Jump to content

Eset Endpoint Security impossible to unblock with troubleshooting wizard


Recommended Posts

Hello,

For a few months now, we can no longer unblock local flows directly from the troubleshooting wizard.

I haven't found anything in the antivirus configuration that explains this...

Do you have any idea where it could be coming from? 

OS : Windows 10 1909
Product : 7.2.2055.0

see attached screenshots

Thank you. 
 

ESET1.JPG

eset2.JPG

Link to comment
Share on other sites

  • Administrators

1, What issues with communication have you experienced recently due to the blocked communication?
2, You wrote "we can no longer unblock local flows directly from the troubleshooting wizard". Does clicking "Unblock" next to the desired communication which must be allowed for an issue to not occur result in an error?

Link to comment
Share on other sites

Hello,

We did not encounter any particular problem but this option is very useful for authorizing communications on a case-by-case basis or for debugging.

The problem is the same regardless of the communication to authorize. 
if I click on Unblock I get the same error each time => there are no other errors / more detailed explanations, just the message in the second screenshot and of course the communication is not allowed.

The problem appeared overnight without too much explanation, we deploy Eset Endpoint Security with ESET.

Edited by seb38300
Link to comment
Share on other sites

  • Administrators

Couldn't it be that you have applied firewall rules via a policy? In such case no custom rules can be created to allow the desired communication. By the way, one should not run the Firewall troubleshooting wizard unless experiencing actual network communication issues.

Link to comment
Share on other sites

As far as the first screen shot and excluding the DNS detection, all those blocks are due to SSDP. The easiest way to eliminate those as far as Eset goes is to disable the Win SSDP service. I did so with no noticeable issues.

As far as the DNS blocks, you need to click on "Details" and post a screen shot of what is shown. By default, the Eset firewall allows all outbound traffic related to DNS activitiy; i.e. UDP protocol port 53.

 

Edited by itman
Link to comment
Share on other sites

What is causing Eset's SSDP blocking is router/gateway has UPnP enabled. This is allowing all the devices on the network to attempt to perform network discovery to this device.

For example if Eset firewall network adapter protection setting is Public or if Use Wndows settings is specified and the Win firewall is set to Public profile, Eset will block all inbound SSDP activity since that is only allowed for devices whose IP address are specified in the Trusted Zone. In Public protection mode, no devices are allowed in the Trusted Zone by default.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...