31, 2019 Administrators Share Posted October 31, 2019 For applications you should use firewall rules to control access to particular IP addresses. The URL management is basically meant for browsers only. Link to comment Share on other sites More sharing options...
paul.f 0 Posted October 31, 2019 Author Share Posted October 31, 2019 (edited) 44 minutes ago, Marcos said: For applications you should use firewall rules to control access to particular IP addresses. The URL management is basically meant for browsers only. The firewall rules from my understanding are to block/unblock an specific app, the anydesk was not blocked there and adding an allow rule made no difference. From my understanding the purpose of the firewall rules is different than then white-list feature which takes precedence over it, in other words if the app can't go through the white-list then the app specific firewall rules are useless. Edited October 31, 2019 by paul.f Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted November 7, 2019 ESET Staff Share Posted November 7, 2019 This seems like an issue we are already aware of. Please proceed as described here: https://support.eset.com/kb7272/ , but please enable Protocol filtering advanced logging as well. Don't forget to disable logging before Part II. Then please send me the created logs via PM. Then, you can try if changing this setting makes any difference:F5 -> Web and email -> Web access protection -> Web protocols -> Ports used by HTTPS protocol Change the current value (I expect there is 443, 0-65535) to 443. We don't need any logs from the state when the setting is changed, at least for now. Thanks. paul.f 1 Link to comment Share on other sites More sharing options...
paul.f 0 Posted November 13, 2019 Author Share Posted November 13, 2019 Quote Then please send me the created logs via PM. Thank you, the log was sent to you via PM. Quote F5 -> Web and email -> Web access protection -> Web protocols -> Ports used by HTTPS protocol That did the trick! AnyDesk worked perfectly after narrowing down the ports to 443 only instead of "443, 0-65535". Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted November 14, 2019 ESET Staff Share Posted November 14, 2019 As I expected, this is a known issue. It's already fixed in the Internet protection module version 1382, which is currently in testing. Unfortunately it will take some time until it's released for your version of ESET Endpoint Antivirus. The fixed module will download automatically then. Until that time, you can keep using the value of 443 for Ports used by HTTPS protocol; alternatively, you can try the less invasive change of the default value with the value of "443, 0-79, 81-65535" or "443, 0-79, 81-6567, 6569-65535" paul.f 1 Link to comment Share on other sites More sharing options...
paul.f 0 Posted November 14, 2019 Author Share Posted November 14, 2019 2 hours ago, Posolsvetla said: As I expected, this is a known issue. It's already fixed in the Internet protection module version 1382, which is currently in testing. Unfortunately it will take some time until it's released for your version of ESET Endpoint Antivirus. The fixed module will download automatically then. Until that time, you can keep using the value of 443 for Ports used by HTTPS protocol; alternatively, you can try the less invasive change of the default value with the value of "443, 0-79, 81-65535" or "443, 0-79, 81-6567, 6569-65535" That sounds good enough for now, thank you. Link to comment Share on other sites More sharing options...
Recommended Posts