Jump to content
tjack

"No usable rule found" records, firewall in Interactive mode

Recommended Posts

Hi,

I get "No usable rule found" records in firewall log, Action is Blocked, connection blocked. Firewall is in Interactive mode. No pop-ups show up for new inbound and outbound connections. Applies to ESET Internet Security, Windows 7.

Please help.

 

Details: I assume "No usable rule found" log record should never appear while firewall is in Interactive mode. The purpose of Interactive mode is to show firewall request upon each new connection which doesn't fit any existing rule. In my case that doesn't happen, when no rule fits connection is just blocked with such a log. Also, nothing is in Setup - Protection - Troubleshooting wizard, just 0 records.

1. I have hundreds of firewall rules - could that be the trigger for the solution to work incorrectly? I have enough RAM and CPU.

2. I reinstalled the EIS a few times, it worked fine in Interactive mode until I imported settings which included those firewall rules. Sure I can recreate rules from scratch but in that case I'd lose lots of my time spent on configuring those rules, and if the root cause is amount of rules the issue would come up again. Not having those rules isn't an option as that would effectively diminish the purpose of having ESET firewall.

 

Thank you.

Share this post


Link to post
Share on other sites

Please provide logs collected with ESET Log Collector.

Share this post


Link to post
Share on other sites

It would take some time to prepare them.

Do you have any ideas in the meanwhile re: why this could be?

Share this post


Link to post
Share on other sites
Posted (edited)
13 minutes ago, tjack said:

Do you have any ideas in the meanwhile re: why this could be?

Take a close look at Eset default firewalls that exist prior to importing your existing firewall rules. If I recollect, a rule is added at the end of the rule set when Interactive mode select that is in essence an ask rule for any inbound and outbound network traffic. If that rule is removed, Eset will then block by default anything which hasn't been satisfied by an existing firewall rule.

Or, the above ask rule is hidden but still exists. If you import settings for a prior export where Interactive mode had not been enabled, this also would remove this hidden ask rule regardless of if the firewall was set to Interactive at the time of the import activity.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...