itman 1,659 Posted September 19, 2023 Share Posted September 19, 2023 2 minutes ago, sovchen said: Except it's not a problem. That post is an example of the functionality I need. A wildcard rule would be exactly what I don't want in this case. I was referring to the multiple Deny rules you created. The Allow rule would be positioned above the wildcard Deny rule so that it would execute first. Link to comment Share on other sites More sharing options...
sovchen 2 Posted September 19, 2023 Share Posted September 19, 2023 6 minutes ago, Marcos said: Would more of you leverage the option to choose the application path instead of the app name and signer in the interactive window? The thing is there are already quite many settings so the window hardly fits the screen height so maybe we would have to remote "Profile" or another setting instead: Yes, the application path is exactly what's needed. This has been the norm up until 16.2. I'm sure you could avoid a lot of confusion if you also had it ticked by default instead of the new signed app system or at least have an option for it in the settings menu. As far as I can tell from my experience with the new update, and from the posts in this thread, the rules for signed apps don't seem to do anything when set from the interactive prompt so it might be best to just hide that. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 19, 2023 Administrators Share Posted September 19, 2023 Until v16.2, applications could be identified only by the full path which caused issues when an application was updated in a new folder. As of v16.2, we've added also identification by signer to solve those issues. Quote the rules for signed apps don't seem to do anything when set from the interactive prompt Rules with a signer created from the interactive dialog work well for me. If you are having issues with such rules, we could look into it and try to reproduce it on our end according to your instructions. Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 20, 2023 Share Posted September 20, 2023 The Germans have a wonderful word concoction for such actions. "Verschlimmbessern" To make something worse by improving. To improve something that works just fine so long and so often until it becomes useless and dysfunctional. I seriously have to take into consideration if I can continue to recommend ESET to clients. Manly Electronics 1 Link to comment Share on other sites More sharing options...
Pax 2 Posted September 20, 2023 Share Posted September 20, 2023 If working correctly app name and signer option would be a good fix for all those Windows store-style apps that put each updated binary into a new folder. Hope for it in 17 since I've downgraded to 16.1 because of the unusable interactive mode in 16.2. Link to comment Share on other sites More sharing options...
Manly Electronics 7 Posted September 20, 2023 Author Share Posted September 20, 2023 (edited) On 9/11/2023 at 5:12 AM, pipes said: Not going to renew, half my subscription wasted. Maybe one day when they get their ducks lined up I will come back. Yes, Licensing is another issue. I used to be a reseller but cheap OEM deals were removed and prices jacked. Sure it created a revenue stream from end users in a short run. But that collapsed promoting and supporting cycles a year - two long.. Imho it now bounced in the product quality now. Edited September 20, 2023 by Manly Electronics Joe S 1 Link to comment Share on other sites More sharing options...
Manly Electronics 7 Posted September 20, 2023 Author Share Posted September 20, 2023 (edited) 18 hours ago, Joe S said: The Germans have a wonderful word concoction for such actions. "Verschlimmbessern" To make something worse by improving. To improve something that works just fine so long and so often until it becomes useless and dysfunctional. I seriously have to take into consideration if I can continue to recommend ESET to clients. The English word, although not that emotionally charged, is ‘counterproductive’. Imho the better one is is ‘Chalta hai’, a Hindi expression that roughly translates to "it's okay" or "slide" or "slack". It reflects a laid-back attitude towards work and perhaps life itself, when problems are ignored or not sufficiently addressed . Edited September 20, 2023 by Manly Electronics Joe S 1 Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 I'm dealing with this absurdity of the over hyper interactive firewall in version 16.2.13.0 that constantly asks me again and again and again the same old jazz every time like a mentally incapacitated person or kid. every time I click "deny" "deny" "deny" or in some other apps "allow" it asks me again again and again and again! believe me I have another daytime job as well! I'm sorry but which reality detached nut job thought that this was a good idea? The whole point of interactive mode is that you can see what's going on and make once and for all individual decisions, yes or no and that's that. Not not some inane constant repeating over and over and over again! So I'm trying to downgrade the ESET to 16.1 which I have downloaded a copy of but I cannot install it because ESET righteously declares that I have already the newest version. Gee thanks I didn't ask for that! So what do I have to do to get the older version? "Tear down the house" as in completely uninstall ESET first? if so will it retain all customizations/configurations if must completely uninstall first and then reinstall the preceding version? On top of everything else I just discovered that column sort function by clicking on the column title ( see attached images) has also been taken away! Who comes up with these absurd ideas? Someone totally unimaginative with no life experience who has to proliferate himself so he can move forward in the company??? Super annoyed, and so are my clients I recommended ESET too! JoeS Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 23, 2023 Administrators Share Posted September 23, 2023 As for duplicate rules, we were able to reproduce the issue only with certain Lenovo software, not with other applications that we have tried. That said, the issue is somehow application specific and is currently being investigated so that it's fixed in v17. Until the root cause is found, we cannot tell what versions were affected. As for installing v16.1, we don't know yet if it's affected, however, you can uninstall v16.2 and install v16.1 then. Link to comment Share on other sites More sharing options...
Pax 2 Posted September 23, 2023 Share Posted September 23, 2023 10 hours ago, Joe S said: I'm dealing with this absurdity of the over hyper interactive firewall in version 16.2.13.0 that constantly asks me again and again and again the same old jazz every time like a mentally incapacitated person or kid. every time I click "deny" "deny" "deny" or in some other apps "allow" it asks me again again and again and again! believe me I have another daytime job as well! I'm sorry but which reality detached nut job thought that this was a good idea? The whole point of interactive mode is that you can see what's going on and make once and for all individual decisions, yes or no and that's that. Not not some inane constant repeating over and over and over again! So I'm trying to downgrade the ESET to 16.1 which I have downloaded a copy of but I cannot install it because ESET righteously declares that I have already the newest version. Gee thanks I didn't ask for that! So what do I have to do to get the older version? "Tear down the house" as in completely uninstall ESET first? if so will it retain all customizations/configurations if must completely uninstall first and then reinstall the preceding version? On top of everything else I just discovered that column sort function by clicking on the column title ( see attached images) has also been taken away! Who comes up with these absurd ideas? Someone totally unimaginative with no life experience who has to proliferate himself so he can move forward in the company??? Super annoyed, and so are my clients I recommended ESET too! JoeS Your only viable solution is to uninstall 16.2, install 16.1, and if you don't have settings backups from 16.1 redo all the rules from start. It's a pain but it will save you nerves and time in the long run. Joe S 1 Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 (edited) The bottom line is simple! The "KISS" principal. Keep it simple stupid! ( with or without the comma) you can Google it. https://en.wikipedia.org/wiki/KISS_principle For well over a decade interactive mode worked well and when an app wanted to connect i.e. outbound up and you selected "always block" is accepted and recorded such. Thereafter any app who tried to call out and you had blocked never bothered you again. NO means NO. always. Now some genius had tto over engineer something, "Verschlimmbessern" ( you can Google that too) so the family becomes useless! "The term verschlimmbessern is colloquial, and it is a fusion of verschlimmern (“to make something worse”) and verbessern (“to make something better”). Thus, verschlimmbessern means making something worse while intending to make it better. Man having headache. The term is used in the past tense to describe a situation.almost So dear ESETonians, "KISS" please! Edited September 23, 2023 by Joe S Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 Errata in prev. post 2nd last paragraph: "so the family becomes useless" should be: "so the feature becomes useless" Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 23, 2023 Share Posted September 23, 2023 (edited) 20 hours ago, Joe S said: I'm dealing with this absurdity of the over hyper interactive firewall in version 16.2.13.0 that constantly asks me again and again and again the same old jazz every time like a mentally incapacitated person or kid. As far as NVIDIA Container goes, the parent service process is spawning a same named child process running from a different location; Assuming that the first firewall rule created by Interactive mode was for the NVIDIA Container service process and the child process setting was enabled for that rule, it should block any outbound network traffic from any spawned child processes. Otherwise, a manual firewall rule will have to be created for the for the NVIDIA Container service process and the child process setting enabled. I also suspect the same applies for the other process shown in your screen shot where duplicate rules are being created. Edited September 23, 2023 by itman Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 The problem is new since the newer "updates" of ESET. For over 10+ years I never had the problem and since the last update I have it now! Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 23, 2023 Share Posted September 23, 2023 (edited) I will also add that as I have posted in other forum replies, it is virtually impossible to block nVidia telemetry via a firewall; Quote nvtelemetry.dll A new report suggests that Nvidia Telemetry still works in the latest drivers even if you follow all the guidelines mentioned above. Nvidia seems to have baked this into the file nvtelemetry.dll which you need to delete to block C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe from connecting to *.gfe.nvidia.com You need to delete or rename nvtelemetry.dll on the system. Search for the file and rename it in any location you find it. https://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/ As deleting this .dll can cause other issues, the only effective way to block the telemetry is via IP address blocking. Edited September 23, 2023 by itman Joe S 1 Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 10 hours ago, Pax said: Your only viable solution is to uninstall 16.2, install 16.1, and if you don't have settings backups from 16.1 redo all the rules from start. It's a pain but it will save you nerves and time in the long run. Thanks. I thought so. So do an export [xml] settings first and then reinstall. Do I need an ESET unisntaller to cleanly uninstall all? Then 16.1 reinstall (disable app feature updates) and an import prev. exported xml settings and I should be "back in business" and have a piece of mind again that "NO, NEVER mean NO NEVER! right? Joe Link to comment Share on other sites More sharing options...
