mokaz 0 Posted January 3, 2021 Posted January 3, 2021 Hi All, I've been making some tests with this Proxy Client: hxxp://www.proxycap.com/ It seems that proxy'ing traffic through this app isn't picked up by the ESET Firewall. The app install's a service: C:\WINDOWS\system32\pcapsvc.exe which run's as LocalSystem. My ESET FW config is setup in "interactive mode" so that anything that isn't part of the FW config would popup a dialog box asking what to do with the new connection. Anyone could confirm the behaviors? Let me know, Kind regards, M.
itman 1,801 Posted January 3, 2021 Posted January 3, 2021 Did you set up the proxy server data per the below screen shot?
mokaz 0 Posted January 4, 2021 Author Posted January 4, 2021 Hi there, Maybe my explanations weren't clear enough. After having installed ProxyCap and inserted some proxy server in there + setup some applications to proxy rules, ESET Firewall doesn't acknowledge any connections happening within ProxyCap. My setup is fairly simple, I've deployed a shadowsocks server on a DMZ seated Linux host and configured that proxy within my Windows based ProxyCap (Windows host seated in another network zone. running ESET Internet Security). Even with a global DENY rule on the C:\WINDOWS\system32\pcapsvc.exe within the ESET Firewall, communications goes through. Let me know, Kind regards, M.
mokaz 0 Posted January 4, 2021 Author Posted January 4, 2021 Okay, after a Windows host reboot, the pcapsvr.exe is effectively denied communication. Removing the deny rule and restarting the ProxyCap service is triggering ESET Firewall dialog box. So problem solved, nothing to worry about. Kind regards, M.
Administrators Marcos 5,450 Posted January 4, 2021 Administrators Posted January 4, 2021 Correct. Works for me alright too.
mokaz 0 Posted January 4, 2021 Author Posted January 4, 2021 Thanks a lot for the confirmation ! Would you perhaps know if ESET is planning for a slightly more advanced Firewall rules GUI configuration pane? I'd love a "rules search" feature and perhaps a "current connections" status. Aside of that, the ESET host based FW rocks ! Kind regards, HNY ! m.
Administrators Marcos 5,450 Posted January 4, 2021 Administrators Posted January 4, 2021 The search function has been there for a long time: However, if you have more than 200 rules, search works only on the current page if I remember correctly. The gui of the firewall rule editor is planned to be improved in the future.
Recommended Posts