Jimbo151 1 Posted January 3, 2020 Share Posted January 3, 2020 After upgrading Mac clients from ESET Endpoint Security 6.8.2.0 to ESET Endpoint Security 6.8.400.0 the firewall blocks access to local services running on the same machine access via 'localhost' This can be reproduced by the following process. Under ESET 6.8.2.0 run 'sudo apachectl start' and open hxxp://localhost in any browser and it should display 'It Works!' in the browser After updating to ESET 6.8.400.0 the same process times out and the following is logged in the firewall log 03/01/2020, 15:14:31 No usable rule found [::]:49830 [::1c1e:c2a6:0:0]:80 TCP root We have a number of use cases where services are connected to on the local machine which are now broken, I have been unable to craft a new firewall rule to fix this without specifying the source as 'ANY' which is unacceptable for an inbound connection. what has changed from 6.8.2.0 to 6.8.400.0 that is stopping the machine from connecting to services running on itself ? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted January 8, 2020 ESET Moderators Share Posted January 8, 2020 Hello @Jimbo151, I spoke with our macOS support guy and he told me that the issue is already know to us. Some changes in the personal firewall functionality caused blocking of the localhost connections 😞 The issue can be resolved by creating a rule to allow the localhost connections. We apologize for the inconvenience caused, Peter note for us: P_EES6M-5377 Link to comment Share on other sites More sharing options...
Jimbo151 1 Posted January 10, 2020 Author Share Posted January 10, 2020 Hi Peter, Thanks for the reply - when creating a firewall rule to allow the localhost connection I haven't been able to do it without the source being set to 'All' and the direction inbound. Is there a way to specify the local machine as the source within a rule ? When looking at the block event in the log it does not show a source address, just the dynamic source port and I don't see a way to specify 'itself' as the source with in rule 03/01/2020, 15:14:31 No usable rule found [::]:49830 [::1c1e:c2a6:0:0]:80 TCP root Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted January 15, 2020 ESET Moderators Share Posted January 15, 2020 Hello @Jimbo151, have you tried to specify localhost addresses so Remote computer? The localhost addresses are not routed, so no need to be afraid of exposing it to the network / Internet. Peter Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 15, 2020 Share Posted January 15, 2020 (edited) Hum ........ A bit puzzled here. EIS/ESS Windows consumer versions have a default firewall that exists at the top of the rule set titled "Allow all traffic within the computer." This rule allows all inbound and outbound traffic to/from remote destination "Local addresses" zone. This zone by default on Windows installations contains IPv4 and Ipv6 localhost addresses; i.e. 127.0.0.1 and ::1. I would assume this default rule also exists on EES? Appears from the original posting, you want to access localhost addresses other than those noted above. Best way to do this would be to create a new firewall zone named whatever you desire. Specify in that zone 127.0.0.1/x and ::1/x; where "x" is the appropriate CIDR notation for the localhost ranges you want to reference. Or alternatively, only specify the individual localhost addresses you use. Then create a new firewall rule duplicating the details of the above noted "Allow all traffic within the computer" but specifying the new zone name you created in the remote destination rule area. Move that new rule to the top of the existing rule set. By using a Zone specification, you can add/delete IP addresses at needed without having to modify the new firewall rule. Below is a screen shot of the existing Eset Windows "Allow all traffic within the computer" rule: Edited January 15, 2020 by itman Link to comment Share on other sites More sharing options...
alvinkatojr 0 Posted January 24, 2020 Share Posted January 24, 2020 Greetings, I'm having a similar issue where multiple rules are being created but Eset Cyber Security Pro's firewall keeps blocking internet connection until I create a new rule. I've had to switch to interactive firewall mode because the default setting blocks all connections and does n't give any warning in the interface. I have had to confirm and approve every outgoing connection for each application regardless of whether I’d done that before. I've attached a picture of some of the many rules I have on my installation. Could I get some assistance or pointers on this? I'm on MacOS Catalina and using Eset 6.8.300.0 Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 25, 2020 Administrators Share Posted January 25, 2020 14 hours ago, alvinkatojr said: I'm having a similar issue where multiple rules are being created but Eset Cyber Security Pro's firewall keeps blocking internet connection until I create a new rule. Not sure what kind of communication it is, obviously both the local and remote port change. If you don't want to be asked, create a rule with "all" local and remote ports for "system". However, I'm not entirely convinced that it would be safe to do so from security point of view. Link to comment Share on other sites More sharing options...
