Jump to content

Firewall interactive mode dialogs stop appearing


Recommended Posts

Hi,

I am experiencing an issue with ESET firewall running on Windows 11. I've recently installed Windows 11 and have the latest ESET version.

When I start the computer all works correctly and the firewall dialogs appear as normal. But during a little time they stop working.

When I try and open an application, it hangs waiting for me to approve but there is no dialog.

When try to restart my PC, if I cancel the restart process - I see all the previous dialogs appearing.

Any help with this issue as it is currently crippling me.

Thanks

 

Link to comment
Share on other sites

  • Administrators

Please open a support ticket for assistance with further troubleshooting of the issue.

Also try the following:
1, Export the current configuration
2, Reset settings to defaults or uninstall ESET and install it from scratch.

Does the issue persist then?

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Administrators
3 minutes ago, usan said:

same issue, win10 22h2 & eis 16.0.24.0

any updates?

We have not been reported such issues so it doesn't seem to be a general issue affecting a lot of users. Please open a support ticket. Are you able to reproduce the issue after uninstalling ESET and installing it from scratch? Before trying it, export your current configuration but do not import it while doing the test.

Link to comment
Share on other sites

2 hours ago, Marcos said:

Are you able to reproduce the issue after uninstalling ESET and installing it from scratch? Before trying it, export your current configuration but do not import it while doing the test.

Yep, broke it again, on another pc where EIS was never installed.

I'm connecting via RDP using mRemoteNG, firewall dialogs worked (via RDP also) maybe for 2-3 hours after install, then disappeared.

Changed setting: LiveGrid off, SSL/TLS filtering off, auto Gamer mode in fullscreen off.

Link to comment
Share on other sites

  • 2 weeks later...

The interactive firewall mode on ESET is broken as far as I can remember for 10 years. I had so many issues over the years that I decided to drop ESET Security after 10 years because of this.

Sometimes it worked, perfectly for a year or months. But then with some update it breaks and its impossible to use it. No other software on my computer was responsible for so many reboots than ESET because of this. And I know the issue was well but it seems they refuse to fix it.

A few months ago with the latest ESET it broke again. As a developer I cannot just let some process free Internet access like NodeJS, PHP, others, this means I need the firewall popup to show when only when I execute a connection from the command line. Otherwise, some malicious script could use those process to freely bypass the firewall.

Long story short, it broke again. I was not able to fix it what ever I did. Usually a reboot would fix it but this time I seem to have changed to the dark more and it that means the popup was hiding on the screen. But for my luck I upgraded to Windows 11 and magically the firewall popup worked again. Partially...

I mean partially because the popup is so dangerous to move and click that I basically execute a software and keep the mouse without moving until it appears, then I hit the Approve or Deny and then I can keep using my computer. I have trained myself over the years to absolutely not move anything or even change programs while doing this for the reasons I will explain below.

When something else shows up on your screen at the same time the firewall popup wants to show, you are out of luck because the firewall popup steals your windows focus and this messes something up and you will hear the ESET sound but nothing on your Windows GUI, no popup. This means your only option is to reboot the system to make it work again. Having to launch all your programs, all your windows app, everything. Because there is no way to make the popup appear again.

And I even know why. ESET puts the process on hold until you click the popup. You can actually see the process if you open ESET with the tools. Just try this with any process that runs in the command line for a short time and usually has a timeout.

In your regular Windows Task manager that process is actually gone, but you can see it as running in the ESET. The problem is you cannot kill it from ESET and since you can't kill it from Windows either, your only option is to completely reboot your system. Turning off ESET completely does not work either, the firewall or ESET will not release the process regardless of what you do and since it has no expiration time either your only option. Reboot the system to make it work again.

This is how I have used the firewall for the past 10 years. Rebooting, making sure that if I start anything that will show the firewall I don't move my cursor and nothing will try to show at the same time, no other program, no other popup. This is particular messy with Java Based applications that ESET popup hates.

Now that is the good part. The bad part? The hideous one? If you moved the ESET popup to another monitor, (not your main one) or moved it in mistake. Now you are completely screwed. No even reinstalling ESET will fix that. I had that problem only about 5 times over the years, I think some ESET update fixed that and not sure if unplugged all monitors with another one but if you have only 1 screen and this happens to you, the dialog is now out of your screen and this is bad, terrible. A reboot will not fix that, the popup will now remember that position and show out of your screen every single time. And since its off-screen and it does not show as any other regular windows you cannot restore it back to view. You will hear the sound that it popups in the background on Windows but no way to interact with it on the screen. And if that happens to you, you either do a complete ESET wipe, all settings, everything or reinstall Windows completely or be luck enough an update comes on ESET and it fixes.

To resume there are 2 problems. One, when ESET does not release the process because the popup was not clicked (because it does not show sometimes) and the bigger one when it goes out of your screen. You can search the forums and people had this multiple times over multiple years. The first one would actually be easy to solve. Let users kill a process from the Tools section of ESET security, at least you would not need to reboot Windows and the popup would show again if you relaunch that app/process.

The other problem, they probably need to add some button on the interface to automatically center or reposition the popup to the default setting. And now ESET is not paying me for this, but this is precisely what they need to do to fix it at least as a temporary solution because they refuse to accept this is a problem. It is a problem. It happens on from Windows 7, 8, 10, and 11. Every single Windows, on multiple computer brands, laptops, all of them had this issue. Sometimes the popup will not show at all. And it will refuse to show again because ESET thinks there is one already, and you did not interact, and it holds the process which means you need to reboot. And if it goes off-screen, then good luck...

And I gave up on ESET solving this. If they did not in 10 years, I suspect they don't know how or are just not interested. And the only reason I have renewed my ESET licenses over the years was because of the interactive firewall. All other things in ESET I never cared about because Windows already has enough anti malware and antivirus security by default. The only part of Windows that still sucks was the firewall and ESET had more options on top of it. Sadly, the firewall on interactive mode is just broken.

Link to comment
Share on other sites

 

On 12/20/2022 at 8:11 AM, Marcos said:

We have not been reported such issues so it doesn't seem to be a general issue affecting a lot of users. Please open a support ticket. Are you able to reproduce the issue after uninstalling ESET and installing it from scratch? Before trying it, export your current configuration but do not import it while doing the test.

There are even Reddit links from years ago of people about this. A simple search I can link at least 300 people, over multiple versions and multiple ESET versions that asked about this. I guess not a widespread issue...

You just need to search ESET interactive mode not working, or ESET interactive prompts problems, or ESET firewall no popup, you can be creative because people don't know how to really describe the issue. And even here in the forums I see you have replied to people in the past about the same issue, even years back. One example:

 

You have replied to multiple people over the years with similar issues.

Edited by VW00
Link to comment
Share on other sites

  • Administrators

Couldn't it be that you installed ESET years ago and you have some firewall rules created by older versions v3-v13? Or did you install ESET v14-v16 from scratch without importing firewall rules?

Would it be possible to tell if both egui.exe and eguiproxy.exe are running when the interactive dialog is not shown? If only eguiproxy.exe is running, please create a dump of the process via the Task manager when the issue occurs and provide the dump along with logs collected with ESET Log Collector for perusal.

By the way, you can reset windows layout via the tray icon to bring windows from the secondary monitor to the primary one:

image.png

Link to comment
Share on other sites

37 minutes ago, Marcos said:

Couldn't it be that you installed ESET years ago and you have some firewall rules created by older versions v3-v13? Or did you install ESET v14-v16 from scratch without importing firewall rules?

Would it be possible to tell if both egui.exe and eguiproxy.exe are running when the interactive dialog is not shown? If only eguiproxy.exe is running, please create a dump of the process via the Task manager when the issue occurs and provide the dump along with logs collected with ESET Log Collector for perusal.

By the way, you can reset windows layout via the tray icon to bring windows from the secondary monitor to the primary one:

image.png

I changed laptops over the years, which means I reinstalled ESET fresh and created new rules as they prompted on new devices. And while now I probably do have older rules, I try to delete them, but I don't think rules are the issue or the numbers of them.

Does the reset windows layout also reset the ESET firewall prompt? If yes, I guess that could solve one of the described issues.

Now the prompt not showing, like I said, it's not hard to emulate. For example a php.exe process that needs to access something remotely will usually cause the issue, just a simple CURL code could be triggered multiples to cause it. Or NodeJS or most things that connect to the internet from the command line or its own process. This happens when you have other security prompts at the same time from other software, or I noticed the issue is more triggered if you are running some specific software made in Java or Kotlin that also prompts something to the user, or if ESET wants to display multiple prompts from different processes, there seems to be some stacking issue, if only 1 needs to show, the issue is fine, but if multiple things try to prompt as the same time, and ESET has to show one by one, the last one will never show.

I think in the past you could kill a process from ESET tools. Now if this was removed for security reasons, it should be added back for the firewall, maybe lock that option under the ESET admin password, but I just had this issue 4 times today alone.

Each time, I see for example php.exe as running in ESET, but it's not actually running in the Windows Task manager. Killing that process and restarting it would force ESET to show a firewall prompt again, but you can't unless you reboot Windows.

While this would not fix the issue of the prompt now showing on the GUI, at least it's an option which would be welcome vs having to restart the whole operating system.

There is something in ESET that makes the prompt not show at sometimes or it's hidden, and since the process in ESET is frozen forever in time. And if this helps the new dark mode seems to be even more conflicting. I love the new dark mode, but I had to turn it off because the firewall prompt tends to work even worse in that mode. I'm not asking ESET to fix the GUI prompt issue which does not display or is invisible that people complain since I know what is causing it or when, but at least give some tools from the ESET interface to see which connections are pending or a log to be able to manually accept, deny or maybe kill the process entirely. The problem is that when this happens, there is nothing you can do. No way to force a new firewall prompt and no way to kill the background process in ESET.

Someone at ESET should seriously investigate or try to improve the way this works, since you can find a lot of complaints about this online and people cannot really replicate it every single time which makes it hard to debug, but the issue is real over multiple Windows versions and ESET versions over the years. I also have ESET in another systems, and the same is true, so it's not unique to a specific installation or computer.

Speaking of old rules, they accumulate a lot which might be an issue for the reason that ESET does not like Windows apps installed using the MSIX packager, like those installed from the Windows Store, or Office 365. The reason is that it considers each update as a new process since the installation path and .exe changes every time.

ESET firewall should instead try to use the Windows Execution Alias for those .exe which Microsoft has. With the execution alias, the exe can be recognized and run from the command line with the name regardless of where the application is installed. It's very annoying with new apps, even Microsoft Office to have to save the new rules almost every week when there is a new update. This means you end up with more and more old rules that you need to delete. Any app from the Windows Store can't be saved as a rule because it keeps changing.

Link to comment
Share on other sites

I also use the Eset firewall in interactive mode and I also sometimes have to restart my computer because the firewall prompt does not appear. Most often this happens when working through a VPN with limited Internet connectivity or when there are several alerts from different programs at the same time. The problem has been present for several versions of Eset. I am currently using Eset Internet Security 16.0.24.0 and the problem persists. It's not often. But it happens. I formatted my computer in September. Clean install, new Eset install. I didn't improte anything. All rules re-created.

It would be great if after entering Eset you can check "pending" alerts from the Eset firewall along with the option to approve / decline.

Another problem with the Eset interactive firewall is that sometimes the Eset prompt appears, but there is no UAC alert to approve (or it appears with a long delay), so the application in question cannot access the internet because the rule cannot be approved ( I'm using a standard Windows account.

The problem occurs on all my devices. Fortunately, this is not a common problem and in everyday use it happens very rarely, because most of the programs I use have hardcoded rules. Most often the problem occurs after a clean installation of Windows. Then I create a lot of rules (including the default about 200) and I usually have to restart the computer several times to save all the rules. Because either the Eset alert does not appear. Or no UAC alert and no ability to save the rule.

Sorry for my english, i use google translate

Link to comment
Share on other sites

1 hour ago, Tp6ojNfYgWweHa said:

I also use the Eset firewall in interactive mode and I also sometimes have to restart my computer because the firewall prompt does not appear. Most often this happens when working through a VPN with limited Internet connectivity or when there are several alerts from different programs at the same time. The problem has been present for several versions of Eset. I am currently using Eset Internet Security 16.0.24.0 and the problem persists. It's not often. But it happens. I formatted my computer in September. Clean install, new Eset install. I didn't improte anything. All rules re-created.

