Eset blocking vpn

[Guided 0]

Hi, after a long time having problems with my vpn connection, today I found out that Eset was blocking it all the time. I turned the vpn on then I went to troubleshooting wizard & saw 3 entries showed up there:

Nt Kernel & System (Block incoming NetBios request)

SSDP Discovery (svchost.exe) (Block incoming SSDP(UPNP) requests for svchost.exe)

DNS client (svchost.exe) (Block incoming multicast DNS requests)

Are these blockings set by default? I want to unblock them to allow my vpn, but not losing security. What should I do?

Thanks

[itman 1,659]

Strange .....

Anything you posted that is being blocked by the Eset firewall should not affect your VPN connectivity.

Your VPN should provide instructions on what protocols and ports it uses along with what needs to be excluded from third party firewall monitoring.

Edited July 19, 2021 by itman

[Guided 0]

2 minutes ago, itman said:

Anything you posted that is being blocked by the Eset firewall should not affect your VPN connectivity.

Hi itman, so why they appeared immediatley after turning vpn on?

[itman 1,659]

Just now, Guided said:

Hi itman, so why they appeared immediatley after turning vpn on?

As I posted, check your VPN provider's web site FAQS, help, forum, etc. for network setup and connectivity requirements.

[Marcos 5,070]

Does temporarily pausing the firewall allow you to connect via VPN?

[Guided 0]

 

9 minutes ago, Marcos said:

Does temporarily pausing the firewall allow you to connect via VPN?

Hi Marcos, I dont want to disable the firewall because I blocked 1-2 programs in the firewall, and dont want them to access the internet.

Are these blockings normally set by default in Eset, or they are uncommon?

Edited July 19, 2021 by Guided

[itman 1,659]

One possibility for blockage is the following.

When Eset Network protection senses a VPN connection, it should have either auto setup a VPN network adapter connection, or prompted you that one was detected and do you want to trust this network connection.

If you replied to the Eset alert not to trust the connection, Eset will set up a Public firewall profile for the connection. This will block all VPN connectivity.

Edited July 19, 2021 by itman

[Guided 0]

4 minutes ago, itman said:

One possibility for blockage is the following.

I went to "Known Networks" and there was no entry for the vpn, neither eset asks me about it when I turn the vpn on. What is wrong here do you think?

[itman 1,659]

28 minutes ago, Guided said:

I went to "Known Networks" and there was no entry for the vpn, neither eset asks me about it when I turn the vpn on. What is wrong here do you think?

Good question ........ Eset should have detected the VPN connection.

Open a command prompt window and enter:

ipconfig /all

Does the VPN connection show there?

[Guided 0]

4 minutes ago, itman said:

Does the VPN connection show there?

Yes, it's there.

[itman 1,659]

What VPN are you using? -EDIT- Company name.

Edited July 19, 2021 by itman

[Guided 0]

2 minutes ago, itman said:

What VPN are you using?

HotspotShield

[itman 1,659]

5 minutes ago, Guided said:

HotspotShield

I went through all the troubleshooting listed here: https://support.hotspotshield.com/hc/en-us/articles/115005293466-Why-can-t-I-connect-to-Hotspot-Shield-VPN-on-Windows- .

It does install a TAP network adapter and Eset should be picking up that network adapter . You might want to perform Step 9). in the above linked article and see if Eset alerts on a new network connection afterwards and the alert is for the HotspotShield adapter.

If the above doesn't resolve the VPN issue, you might want to open an Eset support ticket with whatever source you purchased Eset from. Of note is Eset is not sold or officially supported in Iran. It may very well be that HotspotShield VPN is incompatiable with Eset.

[itman 1,659]

I also found this posting that covers another instance where Eset did not detect VPN connection:

Quote

Since the VPN subnet is not automatically added to ESET's "Known networks", what is the best approach to  allowing VPN connections as if they were just another PC on the same subnet as the PC on which ESET is installed? Is that a bad idea? What are the differences between adding 10.1.1.0/24 to the Trusted zone versus manually adding 10.1.1.0/24 to the Known networks?

EDIT:

I did what another user suggested (https://forum.eset.com/topic/8274-endpoint-security-homework-network-not-being-treated-as-trusted-zone/?tab=comments#comment-43989) and added the VPN subnet to the already existing Known network and it seems to work just fine.

https://forum.eset.com/topic/13005-how-to-allow-vpn-access/?do=findComment&comment=64905

Note the above is not without security risk since the VPN connection is being treated as a local subnet trusted connection.

Edited July 19, 2021 by itman

[Guided 0]

15 hours ago, itman said:

I went through all the troubleshooting listed here

Thanks alot itman, I went through step 9 & also afew steps more, but it seems a long story, since when executing "netsh int ip reset logfile.txt" got "failed to reset" message & have to go through that too. Meanwhile I want you to know that this problem goes & comes, maybe for 1-2 weeks I have this vpn problem & it solves itself & again. Regarding Upnp, I noticed that "Enable UPnP protocol" is unchecked in my router settings, & I remember that ISP suggested to disable it to increase security(?).

Thanks again

15 hours ago, itman said:

Note the above is not without security risk since the VPN connection is being treated as a local subnet trusted connection.

Since you say its risky, & also abit confusing for me, I decided not to go for it.

[SlashRose 25]

I also post a post about it, but this was misunderstood by Marcos and he was only of the opinion that it was due to OpenVPN, which is complete nonsense. Yes Eset has a VPN problem with enabling the NetBios request, and this is an Eset problem! And the VPN connection has never been recognized by Eset as it should be as a new network.

I only have this problem as well as other problems since the new build 14.2.19.0, z.b. that the download of the virus signatures now and then abort the download, but not abort in the actual sense, the virus signature remains in the middle of the download and it can neither be aborted nor anything else, it then only helps to restart the PC

[Guided 0]

I would like to add here that after uninstalling Eset, I still have this vpn problem. So Eset "may not" be the cause of this problem.

Thanks

[SlashRose 25]

Then you had a different problem like me, because with me Hing Eset gets stuck every time I wanted to release the NetBios for the VPN and that needs a VPN now and that was a clear Eset error, because I don't have in build 14.2.23.0.

But even this build does not recognize VPN as a new network!

[itman 1,659]

26 minutes ago, SlashRose said:

But even this build does not recognize VPN as a new network!

That's strange. When I activated Defender Application Guard on Win 10 Pro, Eset auto created a vEthernet VPN connection.

[SlashRose 25]

Eset has never recognized a VPN connection with me, no matter what VPN software.

Because Defender , I've never used it.

Edited August 7, 2021 by SlashRose

[Guided 0]

1 hour ago, SlashRose said:

Eset has never recognized a VPN connection with me, no matter what VPN software.

 

Have you tried complete uninstall/reinstall Eset (with uninstall tool)? Sometimes that helps.

I am using another vpn & that works most of the time, so I thought maybe Eset is not the problem. The only thing that was suspicious to me, was the three blockings (first post) immediately after hotspotshield run.

Also check that you have tap-windows adapter v9 in your device manager, since many VPNs use it to connect.

[itman 1,659]

2 hours ago, SlashRose said:

Because Defender , I've never used it.

Application Guard is only available on Win 10 Pro+ and server versions. It has nothing to do with Windows Defender and can be used with any third party AV.

[NewbyUser 72]

26 minutes ago, itman said:

Application Guard is only available on Win 10 Pro+ and server versions. It has nothing to do with Windows Defender and can be used with any third party AV.

I think they changed that in 21H1, its under MS Defender now.

[NewbyUser 72]

Even App Guard for Office is under Defender for Endpoint now. 

Application Guard for Office 365 for admins - Office 365 | Microsoft Docs

[itman 1,659]

17 hours ago, NewbyUser said:

I think they changed that in 21H1, its under MS Defender now.

It depends on how you define MS Defender.

There are settings in Defender Security Center that are not dependent upon Windows Defender use; SmartScreen, Exploit protection, and Device protection settings such as Hypervisor core and memory protection are other examples.

As I posted in a thread on Application Guard I opened a while back, it appears that the only AV that will work in an Application Guard virtual Edge or MS Office app instance is Windows Defender or the endpoint version, Windows Defender ATP. However, these virtualized apps run just fine using any third party AV; you're just not being protected by them in an Application Guard session.

Edited August 8, 2021 by itman