alvinkatojr 0 Posted January 25, 2020 Share Posted January 25, 2020 Thanks for the response but I think this goes beyond creating rules. The default firewall option used to work without hiccups even when the ports change, the question is why is n't it working now on Mac OS Catalina? Link to comment Share on other sites More sharing options...
alvinkatojr 0 Posted January 28, 2020 Share Posted January 28, 2020 Could I get some assistance or pointers with this issue? Eset Support are yet to get back to me and I'm stuck with a product that won't work as it's supposed to. It would be nice if I got some idea of what exactly the problem is and why it's happening. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 29, 2020 Administrators Share Posted January 29, 2020 Please follow the instructions at https://forum.eset.com/topic/22315-iphone-turns-on-alert-displays-but-nothing-i-do-suppresses-the-alert/ In particular: - remove all custom rules (or install ECS from scratch) - make sure that you mark your network as home or work when detected In home / work network, any local communication by the system process is allowed automatically. In case of issues, open a support ticket with your local ESET distributor and provide logs collected as per https://support.eset.com/en/use-eset-logcollector-on-macos-and-send-the-logs-to-eset-technical-support. Link to comment Share on other sites More sharing options...
alvinkatojr 0 Posted January 29, 2020 Share Posted January 29, 2020 Thanks for the response Marcos. But I've already installed ECS from scratch and the same issue is occurring. I've also marked my home network as such(see attached screenshot), but the same issue persists. Earlier versions of ESET never had this issue, so I believe this goes beyond my settings and rules. As for contacting my local ESET distributor, I did that last week and I'm yet to hear back. It seems something changed in between ECS releases and it's possible the developers don't know about this. Could you raise an issue and escalate because as far as I can tell, I'm not the only one suffering with this and all remedies don't seem to work. Thanks. Link to comment Share on other sites More sharing options...
Roland 0 Posted February 22, 2020 Share Posted February 22, 2020 (edited) Hey, I'm experiencing the very same issue as the OP. When can we expect this to be fixed? For troubleshooting and workaround for the time being see below: I'm not able to access any web service (node, nginx, docker etc...) that I fire up locally on any port. The browser just hangs and having the spinner rotating forever. None of the following works: hxxp://localhost:3000 hxxp://127.0.0.1:3000 hxxp://[::1]:3000 Most of these servers bind to the unspecified ipv6 address (::) - if it's enabled, this is the expected and default behaviour. By default, I should be able to access my local web service using the ipv4 address (localhost and 127.0.0.1) and especially with ipv6 address ([::1]). It is platform specific and seems like most of the OS-s are the same. macOS definitely has dual stack mode enabled by default AND ipv4 is auto-listened if anything binds to the unspecified ipv6 address (::). (see attached and link to an issue) If I define ipv4 explicitly for the service (localhost, 127.0.0.1 or 0.0.0.0) then it works fine and it is accessible via the browser. This is what my ESET firewall log looks like. It is clearly blocking my access. 22/02/2020, 11:36:49 No usable rule found [::]:62323 [::1c1e:f373:0:0]:3000 TCP root 22/02/2020, 11:36:44 No usable rule found [::]:62322 [::1c1e:f372:0:0]:3000 TCP root I was able to get around it by adding the following rule to the firewall (also see attached). Please note: in order to add the :: address you'll have to type ::0 in the IP Address field in ESET for the button to become active. All Application - Inbound - TCP - All Remote Ports - All Local Ports - ::0 (the unspecified ipv6 address) and this is in my logs after adding the rule: 22/02/2020, 18:06:57 Communication allowed by rule [::]:64541 [::1c1e:fc1d:0:0]:3000 TCP Allow communication for System root 22/02/2020, 18:06:57 Communication allowed by rule [::]:64541 [::1c1e:fc1d:0:0]:3000 TCP Allow communication for System root I used freshly installed ESET Cyber Security Pro (6.8.300.0) - default settings - on macOS Mojave (10.14.6) to test and troubleshoot this issue. However, this came to my attention when I was trying to use my work laptop that has ESET Endpoint Security (6.8.400.0) installed on macOS Catalina (10.15.3). Edited February 22, 2020 by Roland typo Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted February 22, 2020 Administrators Share Posted February 22, 2020 I would recommend collecting logs as per the instructions at https://support.eset.com/en/kb3404-use-eset-logcollector-on-macos-and-send-the-logs-to-eset-technical-support and opening a support ticket with your local ESET distributor. Link to comment Share on other sites More sharing options...