It would be great if after entering Eset you can check "pending" alerts from the Eset firewall along with the option to approve / decline.

Another problem with the Eset interactive firewall is that sometimes the Eset prompt appears, but there is no UAC alert to approve (or it appears with a long delay), so the application in question cannot access the internet because the rule cannot be approved ( I'm using a standard Windows account.

The problem occurs on all my devices. Fortunately, this is not a common problem and in everyday use it happens very rarely, because most of the programs I use have hardcoded rules. Most often the problem occurs after a clean installation of Windows. Then I create a lot of rules (including the default about 200) and I usually have to restart the computer several times to save all the rules. Because either the Eset alert does not appear. Or no UAC alert and no ability to save the rule.

Sorry for my english, i use google translate

If it helps, I also use a VPN, always on, but I don't think that is related since I remember having this even without a VPN connection. The prompt does take some time to appear in some cases, 1, 3+ seconds depending on how intensive your CPU is processing things at that time. For applications that have such a low wait time, there is option else but temporarily disable the firewall because you cannot approve the prompt quickly enough. I rarely have that issue, but you can't approve quickly enough in those situations before the app will just fail. That is actually bad coding in those applications because they should have a timeout of a few seconds for most internet connections, usually at least 5 seconds before timing out. It's not really an ESET issue per se.

If you ask me, there is some problem triggering the prompts in ESET and how it then tries to render the GUI prompt on the screen because when this happens I hear the windows sound as it will show up, but it never does. It means ESET tries to do something, but it never comes up in the screen. Once that happens once, there is no way to make it appear again and no option but to reboot. That is the most annoying part. There is no way to have a button or setting on ESET just to disable or reset everything, it clearly does this when rebooting Windows which means there should be an option or way to reset it from the interface for anyone that hits the issue.

About rules, I don't think it should be an issue, I could be wrong of course. Reading a few text rules in a modern computer should not be an issue in 2022, even if you have thousands of them, it's just basically scanning the path for apps in a text format unless it's using some kind of proprietary very slow database format for storing them internally.

I suspect nobody at ESET in the developer team is using the firewall with interactive mode (assuming they do use their products 😁), otherwise at least the developers would have hit the issue more than once and would be interesting because of curiosity to research why it's happening in the code. And that is seriously awkward for a security company. Anyone that cares about security should not have just random programs connecting online whenever they want. One of the best security approaches is actually detecting an unknown Internet connection. 100% of malware or virus today will not work or do nothing if they cannot call their remote servers which means being on interactive mode is by far one of the best and top features of ESET.

Yes, it's annoying, but only at the beginning. Once everything is configured, even allowing some programs to connect only to a specific address, it's more or less never bothering you again except for anything new or things you want manually approval. Like in my case, I don't want some code being able to use Python, or PHP or Node just to open a connection and install something. For developing I approve all that stuff manually on every connection or once until it closes.

And if something new prompts up that you did not install, that should be a serious red flag. The only problem I see with the interactive firewall which probably makes fewer people use it today are mainly 2:

1. Windows Store or MSIX apps. They don't have a hard coded path to .exe, this changes on each new update, which means saving the rules is only useful until the next update. Examples include Microsoft Office 365 , or just any Windows Store app. As more apps move to the new format it makes the interactive firewall less relevant (sadly) since your saved rules are mostly temporary until the new update.

2. No DNS resolver for rules. Most apps keep changing the IP address, they use AWS or for big tech companies they have thousands of IP's but hostname is the same. I guess this is a limitation on Windows, and ESET is just basically using the Windows Firewall in the background that just allows to store IP and ranges? Because if there was a way to save a rule by domain this would make the interactive rules amazing. You could then just save the connection rules from example.com, and regardless of the IP address the firewall would resolve the domain. This not rocket science, but it would introduce a delay into the firewall (which I'm happy to accept), basically just doing a reverse DNS for the IP to the domain and then check the rule by host or domain name.

If ESET could actually create those features, 1 and 2 and of course solve the problems mentioned here, this would be a HUGE selling point because other products are very poor when it comes to firewall settings and to be fair, I don't think anyone has a better firewall module in terms of settings and customizations than ESET security at this point.

