Windows 10 folder sharing issue

PaulWillard · January 26, 2020

Hi,

If I disable Eset internet security v13.0.24 firewall then the Windows 10 folder sharing works and I can see files from other computers.

When I enable Eset firewall and enable logs this error shows up

>>epfwlog.txt

>>1/26/2020 1:28:29 PM Communication denied by rule Blocked 192.168.1.141:35254 192.168.1.255:137 UDP Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone System

I read many forums posts and recommendations to add "192.168.0.0/24" to trusted zones and other things but still no luck

is there something else that I am missing?

itman · January 26, 2020

Refer to the below screen shot.

Per your Eset log entry, the Eset firewall is blocking outbound SSDp/uPnP traffic because that is only allowed to port 1900. For file sharing, outbound access to port 137 must be performed by the System process; i.e. ntoskrnl.exe.

What is strange is why Eset firewall is creating the blocked SSDP/uPnP outbound log entry. That rule should only be triggered by any attempted outbound traffic to port 1900. Or, perhaps by svchost.exe outbound SSDP service traffic to any port other than 1900 which appears to be the case here.

Edited January 26, 2020 by itman

PaulWillard · January 26, 2020

I did exactly what you suggested and added those entries from your screenshot into my >Firewall > Advanced > Rules

Time	Event	Action	Source	Target	Protocol	Rule/worm name	Application	User
1/26/2020 6:19:40 PM	Communication denied by rule	Blocked	192.168.1.141:49983	192.168.1.255:137	UDP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System				
1/26/2020 6:19:45 PM	Communication denied by rule	Blocked	192.168.1.141:45919	192.168.1.255:137	UDP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 6:19:48 PM	Communication denied by rule	Blocked	192.168.1.141:47414	192.168.1.255:137	UDP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System

itman · January 26, 2020

55 minutes ago, PaulWillard said:

I did exactly what you suggested and added those entries from your screenshot into my >Firewall > Advanced > Rules

The rules shown in my screen shot are Eset default ones. So delete any like rules you created since they are not necessary. You can see all Eset default firewall rules by enabling the "Slow built-in (predefined) rules" box option by left mouse clicking on it.

Appears Eset firewall is blocking the outbound port 137 traffic since that should only be done by System; not by svchost.exe. What is unexplained is why the Eset log is showing blocked outbound SSDP/UPnP traffic versus blocked outbound file sharing traffic.

Edited January 27, 2020 by itman

PaulWillard · January 26, 2020

any other ideas on what I should do ?

itman · January 26, 2020

Have you created any user firewall rules other than the ones noted previously?

itman · January 27, 2020

I also just reviewed Win firewall file sharing outbound rules in regards to port 137, and it only allows that to be done from the System process. So Eset's blocked activity is correct in regards to svchost.exe attempt to do so.

itman · January 27, 2020

5 hours ago, PaulWillard said:

recommendations to add "192.168.0.0/24" to trusted zones

If you have added 192.168.0.0/24 to the Trusted zone, delete it and see if this stops the Eset blocked port 137 outbound activity.

PaulWillard · January 27, 2020

56 minutes ago, itman said:

If you have added 192.168.0.0/24 to the Trusted zone, delete it and see if this stops the Eset blocked port 137 outbound activity.

Time	Event	Action	Source	Target	Protocol	Rule/worm name	Application	User			
1/26/2020 8:10:27 PM	Communication denied by rule	Blocked	192.168.1.141:42021	192.168.1.12:445	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 8:10:27 PM	Communication denied by rule	Blocked	192.168.1.141:45536	192.168.1.12:139	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 8:10:28 PM	Communication denied by rule	Blocked	192.168.1.141:42021	192.168.1.12:445	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 8:10:28 PM	Communication denied by rule	Blocked	192.168.1.141:45536	192.168.1.12:139	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System			
1/26/2020 8:10:30 PM	Communication denied by rule	Blocked	192.168.1.141:42021	192.168.1.12:445	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 8:10:30 PM	Communication denied by rule	Blocked	192.168.1.141:45536	192.168.1.12:139	TCP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System	
1/26/2020 8:10:35 PM	Communication denied by rule	Blocked	192.168.1.141:45064	192.168.1.255:137	UDP	Allow outgoing SSDP (UPNP) requests for svchost.exe in the Trusted zone	System

Hpoonis · January 27, 2020

I was told to use 'learning mode'.

Once that was enabled file-sharing worked (windows 7 to windows 10). However, no amount of fiddling and options is making KODI (win or pi) connect to the win10 shares.

I cannot speak for how ESET acts with win7 compared to win10 but I had no problems connecting KODI to win7 shares and ESET was installed back then (before upgrade/rebuild) also.

Does the eset firewall create a 'trusted zone' for local addresses (same subnet). I see that as a default that should happen.

Edited January 27, 2020 by Hpoonis

itman · January 27, 2020

You still didn't answer my question of if custom user firewall rules have been created.

This includes as noted above if you have previously switched Eset firewall to Learning mode as noted above. Also, if you used the Network Wizard previously to unblock any previously blocked network traffic.

PaulWillard · January 27, 2020

2 hours ago, itman said:

You still didn't answer my question of if custom user firewall rules have been created.

This includes as noted above if you have previously switched Eset firewall to Learning mode as noted above. Also, if you used the Network Wizard previously to unblock any previously blocked network traffic.

No I am not using any firewall profile and the filtering mode is set to "automatic mode"

itman · January 27, 2020

2 minutes ago, PaulWillard said:

No I am not using any firewall profile

Open Eset firewall settings. Refer to the below screen and post what "Protection Type" is shown for your network adapter connection.

PaulWillard · January 27, 2020

this is what i have!

itman · January 27, 2020

That looks OK. Do you actually have that many devices on your network?

PaulWillard · January 27, 2020

i only have 1

itman · January 27, 2020

Your screen shot shows 5 connections;

Two for physical Ethernet with one disabled.

One for virtual Ethernet.

One for Wi-Fi - disabled

One for Bluetooth - disabled

Disregarding the disabled connections, there should be only two network connections shown in Eset; one for the physical Ethernet connection and one for the virtual Ethernet connection.

PaulWillard · January 27, 2020

should I delete those 19 known networks?

itman · January 27, 2020

1 minute ago, PaulWillard said:

should I delete those 19 known networks?

I would delete all existing network connections and let Eset redetect you active network connections.

If Eset keeps recreating new connections as currently exists, it is a sign that Eset is having a problem detecting your current network adapter connections.

Next up is who are you trying to share files with since your network consists of just one physical device?

PaulWillard · January 27, 2020

I'm connected to my router through LAN and my laptop in a different room is connected through WIFI..

I am trying to open files from the laptop but ESET won't let me

PaulWillard · January 27, 2020

so I deleted everything then added just one and it seems to be working now!

itman · January 27, 2020

1 hour ago, PaulWillard said:

so I deleted everything then added just one and it seems to be working now!

I was eventually going to get to this.

When the "Use Windows setting" is specified for an Eset network adapter connection, this will defer to the Win firewall network profile. If that profile is set to "Public," file sharing is disabled by default unless manually overridden as shown below:

Don't know if you were doing something like this. If so, it might explain why file sharing worked for you with the Eset firewall disabled.

Most likely what happened was when you disabled the Eset firewall, the Win firewall was also disabled which I believe is the case. As such, no firewall fire sharing restrictions were in place which is why you could perform file sharing.

In any case, looks like your issue is resolved.

Edited January 27, 2020 by itman

Sign In

Windows 10 folder sharing issue

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics