Interactive Firewall useless since 16.2

[D1rk 1]

Hello,

first, thanks for the thread starter and the other people sharing their problems with the update(s).
I like to share my experiences.

After the update(s) I had to start at zero policies, which was really confusing. Because I have "training" for setting up the firewall in interactive mode, and it did need a reset anyway, so I started over again, just to realize after another update / 2 days, all gone again. After this I switched to rule base mode, but after 2 days of trying I realize this is equally painful to use.
I have to admit, the interactive mode seems to be easier to use since before, but it still doesn't satisfy. The rule based one is even more disappointing, but I keep it now, because it is working for now.
What I cannot understand are the following workflows:
In the interactive mode I still cannot see, how many more interactive request are following, or at least I couldn't find it.
In the rule based mode, I cannot unlock multiple programs at once or even better, unlock multiple programs at once with the wish of editing the new rules, which change the window where I have one tab for each program, where I can edit the settings. No, right now you unlock one program at a time and waiting for UAC interaction, and repeat. I don't get it.

I did start using ESET privately while I was one of 4 administrators for over 2000 ESET business installation (ESET Protect) on server and clients and over 1000 Sophos Intercept X installations on server and clients. Right now, I am questioning my move to ESET. My license is running out next year as long as it does not get worse, I maybe I will prolong the license at least for my mobile devices. I am working as a senior system engineer mostly for Windows Server Systems, but also for different Linux systems, from experiences I know the neighbor's green looks sometime greener than your own, even it isn't so, that's why I will be patient / lazy for now, but no promises.

[Marcos 5,228]

24 minutes ago, D1rk said:

In the interactive mode I still cannot see, how many more interactive request are following, or at least I couldn't find it.
 

This has never been possible even in older versions. I can't tell if it's technically possible, I've asked the developers. Please add such wishes to the "Future changes to..." topic which is available in each product's forum and is monitored by ESET staff responsible for product features and development.

Quote

In the rule based mode, I cannot unlock multiple programs at once or even better, unlock multiple programs at once with the wish of editing the new rules, which change the window where I have one tab for each program, where I can edit the settings.

A firewall rule has always worked only for one application even in older versions. Groups of applications have never been supported but I don't think there should be a technical problem to implement it if there's a bigger demand for such feature.

[D1rk 1]

23 minutes ago, Marcos said:

This has never been possible even in older versions. I can't tell if it's technically possible, I've asked the developers. Please add such wishes to the "Future changes to..." topic which is available in each product's forum and is monitored by ESET staff responsible for product features and development.

A firewall rule has always worked only for one application even in older versions. Groups of applications have never been supported but I don't think there should be a technical problem to implement it if there's a bigger demand for such feature.

Sorry, my post could be misunderstood at these points. These are of course nice-to-have features. I will consider putting them in the "Future changes to..." area. About rule based nice- to-have feature: I didn't mean to grouping apps, I meant to give free multiple at ones, they are still one rule for each program, but it is only one UAC interaction to process a batch of changes. Anyway wrong thread.

[ixtel 3]

On 8/10/2023 at 10:48 PM, EISUser said:

Can we have ESET provide an official downgrade version link of EIS version 16.1.14?

Very frustrated over the whole firewall debacle, with v17 being solution doesn't help current affected users.

you can download 16.1.14 from this link

https://support.eset.com/en/news8416-eset-windows-home-security-products-version-16-1-have-been-released

[HolyK 1]

@ixtel Thanks for providing the DL link for 16.1.14, that saved my day (luckily i had a recent export of the settings before updating).

2 ESET: I don't understand why would you release a non-major product update which removes an important feature which was in your product for years. Was your Q/A team on vacation or did seriously nobody raised a concern about this at all? The statement that the feature will be back in v17 is just doubling-down. Some of your clients are not just casual users running auto-mode but advanced users with a bit "longer" list of FW rules with explicit definitions ...