The interactive firewall is the main selling point for me and worth the subscription price per year. It's the top security and privacy feature (all those pesky apps trying to transfer analytics to Google), even better than any ransomware protection because as I said, even if someone is hit by ransomware or malware, the second the prompt shows up, and you see the strange connection and process not only you are now alerted that you are infected, but you can stop it from running on their tracks, as the malware in 100% modern malicious programs need to remotely download their keys and settings before running. Without Internet, they just don't work.

And besides security, this is also a great privacy feature. Many badly coded apps do not let users opt out of telemetry settings, which means you can allow them to connect online but not to Google or other analytic servers. And more than once thanks to the interactive firewall I saw when a developer cheats or lies, when you turn a setting off, and you still get the prompt in ESET, and they still try to transfer data out of your computer. To resume, the interactive mode is something that should be by default in any modern operating system, but we are never going to see that on Windows or Android or even MacOS because those companies and developers actually want data from users without them being aware.

I don't care about the gimmicks like the banking secure, you can use the Windows Sandbox or Edge Guard for that which is far more secure, neither I care about the password manager, I would not use a proprietary one that only works with one company but rather use my own or open source. And neither I actually care about other products offering a gimmick like a VPN, I only trust my own VPN servers, not some third party service. This is why I always liked ESET, they care about performance and not offering useless things. I don't care about others offering back or encryption either, those things can be done far better out of your security software. The security software should do basically that, focus on security and the firewall is basically 90% of the security in today's world if you want my opinion. Malware comes through the internet and goes out as well. The firewall in ESET has not being touched with new features as far I can remember for years. From version to version every time there is a new release I check the logs and nothing. And this community is invaluable feedback for any company. I have recommended ESET to hundreds of people and I even had companies install their Endpoints for hundreds of devices, I probably have transferred ESET over 1000 customers over the years because when people ask me about what they should pay or install for security I always tell them ESET. Sure, their Linux server options are mostly poorly options (sadly) and not worth the price (expensive) but for Windows I don't think there is anything else that beats them. Now ESET is not exactly cheap per Windows device, but it's worth the money if you care to customize all the settings and then have it all running in a safe mode.

Link to comment
Share on other sites

I'm now able to almost replicate this 100% on my system. Just did.

It was very easy.

Run composer from your command line:

composer update

ESET prompts the PHP.exe process to allow the connection. Click deny for example.

The process is stuck now in the command line since it's waiting and waiting for a connection. (it does fail after sometime eventually)

But go to the command line and kill the process CTRL+C or similar.

Now run the same composer command again since you want to retry a new process.

You hear the ESET sound of the firewall prompt. But no prompt comes up.

You can now check that in the ESET tools there is a process php.exe stuck forever. The process has long died on Windows the second you killed it from the command line but on ESET it's still there.

You now need to reboot the computer to make the prompt work again because you can't. It's now hidden somewhere forever.

This is composer in case someone needs to test it:

Composer (getcomposer.org)

And of course you also need to have PHP installed in your Windows system.

To resume, this command that uses the PHP process absolutely triggers the error almost every time.

Edited by VW00
Link to comment
Share on other sites

And here is the process inside ESET Security using the tools option to view processes:

Screenshot

Note, that php.exe process is long gone from Windows, the PID does not exist anymore, but it's visible in ESET and never dies after the prompt never showed because ESET is probably thinking (I'm waiting for user to click something in the firewall prompt) but since you don't actually have a firewall GUI prompt visible, you can't do anything. The process is stuck with the prompt that never displayed, this bug now stops all future firewall prompts from showing up, and you need to reboot Windows.

Edited by VW00
Link to comment
Share on other sites

  • 1 month later...

Same problem on Win10 - Eset in interactive mode, after some time the popups stop showing.
This problem started happening after some eset update 1-2 months ago max. Until then I used it for years without issue.
Now it lasts a few hours, then it happens again. Logging off solves it (no need to fully restart) for a while.
I tried opening support ticket, they told me to make a log and send it to them. But it only logs for 2hrs and it usually runs fine for longer - 4h, 64h, 1h, 19h, 58h...very random. But it can also be a few minutes.

Link to comment
Share on other sites

  • Marcos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...