Jump to content

Archived

This topic is now archived and is closed to further replies.

tjack

"No usable rule found" records, firewall in Interactive mode

Recommended Posts

Hi,

I get "No usable rule found" records in firewall log, Action is Blocked, connection blocked. Firewall is in Interactive mode. No pop-ups show up for new inbound and outbound connections. Applies to ESET Internet Security, Windows 7.

Please help.

 

Details: I assume "No usable rule found" log record should never appear while firewall is in Interactive mode. The purpose of Interactive mode is to show firewall request upon each new connection which doesn't fit any existing rule. In my case that doesn't happen, when no rule fits connection is just blocked with such a log. Also, nothing is in Setup - Protection - Troubleshooting wizard, just 0 records.

1. I have hundreds of firewall rules - could that be the trigger for the solution to work incorrectly? I have enough RAM and CPU.

2. I reinstalled the EIS a few times, it worked fine in Interactive mode until I imported settings which included those firewall rules. Sure I can recreate rules from scratch but in that case I'd lose lots of my time spent on configuring those rules, and if the root cause is amount of rules the issue would come up again. Not having those rules isn't an option as that would effectively diminish the purpose of having ESET firewall.

 

Thank you.

Share this post


Link to post
Share on other sites

Please provide logs collected with ESET Log Collector.

Share this post


Link to post
Share on other sites

It would take some time to prepare them.

Do you have any ideas in the meanwhile re: why this could be?

Share this post


Link to post
Share on other sites
13 minutes ago, tjack said:

Do you have any ideas in the meanwhile re: why this could be?

Take a close look at Eset default firewalls that exist prior to importing your existing firewall rules. If I recollect, a rule is added at the end of the rule set when Interactive mode select that is in essence an ask rule for any inbound and outbound network traffic. If that rule is removed, Eset will then block by default anything which hasn't been satisfied by an existing firewall rule.

Or, the above ask rule is hidden but still exists. If you import settings for a prior export where Interactive mode had not been enabled, this also would remove this hidden ask rule regardless of if the firewall was set to Interactive at the time of the import activity.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...