blazej44800 0 Posted January 23, 2015 Posted January 23, 2015 Hello I'm using ESET Endpoint Security 5 on Windows 8.1. Firewall is setted up in interactive mode and I'm really strict with this. I'm blocking all not needed comunications including from system processes (explorer.exe, services.exe, lsass.exe etc.). But it seems that firewall is blocking DHCP requests, because when I connect to network I'm not getting IP adress and network state is Limit (restriced) access only. When I turn off firewall and use ipconfig /renew I will get the IP adress normally. I'm attaching screenshot of rules, but I don't know how to export full lines. Which rules should I focus on?
Administrators Marcos 5,727 Posted January 24, 2015 Administrators Posted January 24, 2015 Carry on as follows: - enable logging of blocked communication as well as advanced logging to pcap in the IDS setup -> Troubleshooting - clear your firewall log - restart the computer - reproduce the issue - disable logging - collect logs using ESET Log Collector (ELC) - send me a pm with ELC logs and pcapng file from the folder "C:\ProgramData\ESET\ESET Endpoint Security\Diagnostics" attached.
blazej44800 0 Posted January 24, 2015 Author Posted January 24, 2015 Hi It looks to be solved according to your instructions: - I enabled IDS -> Troubleshooting - in firewall log was message "No process listening on port 67-68" - and yes, I added denied rule for all TCP & UDP traffic for svchost.exe, but above was default ESET rule for allowing DHCP&DHCPv6 for svchost.exe - but it seems to be not working - so I add new rule for allowing UDP for 67,68,53 and 123 already - now after restarting everything is working very well Thanks for your support!
Recommended Posts