Ufoto 14 Posted March 4, 2021 Share Posted March 4, 2021 Hello, I am troubleshooting Mac users who reported that some Office functionalities are not working when the ES personal firewall is enabled. Since there is no events under 'Detections and quarantine' (although 'Log all blocked connections' is enabled), I ran the Log collector remotely through the ESMC interface. I tried to review the 'Firewalllog' found in the 'esets_logs' folder, however the log file seems to be a binary file. Is there a tool I need to have installed in order to open the .dat file and check the firewall activity? Thank you in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 4, 2021 Administrators Share Posted March 4, 2021 The dat files are intended for analysis by ESET staff. The only way how to view the dat files is by replacing the original dat files, e.g. in a virtual machine. Link to comment Share on other sites More sharing options...
Ufoto 14 Posted March 4, 2021 Author Share Posted March 4, 2021 (edited) 38 minutes ago, Marcos said: The dat files are intended for analysis by ESET staff. The only way how to view the dat files is by replacing the original dat files, e.g. in a virtual machine. Thank you for the prompt reply. I understand. In your opinion, what would be the best way to troubleshoot firewall related issues on my own then? Is there a way for me to look at the firewall activity for a specific system using the ESMC? We are just starting the deployment and I believe that this issue with MS Teams is just the beginning so I am looking for a way to quickly identify what exactly was blocked on an endpoint in order to start building firewall rules. Edited March 4, 2021 by Kostadin_k Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 4, 2021 Administrators Share Posted March 4, 2021 To troubleshoot firewall related issues when pausing the firewall helps, use the firewall troubleshooting wizard (available only on Windows). On Mac you can try switching to interactive mode and creating rules when asked about network communication. Link to comment Share on other sites More sharing options...
Ufoto 14 Posted March 4, 2021 Author Share Posted March 4, 2021 16 minutes ago, Marcos said: To troubleshoot firewall related issues when pausing the firewall helps, use the firewall troubleshooting wizard (available only on Windows). On Mac you can try switching to interactive mode and creating rules when asked about network communication. Thank you, just one last question - Are Macs supposed to report blocked connections in the 'detection and quarantine' section like Windows devices do? Yes, interactive mode is an option, but I can't really rely on users to understand what they are allowing. I guess they will just allow everything. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted March 4, 2021 Administrators Solution Share Posted March 4, 2021 Blocked connections are not reported on Windows either unless you enable logging of blocked communication in the advanced firewall setup. Even then blocked connections are reported in the Network protection log, not in the Detections log or quarantine. On Mac it's possible to enable logging of blocked connections which are then log in the firewall log. Link to comment Share on other sites More sharing options...
Recommended Posts