Jump to content

Ping blocked by eset


Go to solution Solved by Rigo,

Recommended Posts

I installed Smart Security on a PC with Windows 11 and now I can no longer ping that PC with my home automation system. Both are in my local network 192.168.1.X but the home automation server cannot ping my PC. I tried reading some messages with the same problem as me, but I'm not very expert and I didn't really understand what to do.
If I uninstall the antivirus the ping works again
Can someone help me? Thank you

Link to comment
Share on other sites

Does your Eset active network connection show as Public profile?

Link to comment
Share on other sites

In the Configuration menu, -> network security, -> network connection, I have my router as a private network and a virtual network as public

Link to comment
Share on other sites

2 hours ago, byxil said:

I have my router as a private network

On the Private profile, Eset's firewall trusts all connections on the local subnet; e.g. 192.168.1.0/24.

If you review Eset default firewall rules and scroll down to the rule title "Allow ICMP communication in the Trusted zone," all ICMP communication is allowed. This leads me to believe it's ICMP activity from the the VPN connection that is being blocked.

Ping from the HA server again. Immediately thereafter open Eset GUI -> Network Protection. Refer to the section titled "Resolve blocked communication." The count shown should be a non-zero value. Mouse click on Resolve blocked communication section. Shown should be the blocked ICMP communication and you can have the Eset firewall auto create a firewall rule to allow the ICMP traffic.

Edited by itman
Link to comment
Share on other sites

On 4/1/2024 at 9:33 PM, itman said:

Ping from the HA server again. Immediately thereafter open Eset GUI -> Network Protection. Refer to the section titled "Resolve blocked communication." The count shown should be a non-zero value.

I tried, but there is no new entry in "Resolve blocked communication.", the value remain zero.

Link to comment
Share on other sites

1 hour ago, byxil said:

I tried, but there is no new entry in "Resolve blocked communication.", the value remain zero.

I guess we can assume that the Eset firewall is not blocking the inbound ping activity.

You will have to go through Eset logs; Detections, Filtered web site, HIPS, and Network Protection to determine if any entries exist related to this ping activity.

Edited by itman
Link to comment
Share on other sites

Thank you in the meantime for your support.
I found it, if I turn off the network traffic scanner, the ping works.

I can disable the option from Configuration > Advanced Configuration > Detection Engine > Network Traffic Scanner > "Enable Network Traffic Scanner" on/off switch.

However, I don't have an option to modulate this choice, either I deactivate all traffic or enable everything, I would like to be able to only deactivate the ping control towards the address of my home automation server.

Link to comment
Share on other sites

It's strange that Eset Network Traffic Scanner would block a ping from a device on a trusted network to another device on the same network. One possibility is Eset is monitoring for a ping flood attack: https://www.imperva.com/learn/ddos/ping-icmp-flood/ .

In any case if this is a major issue for you, I would open a tech support request about it.

Link to comment
Share on other sites

I am having the same exact issue.  I also found that disabling "network traffic scanner" allows the ping to go through. I have 3 PC's using the same config. The 2 that are working correctly are on version 17.0.16.0, The one that is no longer working as intended is on 17.1.9.0. This definitely seems like a bug. If i manually disable all the features that "network traffic scanner" enables, I still can't ping. That option is doing more filtering behind the scenes that we don't know of.

Link to comment
Share on other sites

What is the procedure for opening a technical support request? I would like to exclude from network scanning that device that has a fixed IP on the LAN

Thanks for your help

Link to comment
Share on other sites

27 minutes ago, byxil said:

I would like to exclude from network scanning that device that has a fixed IP on the LAN

In current Eset versions, you can't set exclusions to Network Traffic Scanner.

28 minutes ago, byxil said:

What is the procedure for opening a technical support request?

Open Eset GUI -> Help and Support -> Technical Support.

