Interactive Firewall useless since 16.2

[Marcos 5,074]

6 hours ago, Manly Electronics said:

What are insider's benefits and how to join?

Insider program members receive a free license for ESET Smart Security Premium and get access to insider versions which are typically made available for testing weeks before the final release. In turn, we expect Insiders to use the program rather with non-default settings and report us issues and give feedback.

If you'd like to join, please drop a message to @Peter Randziak.

[LCF 5]

The issue of interactive mode not working as intended is still there in 16.2.13.0 (Win 10 Pro). After the initial update to 16.2.x rules were all forgotten and firewall profiles are basically useless. All new rules have been automatically assigned to all profiles, wiping out months of carefully selected behavior of programs, based on firewall profile. To say I am furious at this update will be a great understatement. Please return the functionalities to 16.1.x level and make sure someone in the beta channel uses interactive firewall mode. This debacle should not have ever happened.

[Tony XP 2]

18 hours ago, LCF said:

 

I'm sorry Marcos but the update does not improve the situation. The firewall has become unusable for our customers who are set to automatic. All streams are blocked. Our customers' applications, our Splashtop remote control system too, teamviewers, etc. Your update is catastrophic. Without a solution within 48 hours, for our part, we will install another antivirus solution.

[Marcos 5,074]

21 minutes ago, Tony XP said:

I'm sorry Marcos but the update does not improve the situation. The firewall has become unusable for our customers who are set to automatic. All streams are blocked. Our customers' applications, our Splashtop remote control system too, teamviewers, etc. Your update is catastrophic. Without a solution within 48 hours, for our part, we will install another antivirus solution.

Please carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reboot the machine
3. Reproduce the issue
4. Stop logging
5. Collect logs with ESET Log Collector and upload the generated archive here.
6. Provide details about the communication that was blocked (application, blocked IP address, whatever else that might be important)

[itman 1,659]

19 hours ago, LCF said:

All new rules have been automatically assigned to all profiles, wiping out months of carefully selected behavior of programs, based on firewall profile.

The first thing to check is if your prior manually created profiles still exist in ver. 16.2 Network connection profiles section;

 

[itman 1,659]

I will also add that in ver. 16.2, it is no longer possible to modify any Eset generated network connection applicable settings using either the Private or Public profile as was previously possible.

[itman 1,659]

Another important point to note in ver. 16.2 in regards to firewall profiles is you're not just adding a new profile per se; but in reality, a new network connection;

This is a radical departure from ver. 16.1 firewall profile processing in that a profile was tied to an existing Eset network connection;

Quote

A network adapter can be set to use a profile configured for a specific network when it is connected to that network. You can also assign a specific profile to use when on a given network in Advanced setup (F5) > Network protection > Known Networks > Edit. Select a network from the list of Known networks and click Edit to assign a firewall profile to the specific network from the Firewall profile drop-down menu.

https://help.eset.com/eis/16.1/en-US/idh_config_epfw_profiles_group.html

Edited August 9, 2023 by itman

[itman 1,659]

Another notable ver. 16.2 firewall change you should be aware of. If you are using Eset default firewall settings, you can ignore the rest of this posting.

Prior to ver 16.2, individual Win services could be disabled in the firewall as noted below. This option no longer exists in the ver. 16.2.

Assuming one was using the Eset Private (trusted) profile, one could disable known vulnerable and abused services such as file and printer sharing, UPnP, and remote desktop, etc.. This resulted in the applicable default firewall rules for these disabled services being auto changed to rules employed when the Public profile is in effect.

As it currently stands in ver. 16.2, your only alternative is to disable Eset applicable default firewall rules for the service and create new ones to block inbound network traffic.

[Marcos 5,074]

1 hour ago, itman said:

Another notable ver. 16.2 firewall change you should be aware of. If you are using Eset default firewall settings, you can ignore the rest of this posting.

Those settings controlled some of the firewall rules which could not be disabled by the user in previous versions. Now that the "allowed services" settings have been removed, it's possible to disable default particular rules.

[MarkF 5]

Why in interactive firewall popup we can't select IPs and ports anymore when making a rule that have values based on connection attempt that triggered popup?

All that is available is "Apply to child processes" and "edit rule before saving" which opens another window in which there are no values for local and remote IPs and ports.

