Ping blocked by eset

[byxil 0]

I installed Smart Security on a PC with Windows 11 and now I can no longer ping that PC with my home automation system. Both are in my local network 192.168.1.X but the home automation server cannot ping my PC. I tried reading some messages with the same problem as me, but I'm not very expert and I didn't really understand what to do.
If I uninstall the antivirus the ping works again
Can someone help me? Thank you

[itman 1,662]

Does your Eset active network connection show as Public profile?

[byxil 0]

In the Configuration menu, -> network security, -> network connection, I have my router as a private network and a virtual network as public

[itman 1,662]

2 hours ago, byxil said:

I have my router as a private network

On the Private profile, Eset's firewall trusts all connections on the local subnet; e.g. 192.168.1.0/24.

If you review Eset default firewall rules and scroll down to the rule title "Allow ICMP communication in the Trusted zone," all ICMP communication is allowed. This leads me to believe it's ICMP activity from the the VPN connection that is being blocked.

Ping from the HA server again. Immediately thereafter open Eset GUI -> Network Protection. Refer to the section titled "Resolve blocked communication." The count shown should be a non-zero value. Mouse click on Resolve blocked communication section. Shown should be the blocked ICMP communication and you can have the Eset firewall auto create a firewall rule to allow the ICMP traffic.

Edited April 1 by itman

[byxil 0]

On 4/1/2024 at 9:33 PM, itman said:

Ping from the HA server again. Immediately thereafter open Eset GUI -> Network Protection. Refer to the section titled "Resolve blocked communication." The count shown should be a non-zero value.

I tried, but there is no new entry in "Resolve blocked communication.", the value remain zero.

[itman 1,662]

1 hour ago, byxil said:

I tried, but there is no new entry in "Resolve blocked communication.", the value remain zero.

I guess we can assume that the Eset firewall is not blocking the inbound ping activity.

You will have to go through Eset logs; Detections, Filtered web site, HIPS, and Network Protection to determine if any entries exist related to this ping activity.

Edited April 2 by itman

[byxil 0]

Thank you in the meantime for your support.
I found it, if I turn off the network traffic scanner, the ping works.

I can disable the option from Configuration > Advanced Configuration > Detection Engine > Network Traffic Scanner > "Enable Network Traffic Scanner" on/off switch.

However, I don't have an option to modulate this choice, either I deactivate all traffic or enable everything, I would like to be able to only deactivate the ping control towards the address of my home automation server.

[itman 1,662]

It's strange that Eset Network Traffic Scanner would block a ping from a device on a trusted network to another device on the same network. One possibility is Eset is monitoring for a ping flood attack: https://www.imperva.com/learn/ddos/ping-icmp-flood/ .

In any case if this is a major issue for you, I would open a tech support request about it.

[Rigo 0]

I am having the same exact issue.  I also found that disabling "network traffic scanner" allows the ping to go through. I have 3 PC's using the same config. The 2 that are working correctly are on version 17.0.16.0, The one that is no longer working as intended is on 17.1.9.0. This definitely seems like a bug. If i manually disable all the features that "network traffic scanner" enables, I still can't ping. That option is doing more filtering behind the scenes that we don't know of.

[byxil 0]

What is the procedure for opening a technical support request? I would like to exclude from network scanning that device that has a fixed IP on the LAN

Thanks for your help

[itman 1,662]

27 minutes ago, byxil said:

I would like to exclude from network scanning that device that has a fixed IP on the LAN

In current Eset versions, you can't set exclusions to Network Traffic Scanner.

28 minutes ago, byxil said:

What is the procedure for opening a technical support request?

Open Eset GUI -> Help and Support -> Technical Support.

[Marcos 5,082]

The network traffic scanner doesn't affect network communication except HTTP(S), POP3(S) and IMAP(S). Ping sends an ICMP echo so it can be blocked only by network protection.

Please carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reproduce the issue
3. Stop logging
4. Collect logs with ESET Log Collector and upload the generated archive here.

[Rigo 0]

I've attached my logs.

I enabled advanced logs then replicated the issue as follows:

- Ping w/ ESET running - No response
- Disabled ESET firewall - No Response
- Disabled network traffic scanner - Response!
- Re-enabled ESET Firewall - Response!
- Re-enabled network traffic scanner - No response

Disabled logs and collected.

eis_logs.zip

[Marcos 5,082]

Does disabling only HTTP/3 make a difference?

 

Does adding the subnet 192.168.50.0/24 to the Trusted zone make a difference?

[Rigo 0]

Disabling HTTP/3 traffic scanning worked! Thank you!

I already had a network connection profile with the IP ranges needed so I didn't need to add an IP set but the first solution did the trick.

Hopefully this works for OP as well.

[Marcos 5,082]

3 minutes ago, Rigo said:

I already had a network connection profile with the IP ranges needed so I didn't need to add an IP set but the first solution did the trick.

Not really, I see that the activator for the private network profile are:

Windows profile: Domain
Windows provile: Private

Hence I asked to add the subnet to the trusted zone explicitly.

[Rigo 0]

With this profile. I am able to connect to my other devices. Is this a bad approach?

Edited April 5 by Rigo

[Marcos 5,082]

I can't verify if the activators are valid on your machine, hence I've asked to put the subnet to the trusted zone explicitly at least while troubleshooting the issue.

[byxil 0]

44 minutes ago, Rigo said:

With this profile. I am able to connect to my other devices. Is this a bad approach?

It's work for me too

[byxil 0]

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled. 😭

[Marcos 5,082]

6 minutes ago, byxil said:

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled.

Please provide logs collected with ESET Log Collector as per the instructions in my post above.

[Novea 0]

Dear,

I'm facing the same issue, disabling HTTP/3 is resolving the ping issue.

 

[Rigo 0]

21 hours ago, byxil said:

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled. 😭

Just to be clear, did you try disabling HTTP/3 traffic scanning? That was the solution for me and the other user here. Having the correct network connection profile alone is not enough. I only ask because you marked my post as the solution but Marcos' post is the actual solution.

[byxil 0]

22 hours ago, Novea said:

Dear,

I'm facing the same issue, disabling HTTP/3 is resolving the ping issue.

 

Please tell me how should I go about deactivating that protocol.

Sorry but I'm not an expert and I looked a bit but I couldn't find where I should set this parameter.

Thank you

[byxil 0]

8 hours ago, Rigo said:

Just to be clear, did you try disabling HTTP/3 traffic scanning? That was the solution for me and the other user here. Having the correct network connection profile alone is not enough. I only ask because you marked my post as the solution but Marcos' post is the actual solution.

Thanks to you too, I know your post wasn't the solution but I can't remove the flag anymore.

For Marcos' solution, I haven't posted the log yet because he created a zip file of over 300 MB and let's, first see if the solution that Novea said works.

Edited April 8 by byxil