Link to comment
Share on other sites

  • Administrators

The network traffic scanner doesn't affect network communication except HTTP(S), POP3(S) and IMAP(S). Ping sends an ICMP echo so it can be blocked only by network protection.

Please carry on as follows:

  1. Enable advanced logging under Help and support -> Technical support
  2. Reproduce the issue
  3. Stop logging
  4. Collect logs with ESET Log Collector and upload the generated archive here.
Link to comment
Share on other sites

I've attached my logs.

I enabled advanced logs then replicated the issue as follows:

- Ping w/ ESET running - No response
- Disabled ESET firewall - No Response
- Disabled network traffic scanner - Response!
- Re-enabled ESET Firewall - Response!
- Re-enabled network traffic scanner - No response

Disabled logs and collected.

eis_logs.zip

Link to comment
Share on other sites

  • Administrators

Does disabling only HTTP/3 make a difference?

image.png

 

Does adding the subnet 192.168.50.0/24 to the Trusted zone make a difference?

image.png

Link to comment
Share on other sites

Disabling HTTP/3 traffic scanning worked! Thank you!


I already had a network connection profile with the IP ranges needed so I didn't need to add an IP set but the first solution did the trick.

Hopefully this works for OP as well.

Link to comment
Share on other sites

  • Administrators
3 minutes ago, Rigo said:

I already had a network connection profile with the IP ranges needed so I didn't need to add an IP set but the first solution did the trick.

Not really, I see that the activator for the private network profile are:

Windows profile: Domain
Windows provile: Private

image.png

Hence I asked to add the subnet to the trusted zone explicitly.

Link to comment
Share on other sites

  • Solution
Posted (edited)

aA1i1TmaNr.thumb.png.0b9567a862bf8fd6ad5f41cada78bca3.png With this profile. I am able to connect to my other devices. Is this a bad approach?

Edited by Rigo
Link to comment
Share on other sites

  • Administrators

I can't verify if the activators are valid on your machine, hence I've asked to put the subnet to the trusted zone explicitly at least while troubleshooting the issue.

Link to comment
Share on other sites

44 minutes ago, Rigo said:

aA1i1TmaNr.thumb.png.0b9567a862bf8fd6ad5f41cada78bca3.png With this profile. I am able to connect to my other devices. Is this a bad approach?

It's work for me too
image.png.bad48dd16bf5389a15d2699569f9528a.png

Link to comment
Share on other sites

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled. 😭

Link to comment
Share on other sites

  • Administrators
6 minutes ago, byxil said:

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled.

Please provide logs collected with ESET Log Collector as per the instructions in my post above.

Link to comment
Share on other sites

Dear,

I'm facing the same issue, disabling HTTP/3 is resolving the ping issue.

 

Link to comment
Share on other sites

21 hours ago, byxil said:

No it doesn't work like that either, I've given up and to get the ping I need for my automations, I have to keep network traffic disabled. 😭

Just to be clear, did you try disabling HTTP/3 traffic scanning? That was the solution for me and the other user here. Having the correct network connection profile alone is not enough. I only ask because you marked my post as the solution but Marcos' post is the actual solution.

Link to comment
Share on other sites

22 hours ago, Novea said:

Dear,

I'm facing the same issue, disabling HTTP/3 is resolving the ping issue.

 

Please tell me how should I go about deactivating that protocol.

Sorry but I'm not an expert and I looked a bit but I couldn't find where I should set this parameter.

Thank you

Link to comment
Share on other sites

Posted (edited)
8 hours ago, Rigo said:

Just to be clear, did you try disabling HTTP/3 traffic scanning? That was the solution for me and the other user here. Having the correct network connection profile alone is not enough. I only ask because you marked my post as the solution but Marcos' post is the actual solution.

Thanks to you too, I know your post wasn't the solution but I can't remove the flag anymore.

For Marcos' solution, I haven't posted the log yet because he created a zip file of over 300 MB and let's, first see if the solution that Novea said works.

Edited by byxil
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...