"New network connection detected" messages

[am_dew 3]

I get periodic ESET messages saying "New network connection detected" and the message asks if I want to consider it as a trusted connection.  What causes this message to appear, and is there a safe way to have ESET always consider it a trusted network based on something such as an IP address, domain, etc.?

Thanks!

[Marcos 4,919]

The dialog pops up whenever a new network is detected. If you don't roam between new networks ESET should remember your choice for the given network. If you want to treat any new network as public automatically, you can configured it here:

You can provide logs collected with ESET Log Collector so that I can check if various networks were actually detected and your choice was remembered.

Note that public networks have certain services blocked, such as file sharing.

[am_dew 3]

8 hours ago, Marcos said:

The dialog pops up whenever a new network is detected. If you don't roam between new networks ESET should remember your choice for the given network. If you want to treat any new network as public automatically, you can configured it here:

You can provide logs collected with ESET Log Collector so that I can check if various networks were actually detected and your choice was remembered.

Note that public networks have certain services blocked, such as file sharing.

Thank you.  Some background -- my network setup is pretty standard...an up-to-date Windows 10 Pro desktop PC in my house with a hard-wired internet connection via an ISP (Xfinity/Comcast) supplied cable modem/router.  There are other PCs in the same house, on the same network, that I want to share files with, so whenever a new network was detected, I would always set it as a Trusted Zone (Home or office network). 

I downloaded and ran the ESET Log Collector.  Is there a secure way I can share the ZIP file with you?  Or is there anything in the ZIP file that might be considered unsecure?

[LesRMed 21]

2 minutes ago, am_dew said:

Is there a secure way I can share the ZIP file with you?

You can upload it here. Only ESET people can access it.

[am_dew 3]

16 minutes ago, am_dew said:

I downloaded and ran the ESET Log Collector.  Is there a secure way I can share the ZIP file with you?  Or is there anything in the ZIP file that might be considered unsecure?

Log files attached.

eis_logs.zip

[itman 1,629]

14 minutes ago, am_dew said:

Some background -- my network setup is pretty standard...an up-to-date Windows 10 Pro desktop PC in my house with a hard-wired internet connection via an ISP (Xfinity/Comcast) supplied cable modem/router.  There are other PCs in the same house, on the same network, that I want to share files with, so whenever a new network was detected, I would always set it as a Trusted Zone (Home or office network). 

Something is not right here.

When Eset established the initial network adapter profile for this device, assumed it was the trusted Home/Office profile. This would have set the the Trusted zone for example to 192.168.0.0/24. In other words, all devices connected to the local subnet assigned by your router.

How are you doing file sharing with the other devices on the network? Via recommended Win 10 folder sharing method?

[am_dew 3]

1 minute ago, itman said:

Something is not right here.

When Eset established the initial network adapter profile for this device, assumed it was the trusted Home/Office profile. This would have set the the Trusted zone for example to 192.168.0.0/24. In other words, all devices connected to the local subnet assigned by your router.

How are you doing file sharing with the other devices on the network? Via recommended Win 10 folder sharing method?

Yes, I am sharing using standard Windows 10 folder sharing.

I have tried deleting all "Known Networks" from ESET and then I get prompted with the message in my OP, to which I click "Yes".  At some point later for some reason, I will get prompted again with the same message.  Is there a way to force ESET to see my network as Home/Office?

[Marcos 4,919]

Unfortunately the screen shot above is blurred so I can't tell if it's the same network being detected.

Try leaving only these two parameters enabled for this network identification:

[itman 1,629]

23 minutes ago, am_dew said:

have tried deleting all "Known Networks" from ESET and then I get prompted with the message in my OP, to which I click "Yes".  At some point later for some reason, I will get prompted again with the same message. 

What usually causes this is the parameters assigned to the Eset network profile for the device are too restrictive.  Refer the below screen shot.

The clause to note is:

Quote

All selected parameters are compared against the actual parameters of active network connections.

What this means is if your device and local network parameters do not match all the data shown in the Network Identification section, Eset will not recognize the existing network adapter connection and attempt to create a new one. You might have to experiment with different settings in this section; notably DNS and DHCP server IP addresses.

Edited January 15, 2021 by itman

[am_dew 3]

4 minutes ago, Marcos said:

Unfortunately the screen shot above is blurred so I can't tell if it's the same network being detected.

Try leaving only these two parameters enabled for this network identification:

Those two parameters are, and have always been, enabled whenever I checked.

[am_dew 3]

3 minutes ago, am_dew said:

Those two parameters are, and have always been, enabled whenever I checked.  Here is an unblurred screen shot.

[itman 1,629]

I would suggest you open a command prompt window and enter the following:

ipconfig /all

The output shown will give details as to DNS server, DHCP server, and gateway IP addresses in use by Win 10. Eset Network Identification parameters should match that shown in the ipconfig output in regards to the above noted IP addresses.

[am_dew 3]

12 minutes ago, itman said:

What usually causes this is the parameters assigned to the Eset network profile for the device are too restrictive.  Refer the below screen shot.

The clause to note is:

What this means is if your device and local network parameters do not match all the data shown in the Network Identification section, Eset will not recognize the existing network adapter connection and attempt to create a new one. You might have to experiment with different settings in this section; notably DNS and DHCP server IP addresses.

