Jump to content

EES doesn't evaluate correctly Windows Firewall rules


ludolf

Recommended Posts

Hello

Client: Windows 10 21H2, Eset Endpoint Security 10.0.2045.0

Network Access Protection / Firewall / "Also evaluate rules from Windows Firewall" is enabled

Opened a port locally on the client in Windows Firewall, scope is set to "any" remote ip address. (a service is listening on that port)

In this case the port is open, when checked from a remote address, as expected.

If I specify an ip address on the Scope tab, the port is closed when I try to telnet from that ip.

If I create a local rule on the client, Eset/Network/etc, opening the same port with the same remote ip, it works fine.

Enabled debug logging on the client, and when the connection is blocked this message is appeared:
"No usable rule found"
Source is [remoteip:remoteport], where remoteip is what I added to windows firewall/rule/scope tab/remote ip address.

So it looks like the "evaluate windows firewall rules" only works if there is no remote ip address is set.

Reproduced this issue on two computers.

thanks,
ludolf

Edited by ludolf
typo
Link to comment
Share on other sites

  • 2 weeks later...

We are similar behavior since the update from 10.1.2045.0 to 10.1.2046.0. 

Is there any know issue? Please advise ASAP. 

Stefan

Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

I may confirm that the "Also evaluate rules from Windows firewall" does not work with the new firewall, the dev team is aware of the issue and will fix it.

Peter

note for us: M_EPFW-352

Link to comment
Share on other sites

  • 5 weeks later...
On 7/28/2023 at 2:33 PM, Peter Randziak said:

Hello guys,

I may confirm that the "Also evaluate rules from Windows firewall" does not work with the new firewall, the dev team is aware of the issue and will fix it.

Peter

note for us: M_EPFW-352

Hey, has this problem already been fixed in the new version 10.1.2050.0?

Thanks,
Florian

Link to comment
Share on other sites

  • 2 weeks later...

I am using Firewall module 1439.1through the regular update channel. It appears that even though my Windows Firewall settings are set to 'Private,' rules that seem to be applicable to 'Public' networks are being applied. Is this a specification change from ESET?

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

  1. Enable advanced logging under Help and support -> Technical support
  2. Reproduce the issue
  3. Stop logging
  4. Collect logs with ESET Log Collector and upload the generated archive here.
  5. Provide more information about the rules that you expected not to be applied or vice-versa.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...