Joe S 2 Posted September 23, 2023 Share Posted September 23, 2023 13 minutes ago, itman said: I will also add that as I have posted in other forum replies, it is virtually impossible to block nVidia telemetry via a firewall; https://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/ As deleting this .dll can cause other issues, the only effective way to block the telemetry is via IP address blocking. Like Windoz. There I found that all remedies get circumvented by big brother Microsoft. I found one simple "KISS" principle solution, as so often, the more elaborate and complex, the simpler the often hidden Achilles' heel: In the case of Windows, every time telemetry starts a little script shuts it immediately down. Link to comment Share on other sites More sharing options...
x7007 4 Posted September 25, 2023 Share Posted September 25, 2023 did new version release or I'm imagining 16.2.1.15.0 Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 25, 2023 Share Posted September 25, 2023 2 hours ago, x7007 said: did new version release or I'm imagining 16.2.1.15.0 I got it via manual update option. Link to comment Share on other sites More sharing options...
x7007 4 Posted September 25, 2023 Share Posted September 25, 2023 did it fixed he issue? Link to comment Share on other sites More sharing options...
Enrico 3 Posted September 26, 2023 Share Posted September 26, 2023 (edited) On 9/23/2023 at 11:22 PM, itman said: As deleting this .dll can cause other issues, the only effective way to block the telemetry is via IP address blocking. It causes no issues at all, but you have to remove other useless files in order to stop unwanted network traffic... Edited September 26, 2023 by Enrico Link to comment Share on other sites More sharing options...
sovchen 2 Posted September 27, 2023 Share Posted September 27, 2023 On 9/24/2023 at 12:22 AM, itman said: I will also add that as I have posted in other forum replies, it is virtually impossible to block nVidia telemetry via a firewall; https://www.ghacks.net/2016/11/07/nvidia-telemetry-tracking/ As deleting this .dll can cause other issues, the only effective way to block the telemetry is via IP address blocking. >virtually impossible That doesn't sound right. Blocking via prompt stopped any network interaction nvdisplaycontainer tried to do, and it hasn't attempted to deploy from elsewhere either, I have verified this on my machine. I'm not sure about the other telemetry processes tho as they can be easily excluded from install using the nvslimmer tool. I've only ever had one rule for it Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 27, 2023 Share Posted September 27, 2023 37 minutes ago, sovchen said: That doesn't sound right. Blocking via prompt stopped any network interaction nvdisplaycontainer tried to do, and it hasn't attempted to deploy from elsewhere either, I have verified this on my machine. Refer my prior posting here: https://forum.eset.com/topic/37283-interactive-firewall-useless-since-162/?do=findComment&comment=172757 . As long as the NvDisplayContainer.exe firewall rule specifies child processes, all outbound network traffic from it will be blocked. It is the NvDisplayContainer.exe child process that is performing the network connection. Link to comment Share on other sites More sharing options...
sovchen 2 Posted September 27, 2023 Share Posted September 27, 2023 1 hour ago, itman said: Refer my prior posting here: https://forum.eset.com/topic/37283-interactive-firewall-useless-since-162/?do=findComment&comment=172757 . As long as the NvDisplayContainer.exe firewall rule specifies child processes, all outbound network traffic from it will be blocked. It is the NvDisplayContainer.exe child process that is performing the network connection. Not sure what you're trying to tell me. I was just commenting on the absurdity of calling it impossible to block when we have both showed how easy it is to do so. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 27, 2023 Administrators Share Posted September 27, 2023 The issue with duplicate rules has been pinpointed, it lies outside of the firewall. Link to comment Share on other sites More sharing options...
Recommended Posts