labynko 5 Posted July 24, 2023 Posted July 24, 2023 ESET Endpoint Security users, be careful! There is a very dangerous bug in the version of the firewall module 1438.2 dated 07/13/2023. To individually configure the firewall, I use dynamic groups: each computer is present in its own unique dynamic group, and each group has its own unique set of policies, each of which in turn contains a unique rule for a particular application, and all built-in (local) rules are disabled. I decided to edit one of the policies, the settings of which do not affect the operation of the firewall in any way: this policy is responsible for excluding IP addresses and certificates of some sites from checking. Before that, I noticed that a file is downloading slowly from one local resource (the maximum download speed did not exceed 350 KB / s), so I decided to add this address to the exceptions. After applying this policy, firewall rules disappeared on all computers, but all the policies of these rules were displayed in the status log (status.html) of the administration agent applied to this computer. I removed the assignment of the problematic policy, but it still remained applied on all computers, and the problem did not go away. And only after removing this policy in ESET PROTECT, all firewall rules returned!
Administrators Marcos 5,408 Posted July 24, 2023 Administrators Posted July 24, 2023 I'm not sure if you are talking about cross-references in policies that were never supported and never worked. If you have used the policies for years, it could be that they got damaged years ago and the problem started to manifest after a recent update of the firewall module after editing one of the damaged policies. Please raise a support ticket as we'll need to reproduce it on our end. It will also help if you have a backup of the policies / db from time before you made the last edit. Does the problem persist if you re-create the affected policies from scratch? If so, we could rule out the possibility that the policies were damaged long before.
labynko 5 Posted July 24, 2023 Author Posted July 24, 2023 I was able to reproduce the problem! It is enough to create an empty policy and apply it to the same computer through a static direct assignment and through a dynamic group. After that, all firewall rules assigned through dynamic group policies disappear!
Administrators Marcos 5,408 Posted July 24, 2023 Administrators Posted July 24, 2023 Does selecting the option to show merged rules make a difference? Nevertheless, please raise a support ticket. I was unable to reproduce the issue as per the instructions in your post above.
Recommended Posts