Jump to content

Interactive firewall cannot block Lenovo Vantage


Recommended Posts

Since an update to Lenovo Vantage on Win10 22H2 EIS cannot block (or allow) Lenovo Vantage connections to the web in interactive mode. More specifically the module "LenovoVantage-(VantageCoreAddin).exe". Everytime I open Vantage EIS throws up the dialogue windows to allow/block this file from accessing the web.

image.png

 

It doesn't matter whether I allow or deny permanently, this comes up every time I start up the app. "Thanks" to that I've a truckload of rules for the same thing:

image.png

 

 

Link to comment
Share on other sites

Additional info: This is with EIS 16.1.14, as I need port info in the popups, so I downgraded from 16.2. Nevertheless, the behaviour is the same with 16.2.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Please provide logs collected with ESET Log Collector. Does the problem persist if you install EIS and create rules from scratch?

Log collector output sent in PM.

When I downgraded to 16.1.14, I uninstalled 16.2 and reinstalled the previous version form scratch.

Link to comment
Share on other sites

It appears to me that the Eset firewall can't process the "(" and ")" symbols in the file name; i.e. LenovoVantage-(VantageCoreAddin).exe. I have never seen a file name using those symbols although they are allowable characters.

Link to comment
Share on other sites

  • 4 weeks later...

Any updates on this bug? Getting really annoyed with constant access popups related to Vantage (constantly have to purge my FW rules related to Vantage...) I'm afraid that legitimate access request get lost in the noise.

Link to comment
Share on other sites

  • 2 months later...

Same thing still happens here as well. Vantage runs on startup here, so whenever the system starts I get a few prompts from ESET Internet Security about it, no matter how I choose to handle them.

Link to comment
Share on other sites

  • Administrators

Lenovo seems to have started using hard links, each pointing to the same physical file.

C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0>fsutil hardlink list "LenovoVantage-(SmartPrivacyAddin).exe"

\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(MultimediaAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(SmartPrivacyAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\Lenovo.Vantage.AddinHost.exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericTelemetryAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoCompanionAppAddin).exe
\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoProductivitySystemAddin).exe

 

I've tried to duplicate it now with Lenovo Vantage and v17 to no avail. Please let us know if switching to the pre-release update channel and upgrading to v17.0.10 makes a difference.

Link to comment
Share on other sites

I've updated to the pre-release versiob (17.0.10.0) and I'm sorry to say this issue still isn't fixed while using FW in interactive mode. ESET is still asking me what to do about Vantage multiple times, and thus creating multiple, identical rules:

 

image.png

eis_logs.zip

Edited by boardlord
Link to comment
Share on other sites

  • Administrators

Those are not actually identical. Firewall rules are created for a specific file, however, the firewall internally works with aliases / hard links which are different in this case. According to the output of fstuil shown above, there can be 8 rules for 1 file that appear identical but they are not identical in fact because each is created for a different alias of the file.

If you notice this behavior also for other than the Lenovo app, let us know so that we can investigate if it uses hard links / aliases as well.

Link to comment
Share on other sites

  • Administrators

You could try switching to learning mode while using the Lenovo app as it will automatically create and merge several rules into one. Then you can switch to interactive mode which should no longer ask about it.

Link to comment
Share on other sites

No joy... I switched to Learning mode, started Vantage multiple times (got the popups that new rules have been created), switched back to Interactive, and the prompts started again. I repeated this a number of times, and the result was the same.

eis_logs.zip

Edited by boardlord
Attached logs
Link to comment
Share on other sites

This is getting a bit ridiculous now... Up to 165 rules. Any info on what can you do? Frankly, I'm getting tired of this. I NEED Vantage to limit battery charging so cannot uninstall it, but I also need an interactive FW.

Edited by boardlord
Link to comment
Share on other sites

  • 2 weeks later...

I had the same issue with Lenovo Vantage. And found a workaround. I have blocked Vantage IP addresses for all processes and now I am not getting any interactive firewall prompts regarding Vantage.

Just delete manually all rules related to Vantage and when you will get next prompt, set rules so they apply only to IP and be sure to uncheck Application.

Link to comment
Share on other sites

  • Administrators

We now know what is causing it. It's that we started to ask the Anti-Stealth about processes both from the kernel and user mode when they start compared to asking when they were already started in older firewall module versions. We'll make some optimizations to reduce the number of rules due to processes differently identified at various stages of running by the operating system that provides data to Anti-stealth.

Link to comment
Share on other sites

  • 2 weeks later...

Por favor me pueden indicar cual es la solución?. Yo tengo el mismo problema y hasta ahora no encuentro la solución.

 

Machine translation:

Please can you tell me what the solution is? I have the same problem and so far I can't find the solution.

Edited by Marcos
Machine translation added
Link to comment
Share on other sites

4 hours ago, Marcos said:

Por ahora, puede crear una regla para las direcciones IP a las que accede la herramienta Lenovo en lugar de especificar la aplicación.

No sé donde se realiza ese precedimiento. Me puede detallar como realizar ese procedimiento, por favor?

Link to comment
Share on other sites

  • Administrators
48 minutes ago, DWGP said:

No sé donde se realiza ese precedimiento. Me puede detallar como realizar ese procedimiento, por favor?

This is an English forum. We kindly ask you to post in English.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...