ESET blocking Avira TrueImage backup?

[Ubtree 0]

Halfway through a 14 hour backup (a process that I had carried out without any problem on many previous occasions), ESET Smart Security 8 warned that a remote computer was attempting to access an application on my PC;  the IP address given for the remote computer was my router / internet gateway.  TrueImage was still running (ie. the window was still open, and there was no error message), but it had suspended backing up files.

 

I had no idea whether the ESET warning was a real threat, or why this event had happened at this point, and so I responded to the warning by asking ESET to block the activity on this occasion.  (I did not check the box asking for the instruction to be remembered on future occasions.)  The backup did not resume.

 

Since then, I have twice tried to backup the computer, but on both occasions TrueImage simply stopped backing up files when it was only halfway through  (  -  the program continued to run, but progress ceased).

 

I cannot find any log entries that relate to this incident (including any reference to the remote computer attempting to access an application on my PC).

 

My initial questions are:

• Was the original warning a real threat (and therefore I was correct to block it), or could it have related to the TrueImage backup process (in which case I should have permitted it)?
• Where would I find a log reporting that warning, and the action taken in response to the warning?

Any help would be greatly appreciated.

 

[Marcos 5,070]

Do you have ESET firewall configured to run in interactive mode? If not, there should be no reason to display a window asking you for an action.

[Ubtree 0]

Yes, I run ESET in interactive mode.

[Marcos 5,070]

Yes, I run ESET in interactive mode.

 

Then switch to learning mode for a while until all necessary rules are created if you don't want to use automatic mode.

[Ubtree 0]

 

Yes, I run ESET in interactive mode.

 

Then switch to learning mode for a while until all necessary rules are created if you don't want to use automatic mode.

 

I think that you have misunderstood the help that I need.

 

According to the ESET Knowledgebase:  "Learning mode is not secure, and should only be used until all rules for required communications have been created."  All the rules required for communication had already been created:  I had carried out the backup process without any problem on many previous occasions.

 

ESET has reported a potential threat that I need to understand.  To this end, I need to know:

• Was the original warning a real external threat (and therefore I was correct to block it), or could running a backup program on the PC have caused ESET to report that a remote computer was attempting to access an application on my PC?
• Where would I find a log reporting that warning, and the action taken in response to the warning?

[Marcos 5,070]

Ok, then please post the recent records from your "Detected threats" log so that we know the name of the detection as well as the path to the file which was detected.

[Ubtree 0]

Although this incident happened a few days ago, the Detected Threat log is empty, and in Setup, log files are set to keep records for 90 days,

[rugk 397]

Okay then it wasn't a threat, but only a notification from the interactive Firewall which asked you whether you wanted to allow a inbound traffic. So maybe you were right to block the traffic.

However it's really strange that this had an effect on a backup which should have nothing to do with any network traffic at all (even more it should have nothing to do with inbound traffic).

 

So maybe it was just a fortuity and the issue was caused by something else.

Have you already tried to re-run the backup and look whether there comes inbound traffic too?

If so then you have now the chance to take a screenshot before you click any button.

Edited January 22, 2015 by rugk

[Ubtree 0]

If so then you have now the chance to take a screenshot before you click any button.

Have you already tried to re-run the backup and look whether there comes inbound traffic too?

I have re-run the backup twice with ESET active;  on both occasions, the backup stopped part way through, without any notification by ESET.

Last night, I also tried running the backup with ESET disabled, and this time, it completed normally.

I have checked the Personal Firewall settings.  For each TrueImage module, inbound traffic is set to "Ask", and outbound traffic is set to "Allow).

[Marcos 5,070]

You should try to reproduce it with firewall disabled. If the issue doesn't occur, enable firewall and carry on as follows:

- enable logging of blocked connections and special logging to pcap in the IDS setup

- clear your firewall log

- restart the computer

- reproduce the issue

- disable logging

- post records from your firewall log here.