Merged policy is not work in Endpoints Firewalls

[kamiran.asia 5]

Hi Dears.

 

In Many Endpoints manged with ESET Protect , Firewall Policy is not merged ( When we use two policy at same time ( Append + Prepend ) )

Just one policy will apply and second one will be ignored.

Firewall module 1438.2

Configuration  2075.5

 

What can we do for this issue ?

[kamiran.asia 5]

This Problem accrued just in new installation v9 / V10 / V10.1 !

installed versions not involved !  just fresh installation will have this problem and two Firewall Config will not merged. PreRelease and module 1439 not helped .

Other Module policy works correct in merging , For example HIPS policy merge correctly.

[kamiran.asia 5]

Correction : Mentioned issue is occurred just in V9 Version ( With fresh new installation )

upgrading to latest version 10.1 will solve the problem.

But for windows 7 - 8 that v10 is not available , Firewall Rules can not be merged via ESET Protect Policy , Just one Policy Rules will be set at endpoint V9.

PreRelease 1439 not helped.

Will this issue solve at firewall module 1440 ?

[labynko 5]

Hello.

You are not alone with the problem.

Besides me and you, another user Kimiya Kitani has encountered a problem.

To solve it, as usual, you need to collect debugging information for technical support.

I have a temporary solution to the problem.

It is very important how you apply the firewall settings.

I have done this: there is a main policy in which ALL built-in rules are forcibly disabled, except for one rule that allows local traffic (localhost), and firewall rules are added (applied) only through dynamic group policies (one rule - one policy). The most important thing to remember is that custom rules must be applied in append mode, otherwise one rule will mess up all the rules. This approach prevents the use of built-in rules, because in any new policy, they are enabled by default and it takes a lot of time to disable them all again. So, somehow in the new version, I still don’t know what specifically: the firewall module or the settings module, somehow the option to replace custom rules is hidden. To get around this, you need to enable custom firewall rules in append mode in EVERY policy you use (in my case), and then the problem will disappear!

[kamiran.asia 5]

We reproduce the bug and this is the video :

in any Version of ESS with Firewall 1438.2  , Firewall Rules will not merge , But when ESS upgrade to 10.1.2046.0 , Same policies will work and merge probably.

We guess this problem will cause in new installation and after update to 1438.2 ,

 

 

[kamiran.asia 5]

in this video you can see that how one Firewall Role will gone after update to 1438.2 , and just one Policy will remain after update.

ESS Version 10.0.2034

 

 

[Marcos 5,157]

The problem is likely with policies that are applied with a very old Configuration Engine module from v9.x installers before it can update to the latest version.

When installing v9, you should use the MODULESZIP_PATH and provide latest modules in a zip. I can provide you with detailed instructions and a zipped module package. This way v9 will use the latest CE module when applying the policies and the firewall rules should be applied correctly.

We plan to publish re-packed v9.1 installers with latest modules soon.

[kamiran.asia 5]

7 minutes ago, Marcos said:

The problem is likely with policies that are applied with a very old Configuration Engine module that was in v9.x installers.

When installing v9, you should use the MODULESZIP_PATH and provide latest modules in a zip. I can provide you with detailed instructions and a zipped module package. This way v9 will use the latest CE module when applying the policies and the firewall rules should be applied correctly.

We plan to publish re-packed v9.1 installers with latest modules soon.

Yes , may be you are right . because we can not reproduce the issue in every situation. We are working to find the source of problem exactly.

[labynko 5]

I am using ESET PROTECT 10.1.24.1 and Configuration module 2075.5 (20230713).

I create a new empty policy and apply it twice to the same computer and the problem shows up.

[labynko 5]

I note that the problem is observed both on old versions of ESET Endpoint Security 9.1.2063.0 and the current 10.1.2046.0.

Does ESET PROTECT have a built-in mechanism that automatically checks if policies are correct?

How can I manually check the policy for correctness?

Edited August 7, 2023 by labynko

[kamiran.asia 5]

The issue is random . We are working on but there is no rule that the issue occurred in special situation.

Even when we change the static group , Policies will work and merge correctly.

 

We will create the ESET Log Collector in the problematic endpoints,

[labynko 5]

I was able to reproduce the issue in a test environment.

The collected debugging information can be downloaded from the link:

https://dropmefiles.com/ObCXq

Information for Marcos: the password for the archive is the same as previously sent to private messages.

[labynko 5]

Marcos, were you able to reproduce the problem?

If so, when can we expect a fix?