Jump to content

Network protection logs empty

Go to solution Solved by TemnaJaternica,

Recommended Posts


I upgraded ESET endpoint security to version 7.3.2041 and switched firewall to interactive mode. Some basic communication pop-up and I allow all of the communication. One of the programs is communicating on different ports with sub-application. And these are blocked without any trace in rules or in Troubleshooting wizard. 

Before I simply went to tools->Log files-> Network protection logs and desired blocked communication was there. Simple right click and I unblocked it.  Question of seconds to solve problem.

Now the Network protection logs are empty. So clearly logging was restricted and I've tried to reopen it again in Advance setup->Tools->Diagnostics-> Advanced Logging-> Enable Network protection advanced logging. But no success, not even one drop to Net logs.

So why are my Log files-> Network protection logs empty? How to intercept blocked communication by firewall? What should I do to get proper info to Network protection logs back again as it was before.

Thanks in advance for reply.

Edited by TemnaJaternica
Link to post
Share on other sites
  • Administrators

Advanced network protection logging creates a pcap log in the Diagnostics folder and it's intended for analysis by developers.

You can try running the Firewall troubleshooting wizard to see a list of blocked communications where you can unblock the desired one with one or two clicks.


Link to post
Share on other sites

As I wrote in my first message in Troubleshhoting wizard there are zero blocked application. Everything what appears there is unblocked. And does not have effect on blocked communication.  The info there is very general, in NetProt logs there were exact precise information (program/port).

So back to my main question, how to set up configuration to let NetProt logs to be filled again?


Link to post
Share on other sites

Just now, after one hour of blocking, ESET finally popup interactive firewall window with blocked application and it is finally added in rules... But I think it should not be correct behavior for good antivirus to wait one hour, when the code notices that he is blocking something.

And in NetProt logs still nothing (and of course in Troubleshooting wizard either)... Is it strategy for ESET remove this functionality from users?

Link to post
Share on other sites
  • Administrators

First of all, the firewall troubleshooting wizard shows only recently blocked communications, by default it's communication blocked in the last 15 minutes but this can be changed to 1 hour at maximum.

If you create a block rule with the remote port 80 and access a website, you should see it logged:


Blocked communication is not logged unless you enable diagnostic logging verbosity but it's not recommended since it would log too much and big logs could be generated on a disk quite quickly.

Link to post
Share on other sites
  • Solution

Somehow, we do not understand each other.

From begging I told you that your solution does not work. There were NO blocked communication in Network protection troubleshooting (NPTrouble). That's why I tried to intensify logging and tried to see anything in NetProtection logs as it worked before. I turn on full logging and nothing appears there.  Fortunately I did screenshot yesterday.

Before, exactly same application blocks have appeared immediately. I ran application  in 20 secs I got error with connection problem. I turn off ESET Firewall application connection works fine, so it's clear firewall blocked it. Let's find out what is blocked. In next 20 secs I clicked Tools->LogFiles->Network protection logs -> minute ago there was log aplication xyz blocked. Then right click and don't block similar events in the future. Problem solved. I'm happy with ESET firewall functionality. Tens of times I solved problems in minutes.

Yesterday, same application same problem. No logs in NetProtLogs. OK lets try new feature NPTrouble and nothing, no logs (which screenshot you've showed me afterward couple of times) .  So lets ask in ESET forum/ support, what was was changed in new version and what I'm doing wrong. And next tens of minutes wasted with some AI replies like that it has to be in NPTrouble, even I wrote couple of times that No, it was not. And again you sent me same post again...

So dear Marcos, I know that you have some workflow for replies etc... But it's enough.

There is something buggy is in ESET. It WAS NOT asked to block/allow app in interactive mode. It DID NOT show anything in full logs and in your lovely NPTrouble. After one hour of wasting with post here, it suddenly poped-up I included it to rules. I would do it manually, but did not know which app from 30 another is blocked.

Unfortunately I did not get simple answer to my questions form first post and I don't care now. I conclude that new version of ESET in interactive mode can NOT handle properly logging and also interactive setting of firewall. I, as a ordinary user,  have to deal with it and never waste of my time on forums.

Thank you for your time and you can consider this topic as solved.


Link to post
Share on other sites
  • Administrators

The issue needs to be investigated. We'd need you to:

- enable advanced network protection logging under Tools -> Diagnostics in the advanced setup
- reboot the machine
- reproduce the issue
- stop logging
- collect logs with ESET Log Collector
- upload the generated archive here and provide more details about the blocked communication, especially the IP address of the device with which the communication was blocked.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...