djmcfar 0 Posted June 1, 2023 Share Posted June 1, 2023 Looking for an explanation of why I needed to run ESSP in interactive mode to enable access to a TCP port that already had a manually entered firewall rule, I decided to try another one just for testing, and got the same result. The test rule for the server is shown in the below photos (port 4321), along with a Wireshark capture showing the failed connection attempt from the client. I don't see why this rule isn't working. If anyone can shed light on it it would much appreciated. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted June 1, 2023 Administrators Share Posted June 1, 2023 When the inbound communication is blocked, carry on as follows: Enable advanced logging under Help and support -> Technical support Reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here. Add information about the IP address of the machine that attempted to connect to the server, just in case. Link to comment Share on other sites More sharing options...
djmcfar 0 Posted June 1, 2023 Author Share Posted June 1, 2023 I ran the Log Collector using the recommended settings for technical support (see photo below). One of the 2 warnings in the Log Collector log was that 'C:\ProgramData\ESET\ESET Security\EpfwUser.dat' was not found (I noticed that there was no attempt to pack it either, and in fact the file does not exist - see photos below). The archived log is attached to this message. Interesting that the missing file is 'EpfwUser.dat' considering the the user created rules don't work. essp_logs.zip Link to comment Share on other sites More sharing options...
djmcfar 0 Posted June 1, 2023 Author Share Posted June 1, 2023 Forgot to mention that the testing environment was the same as shown in the Wireshark snippet from my first post. Link to comment Share on other sites More sharing options...
Solution itman 1,746 Posted June 1, 2023 Solution Share Posted June 1, 2023 It appears you created two firewall rules and specified that inbound/outbound network traffic from/to trusted local subnet IP addresses be allowed. I really don't know what the effect of specify trusted zone for the local connection would be since by default, only inbound traffic is going to be allowed to your specific device. Trusted zone should only be specified for remote connection field. Additionally, refer to the below screen shot. By default when Eset network processing sets up a network connection, it defers to the Windows firewall profile which in Win 10/11 is Public; i.e. Untrusted, by default. If you are going to condition Eset firewall rules by the use of trusted zone parameter, the Eset network connection must be set to Trusted network. Otherwise, all network traffic will be blocked for any firewall rule when trusted zone parameter is used. You might want to set Eset firewall to display its default firewall rules. This will give you a reference on how Eset uses the trusted zone parameter. Link to comment Share on other sites More sharing options...
djmcfar 0 Posted June 2, 2023 Author Share Posted June 2, 2023 As you suggested, switching to "Trusted network" from "Use Windows setting", allowed the connection. Link to comment Share on other sites More sharing options...
Recommended Posts