seb38300 0 Posted May 4, 2020 Posted May 4, 2020 Hello, For a few months now, we can no longer unblock local flows directly from the troubleshooting wizard. I haven't found anything in the antivirus configuration that explains this... Do you have any idea where it could be coming from? OS : Windows 10 1909 Product : 7.2.2055.0 see attached screenshots Thank you.
Administrators Marcos 5,467 Posted May 4, 2020 Administrators Posted May 4, 2020 1, What issues with communication have you experienced recently due to the blocked communication? 2, You wrote "we can no longer unblock local flows directly from the troubleshooting wizard". Does clicking "Unblock" next to the desired communication which must be allowed for an issue to not occur result in an error?
seb38300 0 Posted May 4, 2020 Author Posted May 4, 2020 (edited) Hello, We did not encounter any particular problem but this option is very useful for authorizing communications on a case-by-case basis or for debugging. The problem is the same regardless of the communication to authorize. if I click on Unblock I get the same error each time => there are no other errors / more detailed explanations, just the message in the second screenshot and of course the communication is not allowed. The problem appeared overnight without too much explanation, we deploy Eset Endpoint Security with ESET. Edited May 4, 2020 by seb38300
Administrators Marcos 5,467 Posted May 4, 2020 Administrators Posted May 4, 2020 Couldn't it be that you have applied firewall rules via a policy? In such case no custom rules can be created to allow the desired communication. By the way, one should not run the Firewall troubleshooting wizard unless experiencing actual network communication issues.
itman 1,807 Posted May 4, 2020 Posted May 4, 2020 (edited) As far as the first screen shot and excluding the DNS detection, all those blocks are due to SSDP. The easiest way to eliminate those as far as Eset goes is to disable the Win SSDP service. I did so with no noticeable issues. As far as the DNS blocks, you need to click on "Details" and post a screen shot of what is shown. By default, the Eset firewall allows all outbound traffic related to DNS activitiy; i.e. UDP protocol port 53. Edited May 4, 2020 by itman
itman 1,807 Posted May 4, 2020 Posted May 4, 2020 (edited) What is causing Eset's SSDP blocking is router/gateway has UPnP enabled. This is allowing all the devices on the network to attempt to perform network discovery to this device. For example if Eset firewall network adapter protection setting is Public or if Use Wndows settings is specified and the Win firewall is set to Public profile, Eset will block all inbound SSDP activity since that is only allowed for devices whose IP address are specified in the Trusted Zone. In Public protection mode, no devices are allowed in the Trusted Zone by default. Edited May 5, 2020 by itman
Recommended Posts