This is so disastrous both as bad UI/UX with additional clicks needed and as functionality that has been removed as if ESET is trying to actively prevent users from using Interactive firewall by making it unusable.

Unbelievable they would push this drastic change.

[Marcos 5,074]

22 minutes ago, MarkF said:

Why in interactive firewall popup we can't select IPs and ports anymore when making a rule that have values based on connection attempt that triggered popup?

This has been already asked above or elsewhere, the option to select remote host and port will be available in v17.

[Tony XP 2]

On 8/9/2023 at 2:44 PM, Marcos said:

Please carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reboot the machine
3. Reproduce the issue
4. Stop logging
5. Collect logs with ESET Log Collector and upload the generated archive here.
6. Provide details about the communication that was blocked (application, blocked IP address, whatever else that might be important)

@Marcos I will try to do it but the problem is that when I activate the firewall, I can no longer take control computer of my customers. The joke, even ESET is blocked!

[EISUser 1]

Can we have ESET provide an official downgrade version link of EIS version 16.1.14?

Very frustrated over the whole firewall debacle, with v17 being solution doesn't help current affected users.

[Manly Electronics 7]

Did you mean 'predefined' rules? As they been disabled too.

 

[Marcos 5,074]

9 minutes ago, Manly Electronics said:

Did you mean 'predefined' rules? As they been disabled too.

Default (pre-defined) rules are still there:

[Manly Electronics 7]

23 minutes ago, Marcos said:

Default (pre-defined) rules are still there:

Good to know. But how to tell which one predefined which one not ? A column 'pre-defined' has not appeared.

And while I am here. What those programms icons on some rules, and some not ? Both rules are for programms.

[itman 1,659]

18 minutes ago, Manly Electronics said:

Good to know. But how to tell which one predefined which one not ?

Eset pre-defined default rules have a circle with a lowercase "e" within that precede the rule name as shown in the below screen shot;

Also referencing your posted screen shot, I don't see a circle with a lowercase "e" within that precede the rule name on the default predefined rules. It might be a bug with dark mode.

Edited August 10, 2023 by itman

[itman 1,659]

16 minutes ago, Manly Electronics said:

And while I am here. What those programms icons on some rules,

Looks like a "glitch" when the predefined rule was created. I only see them on a few rules.

[Manly Electronics 7]

25 minutes ago, itman said:

Looks like a "glitch" when the predefined rule was created. I only see them on a few rules.

I can see predefined icons in the dark mode. So program icons are something else.

[Marcos 5,074]

8 hours ago, itman said:

Looks like a "glitch" when the predefined rule was created. I only see them on a few rules.

Please provide a screenshot of the predefined rules where some have an icon and some don't.

[itman 1,659]

5 hours ago, Marcos said:

Please provide a screenshot of the predefined rules where some have an icon and some don't.

[MarkF 5]

On 8/10/2023 at 2:47 PM, Marcos said:

This has been already asked above or elsewhere, the option to select remote host and port will be available in v17.

But why would you release such unfinished state of application and essentially make beta testers out of users while removing expected functionality until some time in the future you say?! Makes zero sense to treat users like that.

[Shamaz Zeb 1]

On 8/12/2023 at 12:05 PM, MarkF said:

But why would you release such unfinished state of application and essentially make beta testers out of users while removing expected functionality until some time in the future you say?! Makes zero sense to treat users like that.

This is mind boggling for a security product.  Taking away features, changing how some features work. 

With these kind of changes I would expect a new version of the product being developed in parallel, in an open beta, all while communicating the changes in a blog of some sort. But dropping these kind of changes randomly is a strange decision. 

[itman 1,659]

5 hours ago, Shamaz Zeb said:

With these kind of changes I would expect a new version of the product being developed in parallel, in an open beta, all while communicating the changes in a blog of some sort.

Actually, Eset does have an open beta method in the form of the pre-release update option which  has to be enabled manually in the Eset GUI. The problem is most will not enable this option due to the potential operational issues that may present.

[Marcos 5,074]

Just to avoid confusion, the pre-release update channel does not contain beta modules that we would be still working on but it's modules that have passed pre-release internal tests are ready for release. That said, those are regular modules that users on the pre-release update channel receive in the first round followed by the general public after a couple of days and are released typically in batches.

For beta testing we have the Insider program in which we make new versions available months before the final release. We would like to encourage and invite advanced users who use our products with non-default settings to join the Insider program.