Jump to content

After a few hours, the firewall starts blocking applications with rules that use environment variables


Recommended Posts

Hello.

After the release of the new firewall module 1438.2 dated 07/13/2023, problems began to be observed with blocking applications for which allow rules were created using environment variables (for example, %userprofile%). Programs begin to block a few hours after they have been launched. It helps to restart the blocked program.

Is this a known issue and how soon will it be fixed?

Link to comment
Share on other sites

Its certainly known to users, but ESET so far is yet to ackowledge anything except for "well, just create firewall rules for everything" -_-

Even though it has worked normally for years.

Edited by PatrickB
Link to comment
Share on other sites

I have collected, I hope, all the necessary information that can help deal with the problem.

At the moment, I do not have the opportunity to create a case through my personal account, but I hope that ESET is interested in solving the problem.

I recorded a video that demonstrates how ESET Endpoint Security 10.1.2046.0 blocks Opera's network communication with the ESET PROTECT web interface, ignoring an allow rule that specifies the process path using an environment variable.

I sent the password and a link to the archive with diagnostic information to Marcus in private messages.

Link to comment
Share on other sites

  • Administrators

Thanks for the logs, we have successfully reproduced the issue. It will be fixed in the Firewall module 1440 soon. We have also fixed default rules that now match those from v10.0 and older, this fix will be distributed via an automatic module Configuration engine update soon.

Link to comment
Share on other sites

A month has passed since the release date of the firewall module 1438.2.

When will the new version of the firewall module get into regular updates?

Link to comment
Share on other sites

  • Administrators

The firewall module 1439 has been fully released just yesterday, we are now working on v1439.1 which is expected to include also a fix for the variables in the app path. It should be available on the pre-release update channel around Oct 21.

Link to comment
Share on other sites

  • 2 weeks later...

Almost two weeks have passed, and the firewall module version 1438.2 has been distributed in regular updates and is still being distributed. At the same time, it's funny that if you install ESET Endpoint Security 10.1.2050.0, then the firewall module will have version 1439, and if you upgrade to ESET Endpoint Security 10.1.2050.0, it will be 1438.2.

What is the reason for such a delay?

Link to comment
Share on other sites

  • Administrators

The firewall module 1439.1 with a fix was put on the pre-release update channel on August 21. I assume that we'll start to distribute it gradually to users on the regular update channel next week.

Link to comment
Share on other sites

  • 4 weeks later...

Do I understand correctly that the problem has not yet been resolved, and it will be resolved in version 1440 of the firewall module, which will be released on October 21?

Link to comment
Share on other sites

I inform you that the problem indicated in the topic is not resolved in the firewall module 1439.1.

After the new version of the firewall module was installed, in my case it was 09/06/2023, a problem arose with Opera at least four times. Sometimes restarting the browser does not help, and you have to restart it again.

Edited by labynko
Link to comment
Share on other sites

  • Administrators

Then it must be a different issue. What we have fixed was that a restart of the application was needed for the firewall rule to work. Please raise a support ticket.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...