Jump to content

Eset Public Profile And Firewall Default Rules Security issue


Go to solution Solved by itman,

Recommended Posts

Last week my router was hacked. It initially manifested as a NetBIOS issue and went downhill from there.

After resetting the router, I decided to "take the network bull by the horns" and lock down all my local device network settings. I disabled NetBIOS on my device's network adapter. I disabled LLMNR via Windows registry setting. Finally, I disabled all Eset firewall services other than RPC. Again, my PC is the only computer on my local network and I don't need to connect to any other network devices other than the router.

After disabling Eset's multicast and WSD services, I now observe the following device inbound network traffic being blocked at system startup time per below screen shot:

Eset_LLMNR.thumb.png.36416629ebd5fbc529641ce96d4b58b1.png

Now I know what the inbound DVR connection is about. The inbound wireless connections are suspect since I am using an Ethernet connection on my device. However, this type of blocked local network traffic is what I expected to see.

The issue is why weren't these connections blocked previously on the Public profile prior to disabling Eset above noted services? None of the connections shown in the screen shot are "Trusted" network connections. As such, they should have been blocked with the associated services enabled and their corresponding Eset firewall rule settings.

Edited by itman
Link to comment
Share on other sites

  • Solution

I found out what the problem is here and it is not an Eset security issue.

In my haste to prevent the effects of another router hack, I had removed my device's assigned DHCPv4 IP address from the Eset network connection Trusted Address list associated with my active network adapter.

Eset's Public profile is so strict, it will actually block all internal traffic originating from your own device. For example, outbound traffic from your own device to other devices on your local network ends up being interpreted by the Eset firewall as inbound traffic from your device to whatever local network device attempting  to be connected to. The end result is all this type traffic is blocked.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...