Martin25B93 1 Posted September 17, 2020 Share Posted September 17, 2020 Hi. Which is the best way how to block via ESET specific websites? I know you can do this via these two options: Web control or via Web access protection. If I turn on web access protection ESET blocked lots of non dangerous websites. So it is better create a block rules via Web control option? It is very bad because via Web access protection you can block downloading specific files, etc. Thank you for your help. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 17, 2020 Administrators Share Posted September 17, 2020 Web access protection is a vital protection feature which must be kept enabled (at least if the computer has Internet access). You can use URL management to block specific urls. Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 17, 2020 Author Share Posted September 17, 2020 Yes, I know what about URL Address Management feature? For example If I turn this feature on and fill List of blocked addresses and I noticed almost everything is blocked via ESET Is better for this purpose (blocking website which for any purpose) use Enable Web control feature? Thank you very much! Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 17, 2020 Author Share Posted September 17, 2020 Because I would like to block only a few address and others allow and keep ESET analyse it by itself. So I think for me will be better go via Enable Web control feature? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 17, 2020 Administrators Share Posted September 17, 2020 11 minutes ago, Martin25B93 said: If I turn this feature on and fill List of blocked addresses and I noticed almost everything is blocked via ESET Please block the desired addresses via the URL management, wait a while until some URLs are blocked and then collect logs with ESET Log Collector. When done, provide the generated zip file and also let me know which of the blocked addresses you didn't want to block. Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 17, 2020 Author Share Posted September 17, 2020 I want block only 20 address and other I want allow. I don't want collect list of allowed url address Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 17, 2020 Share Posted September 17, 2020 1 hour ago, Martin25B93 said: For example If I turn this feature on and fill List of blocked addresses and I noticed almost everything is blocked via ESET I Did you create an entry in the "List of blocked addresses" and place an "*" there? If so, all URLs will be blocked except those specified in the "List of allowed addresses." By default, the "List of blocked addresses" is empty. As such, nothing is blocked by Eset other than its real-time detections. If you only want to absolutely block 20 specific URLs, just add those to the "List of blocked addresses." Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 17, 2020 Author Share Posted September 17, 2020 I blocked these apps via Web control. Web access protection feature I would like to use for blocking downloading some dangerous files but it not working. I created rule for decline downloading all torrents -> **.torrent Everything checked I have turn on SSL and HTTP/HTTPS. Do you know where can be a problem? Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 17, 2020 Share Posted September 17, 2020 (edited) 1 hour ago, Martin25B93 said: I created rule for decline downloading all torrents -> **.torrent Per Eset online help: Quote Block or allow specific file extensions URL address management also allows you to block or allow the opening of specific file types during internet browsing. For example, if you do not want executable files to be opened, select the list where you want to block these files from the drop-down menu and then enter the mask "**.exe". https://help.eset.com/ees/7/en-US/idh_config_parental_rule_edit_dlg.html?idh_config_epfw_scan_http_address_list.html The problem here as I see it is torrent files are download outside of a browser. I believe URL management only controls access to files opened in a browser. Edited September 17, 2020 by itman Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 18, 2020 Author Share Posted September 18, 2020 Yes. But before you start torrent downloading you need to find that .torrent file for example. Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 18, 2020 Share Posted September 18, 2020 (edited) 9 hours ago, Martin25B93 said: Yes. But before you start torrent downloading you need to find that .torrent file for example. -EDIT- Try what is shown in this Eset online help article first: https://help.eset.com/ees/7/en-US/how_block_file_dwnl.html. That is enter, *.*.torrent and */*.torrent in URL blocked address list. However, read this article: https://www.techworm.net/2020/04/download-torrent-site.html. By blocking .torrent downloads, you are only blocking the "seeding" file and not the actual downloaded files. Also note: Quote On the other hand, a magnet link will offer a direct line and connect the downloader to each file. -END EDIT- The only way to do this would be to block access to torrent web sites by domain name filtering via URL address management. Here's a list of approx. 30 of them and I am sure more exist: https://www.alltorrentsites.com/ . Note that to download torrent files, Torrent software must be installed. I really don't know why any commercial concern would allow users to install like software or any software for that matter: https://security.stackexchange.com/questions/122617/how-to-block-torrent-sites . If we are referring to BitTorrent, it's inbound traffic can be blocked by creating an Eset firewall to do so: https://imacify.com/2013/07/what-is-torrents-and-how-to-block-torrent-downloads/ although torrents can use any port. Or: Quote Another approach would be to block the types of connections that Bittorrent requires. As a peer-to-peer protocol, peers outside your network need to connect in. A firewall could prohibit incoming connections to your user subnet, while permitting them to your intended outward-facing services. An IPS could put a threshold on the number of incoming and outgoing connections, since Bittorrent clients need to connect to multiple peers (and have multiple peers connect to them) in order to function. https://security.stackexchange.com/questions/33983/what-are-the-tcp-udp-ports-used-by-torrent-applications The problem here I believe is the torrent client/s are initiating the download by performing an outbound connection. As such, the Eset firewall will allow that inbound traffic. Edited September 18, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 18, 2020 Share Posted September 18, 2020 (edited) Also and important, note that Cisco Meraki network perimeter security appliances for example have Web content filtering granularity to the level where specific Torrent traffic can be blocked. However, they footnote this capability with the following statement: Quote Note: File sharing programs, such as BitTorrent, are now able to be configured to encrypt traffic as secure HTTPS, potentially bypassing P2P traffic shaping rules that have been configured. Cisco Meraki MX Security Appliances and Wireless APs are capable of detecting some of the encrypted P2P traffic on the network. When encrypted P2P traffic is detected, it will be matched to any configured P2P traffic shaping rules, and honor the limitations that have been configured. However, if the traffic is encrypted, it may not be possible to accurately classify all of the offending traffic. https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Blocking_P2P_And_File_Sharing Edited September 18, 2020 by itman Link to comment Share on other sites More sharing options...
Martin25B93 1 Posted September 21, 2020 Author Share Posted September 21, 2020 Solved thank you I used web control rule and HIPS but on macos it not possible via this way. Link to comment Share on other sites More sharing options...
Recommended Posts