I had a feeling these settings were part of the equation.  Yesterday, after the "new network" detection I added in the IP address of my gateway (which is also the same IP as my DHCP server) to see if that would help.  So far, I have not been prompted by ESET for a new network but then again, those prompts seem to come at random times, sometime weeks apart.

 

[am_dew 3]

 

11 minutes ago, itman said:

I would suggest you open a command prompt window and enter the following:

ipconfig /all

The output shown will give details as to DNS server, DHCP server, and gateway IP addresses in use by Win 10. Eset Network Identification parameters should match that shown in the ipconfig output in regards to the above noted IP addresses.

The settings in the screenshot below match what I see in ipconfig /all output.  As said above, I just recently decided to add the gateway IP address in addition to the previously populated DHCP and DNS server values to see if that helps.  Time will tell I guess.

 

 

Edited January 15, 2021 by am_dew

[itman 1,629]

30 minutes ago, Marcos said:

Unfortunately the screen shot above is blurred so I can't tell if it's the same network being detected.

Try leaving only these two parameters enabled for this network identification:

If the IPv4 DNS server addresses shown in this screen shot; i.e. 75.75.75.75 and 75.75.76.76, are your actual router assigned IP addresses, I question their validity. IPv4 DNS server addresses on a device almost always are within the assigned local subnet range; 192.xxx.xxx.xxxx or 10.xxx.xxx.xxx.

[am_dew 3]

2 minutes ago, itman said:

If the IPv4 DNS server addresses shown in this screen shot; i.e. 75.75.75.75 and 75.75.76.76, are your actual router assigned IP addresses, I question their validity. IPv4 DNS server addresses on a device almost always are within the assigned local subnet range; 192.xxx.xxx.xxxx or 10.xxx.xxx.xxx.

Those are the DNS IPs assigned by the router to my PC.  I checked another PC in the house and the values are the same.

[itman 1,629]

Since you state this issue is intermittent in nature, another possibility is the use of APIPA address DNS server assignment.

APIPA IPv4 DNS server addresses start with 169.xxx.xxx.xxx and are used when DHCP initialization processing cannot establish a valid IPv4 DNS server connection

Unfortunately Eset network processing doesn't handle this situation at all and will indeed try to great a new network connection when it occurs.

Edited January 15, 2021 by itman

[am_dew 3]

54 minutes ago, itman said:

Since you state this issue is intermittent in nature, another possibility is the use of APIPA address DNS server assignment.

APIPA IPv4 DNS server addresses start with 169.xxx.xxx.xxx and are used when DHCP initialization processing cannot establish a valid IPv4 DNS server connection

Unfortunately Eset network processing doesn't handle this situation at all and will indeed try to great a new network connection when it occurs.

I have never seen APIPA DNS servers assigned but they could be used without my realizing it, I suppose.  One thing I have noticed is that DNS suffix in 'Network Identification' is sometimes hsd2.ca.comcast.net when a net network is found.  Is there any harm in disabling the DNS suffix option in 'Network Identification' or could I possibly use a wild card (eg. hsd*.ca.comcast.net) ?

[itman 1,629]

More info on the use of APIPA in Windows and when it is invoked is given here: https://www.lifewire.com/automatic-private-internet-protocol-addressing-816437

[itman 1,629]

7 minutes ago, am_dew said:

One thing I have noticed is that DNS suffix in 'Network Identification' is sometimes hsd2.ca.comcast.net when a net network is found.  Is there any harm in disabling the DNS suffix option in 'Network Identification' or could I possibly use a wild card (eg. hsd*.ca.comcast.net) ?

First, we are talking about connection-specific DNS suffice versus domain DNS suffix.

Connection-specific DNS suffix is assigned via the DHCP initialization processing and really should never change. Also Eset uses connection-specific DNS suffice to actually name the network connection.

I would talk to Comcast tech support as to why your connection-specific DNS suffix name is changing. Might be a problem with your ISP issued router. Or, there is a router configuration option to prevent this from happening.

[am_dew 3]

23 hours ago, Marcos said:

Unfortunately the screen shot above is blurred so I can't tell if it's the same network being detected.

Try leaving only these two parameters enabled for this network identification:

@MarcosWere you ever able to determine if the same network was detected? 

Thanks.

[itman 1,629]

I came across this posting in regards to connection-specific DNS suffice: https://community.linksys.com/t5/Wireless-Routers/Need-to-get-rid-of-quot-DNS-Suffix-Search-List-quot-from-ISP/td-p/1233151

It confirms:

1. It is assigned by Comcast ISP servers.

2. It is IPv6 conditioned.

My best guess as to why it changes from hsd1.ca.comcast.net to hsd2.ca.comcast.net deals with IPv6 DNS server assignment. I suspect hsd1 is the primary IVv6 DNS server and hsd2 is the secondary server. I have never really seen anything like this before.

When Eset detects the hsd2.ca.comcast.net connection as a new network connection, I would just keep it as a Home/Office network connection. In other words, you will have two network connections established. Eset will auto switch between the two network connections based on what is populated by Comcast as the connection-specific DNS suffice.

[am_dew 3]

Thank you for the research and your assistance.  I went ahead and created a new Known Network in ESET for hsd2.ca.comcast.net with the same settings as the hsd1.ca.comcast.net network already present in ESET.