void-void 0 Posted April 10, 2020 Share Posted April 10, 2020 I run into the same issue. ESET Firewall blocks localhosts which makes software development impossible unless the firewall it completely turned off. When can we expect a fix for that? Everything worked fine on previous versions. I currently have 6.8.300.0 installed on a MacOs Catalina Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,173 Posted April 15, 2020 ESET Moderators Share Posted April 15, 2020 The issue should be resolved in next service release. Work around is to creating a rule to allow the localhost connections. We apologize for the inconvenience caused. Peter Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 17, 2020 Share Posted April 17, 2020 Is there an ETA on the next service release? We've been waiting for a fix for the "Restart Computer" issues for what feels like 6 months now... Link to comment Share on other sites More sharing options...
Pierre-MP 0 Posted April 20, 2020 Share Posted April 20, 2020 Is really a nonsense. We just have updated all our Macs in the offices because of incompatibility of previous ESET version with 10.14.5, and now we still blocked for all local requests. Unable to show the router page, manage switches, access to the local servers and VMs... It's a shame, sincerely Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted April 21, 2020 Administrators Share Posted April 21, 2020 On 4/20/2020 at 7:53 PM, Pierre-MP said: We just have updated all our Macs in the offices because of incompatibility of previous ESET version with 10.14.5, and now we still blocked for all local requests. Unable to show the router page, manage switches, access to the local servers and VMs... Please try the latest version of Endpoint 6.8.711 hich has not been released yet and let us know if it resolves the issue: https://forum.eset.com/files/category/3-early-access/ Link to comment Share on other sites More sharing options...
StefanCoetzer 0 Posted May 25, 2020 Share Posted May 25, 2020 @Marcos Any update here as to when the official release and solution would be available? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted May 25, 2020 Administrators Share Posted May 25, 2020 3 minutes ago, StefanCoetzer said: @Marcos Any update here as to when the official release and solution would be available? There is no ETA yet, it's still in the works. I'd strongly recommend opening a ticket with your local ESET support so that the issue is investigated and possibly fixed in the upcoming version. Link to comment Share on other sites More sharing options...
StefanCoetzer 0 Posted May 25, 2020 Share Posted May 25, 2020 I've created FW rules as per @Roland's recommendation and this works. Do you guys have patch notes or a specific status page where we can follow bugs like these + workarounds and timelines on resolution @Marcos? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted May 25, 2020 Administrators Share Posted May 25, 2020 10 minutes ago, StefanCoetzer said: Do you guys have patch notes or a specific status page where we can follow bugs like these + workarounds and timelines on resolution @Marcos? There is no public list of issues. Our partners have access to it so they should be able to tell if a particular issue is a known bug. Link to comment Share on other sites More sharing options...
robertk 0 Posted June 10, 2020 Share Posted June 10, 2020 does anyone know how this firewall thing works on localhost development or docker? Link to comment Share on other sites More sharing options...
Recommended Posts