After my version got updated and my workstation was restarted I had to go through like 40 FW prompts (as none of my exiting rules was relevant anymore). And no, i don't have 40 programs auto-starting after logon but i got multiple prompts for the same process and even after creating permanent rules i got another prompt, multiple times. Also realizing that ALL of the rules have "ALL" for remote and there is not even a way how to restrict network i was almost sure this seems to be some sort of bug or there is now some switch in settings i need to click to get more advanced FW capabilities ... well, then i found this thread, realized that it is not a bug but "feature" ... so I've rolled back to 16.1. and disabled automatic product updates.

I am usually reading major release (16->17 etc) notes/changelogs before i pull the plug but this was unexpected back-stab. I really don't understand why this change could not wait until you have new UI but with all of the existing functionality integrated...

Alex

[JWT 5]

As a customer my confidence in ESET has been severely shaken, not just because there has been no formal or informal apology but also due to the blatant disregard for it's customers with the callus, and what is now apparent **** up release of v16.2.

If it were not for the fact how easy it is to roll back I would be seeking to take this matter beyond this post of mere disgust.

[pipes 4]

Thing that is bad with interactive mode since the new version is it askes me twice, and creates 2 rules.

Never did this before. This really sucks for the price they ask!

[pipes 4]

Not going to renew, half my subscription wasted. Maybe one day when they get their ducks lined up I will come back. 

 

[Marcos 5,228]

This is a sneak peek of the v17 interactive dialog advanced options. V17 is available as a beta and will be released in a few weeks:

[Manly Electronics 7]

1 hour ago, Marcos said:

This is a sneak peek of the v17 interactive dialog advanced options. V17 is available as a beta and will be released in a few weeks:

 

Betta is like an Airplane prototype. But can security software do the same? Why not? It is ok to roll out beta OS, medications, countries, ecosystems and world orders even before a GUI is developed. It is just the matter of enthusiastic or unaware test pilots.. =

[x7007 4]

I tried playing forza horizon 5 and it kept saying new connection for every server/ip it wanted to connect, if it didn't show in interactive mode then it wouldn't even connect to the game server. SHAME, sometimes randomly it doesn't even pop-up the interactive connection menu and it doesn't connect to the server/game/program until I restart computer, then suddenly it shows up

[Marcos 5,228]

When it comes to games and interactive mode, I'd start off by disabling gamer mode which prevents interactive dialogs from popping out. It is not a good idea to use both together.

[x7007 4]

3 hours ago, Marcos said:

When it comes to games and interactive mode, I'd start off by disabling gamer mode which prevents interactive dialogs from popping out. It is not a good idea to use both together.

it's disabled long time ago since the beginning. still happens that it doesn't open for programs or games. only after windows restart it remembers to open the interactive window.

[mihu 0]

On 9/10/2023 at 10:59 PM, Marcos said:

This is a sneak peek of the v17 interactive dialog advanced options. V17 is available as a beta and will be released in a few weeks:

On the screenshot missing in interactive dialog: exact path of the application

Is the exact path no longer displayed in the new versions ?

If the answer ist yes, that's not good at all.

[mihu 0]

I mean the following

 

 

[Marcos 5,228]

The above screenshot seems to be from EIS 16.1. Are you inquiring about v16.2? If so, you should be able to click the application path, copy it from Windows Explorer, edit the rule and use the path in the application field instead of identification by signer which is used by default.

[Joe S 2]

So I'm not alone with this problem!

I use also interactive mode and block those I don't want to connect outbound.

What always worked now suddenly has become an obnoxious tit-for-tat game like an obnoxious three-year-old who never gives up!

I have up to 30 instances on some apps where the same outbound request happens over and over again tries every time with an newer and higher instance number!

What's the point of this nonsense? If I say no, no means no! That's that!

Not like a pesky 3 year old ignoring all and trying over and over again!

For example my cyber power UPS software all of a sudden tries every day to check for updates and every time I say no and every time it tries again! This was not the case earlier in the year.

The same for Nvidia who despite that I don't want to install any "container experience" jazz, used to accept that I said "NO". Now this one too tries every day once or twice the connect outbound! again this was not the case earlier this year  this is a new problem.

This problem needs to be fixed otherwise I will have to find another security solution! Believe it or not, I do work on a computer and not play around all day!

[Marcos 5,228]

This is a screenshot of the interactive dialog from v17 which will be released later this year. You will be able to select communication parameters before a rule is created:

[x7007 4]

1 hour ago, Marcos said:

This is a screenshot of the interactive dialog from v17 which will be released later this year. You will be able to select communication parameters before a rule is created:

can't you release a fix for that first???

at least some pre release fix or pre release 17

 something to fix this issue now

[sovchen 2]

Yeah I moved back to 16.1.14 after having issues with this for a while as well. The problem is it's trying to assign some generic signed app .exe with no path making the default set rules completely pointless. You have to set the path manually now every time you add a rule through the dialog.

I don't appreciate being pushed beta features to test as a paying customer. I did not select any pre-release update channel setting.

Are we gonna have to disable updates and check to forums for any major problems now before updating? What if something else breaks in the next update?

[Marcos 5,228]

6 minutes ago, sovchen said:

The problem is it's trying to assign some generic signed app .exe with no path making the default set rules completely pointless. You have to set the path manually now every time you add a rule through the dialog.

Could you please elaborate more on your use case and also explain what the problem is with creating rules for a specific application and the signer regardless of the path? We'd like to know better how you use the firewall and how we could improve it to suit your needs.

[sovchen 2]

15 minutes ago, Marcos said:

Could you please elaborate more on your use case and also explain what the problem is with creating rules for a specific application and the signer regardless of the path? We'd like to know better how you use the firewall and how we could improve it to suit your needs.

Here is an example of my usecase: 

Note how I have multiple python installs working out of different locations in my filesystem. The firewall rule specifically points to the path of the executable. 

When the dialog appears it points directly to the application.exe path.

I did not take any screenshots of how 16.2 behaves because I don't have it installed anymore as mentioned, as best I can explain it instead of assigning a path to my python.exe location it would simply treat it as a generic python signed app with no location, this is reflected in the interactive dialog as well. The rule in that case is not valid for any of my python installs. The only way to make it work is to go into the firewall rule as set by the dialog, delete the singed app nonsense and browse to the path of the executable myself, which as you can imagine invalidates the point of an interactive dialog. I might as well set the firewall to block all and manually point to everything I want unblocked. 

This problem gets even more tedious once you try to control service based stuff such as all the microsoft nonsense in windows 

I was getting prompts for these too in 16.2, I don't even know how you'd go about setting them manually. Something is clearly wrong with the way it handles these signed apps with no path through the interactive dialog at least.

Please understand that having a path set directly to the executable in question, not a generic signed app, is absolutely necessary and must be a default feature in the dialog as it's been up until now else there will be no end to the problems, as others have also pointed out in this thread. 

[itman 1,739]

1 hour ago, sovchen said:

Note how I have multiple python installs working out of different locations in my filesystem. The firewall rule specifically points to the path of the executable. 

This has always been a problem with Eset firewall rules. It would be solved by allowing wildcard "*" specification in path specification as the HIPS currently does;

e.g. W:\*\Python3.10.6\python.exe.

Edited September 19, 2023 by itman

[sovchen 2]

2 minutes ago, itman said:

This has always been a problem with Eset firewall rules. It would be solved by allowing wildcard "*" specification in path specification as the HIPS currently does;

i.e. W:\*\Python3.10.6\python.exe.

Except it's not a problem. That post is an example of the functionality I need. A wildcard rule would be exactly what I don't want in this case.

[Marcos 5,228]

Would more of you leverage the option to choose the application path instead of the app name and signer in the interactive window? The thing is there are already quite many settings so the window hardly fits the screen height so maybe we would have to remote "Profile" or another setting instead: