Jump to content

ESET 8.x firewall blocks Apple AirDrop


Recommended Posts

The new version of ESET we've been forced to upgrade to with Mac OS 15 (we did an OS upgrade without and all network access was lost, so we've found a very painful, manual way to update to 8.x so we can upgrade the os - a really bad experience, your test and UX people need firing.  Seriously, if you can't keep up with OS updates and have your products upgradable with the central console then sort your lives out)... and then found Apple Airdrop from mobile devices is blocked by the firewall.  We're disabling ESET firewall and going back to the Apple one.   We may well look for a replacement product if this isn't sorted ASAP - and a restoration of the local Firewall configuration we used to have would go a long way to allowing us to resolve these issues ourselves in future.

I'm going to go spam your Twitter and other socials I can find to warn others considering using your products for Mac until you get your act together and sort these things out.  Please reply ASAP, I'll be working through the weekend to try and fix the mess you've made with this hopeless update.

Link to comment
Share on other sites

  • Administrators
8 hours ago, Laurie said:

The new version of ESET we've been forced to upgrade to with Mac OS 15 (we did an OS upgrade without and all network access was lost, so we've found a very painful, manual way to update to 8.x so we can upgrade the os - a really bad experience, your test and UX people need firing.

Unfortunately this complaint should be addressed to Apple, the maker of macOS. Many other mac products suffer from the same issue as you can read at https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/.

Link to comment
Share on other sites

47 minutes ago, Marcos said:

Unfortunately this complaint should be addressed to Apple, the maker of macOS. Many other mac products suffer from the same issue as you can read at https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/.

Not really, putting ESET in the same group as Crowdstrike isn't the best marketing when we know their failures this year.

It's not Apple's fault you can't update to 8.x through the central console, which tells you 6.x is 'up to date'.  It's not Apple's fault every web communication is blocked in 6.x and you have to manually unpick ESET.  It's not Apple's fault the ability to manually configure exceptions (like /usr/libexec/sharing, which would fix the airdrop issue) has been removed in 8.x.

This is all on ESET, a total failure to test, and a failure to respond.  Show me, for example, where the email or banner is from ESET warning users not to update Mac OS until they've updated ESET, and then detailing the problems they will meet?

Nothing - just letting their paid userbase see machines incapacitated and even when finally 'fixed' by fighting the old and new ESET version still a lot of issues.

It's nice to know ESET don't have a solution and just post deflection without even sympathy.  I'll go talk to the company owner about finding a replacement that actually cares, tests, and works.

Link to comment
Share on other sites

  • Administrators

First of all, Bleepeingcomputer.com is not owned by nor in any way related to ESET. According to https://www.bleepingcomputer.com/welcome-guide/, it is

a free community where people come together to discuss and learn how to use their computers in an atmosphere that is both helpful and welcoming. With over 700,000 registered members asking and answering questions, BleepingComputer.com has become a vibrant and lively community of like-minded people.

BleepingComputer is paid for completely by advertisement revenue and the moderators are all volunteers. What this means is that any support and advice you receive from this site is completely free.

That said, the article is not sponsored nor paid by ESET so calling it a marketing practice is wrong.

As for upgrade to ESET Endpoint Security v8, from v7 it's automatic as long as you didn't turn off the auto-update policy.

image.png

Also when creating a software install task, it's available for selection:

image.png

As for the problem with Airdrop, it is that the firewall requires the appropriate rule to allow the communication. In automatic mode the firewall allows all outbound communication but for non-initiated inbound communication the appropriate permissive rule must be created.

According to https://support.apple.com/en-am/102538: Make sure that incoming connections aren't blocked in firewall settings. I've reached out to the developers with a request for instructions what rules need to be created for AirDrop to work.

Link to comment
Share on other sites

  • ESET Moderators

Hello,

TechCrunch (owned by Yahoo, Inc.), also notes that programs from Microsoft, SentinelOne, and even the Mozilla Foundation are having problems with Apple's macOS Sequoia update:  https://techcrunch.com/2024/09/19/apples-new-macos-sequoia-update-is-breaking-some-cybersecurity-tools/

ESET's engineers are looking into this, and I'm sure that developers from CrowdStrike, Google, Microsoft, Mozilla, Mullvad, SentinelOne and other affected independent software vendors are doing the exact same thing for their customers.

ESET always works with operating system vendors to ensure compatibility with updates and new versions of operating systems before they are released.  Some operating system vendors, like Microsoft, even have special programs in place to ensure compatibility with security software and other important "day one" applications when those updates and new versions of Windows comes out. 

While ESET's engineers develop for and test with versions of macOS from Apple's developer program, there's no similar program to Microsoft's from Apple.  This means there is always the possibility that third-party software developers for Apple are not going to find out about any changes made to the operating system between release candidate and general availability and be able test for compatibility with them until Apple releases that new version to everybody.

As previously stated by my colleague @Marcos, ESET is investigating all reported issues and coming up with solutions, whether that's a program update, knowledgebase article, update to program's documentation or whatever that might be.  And while I cannot speak for them, I suspect all the other third-party software developers who were affected by this are doing the exact same thing.

Regards,

Aryeh Goretsky
 

Link to comment
Share on other sites

I'm using MacOS 14,7 with ESET Endpoint Security 8.1.6.0. And AirDrop is not working. I'm also getting fed up with these issues.

I'm an ESET partner with multiple customers; Windows is mostly fine, but these MacOS issues are getting really annoying... Get your act together ESET!

Link to comment
Share on other sites

On 9/21/2024 at 4:17 AM, Marcos said:

First of all, Bleepeingcomputer.com is not owned by nor in any way related to ESET. According to https://www.bleepingcomputer.com/welcome-guide/, it is

a free community where people come together to discuss and learn how to use their computers in an atmosphere that is both helpful and welcoming. With over 700,000 registered members asking and answering questions, BleepingComputer.com has become a vibrant and lively community of like-minded people.

BleepingComputer is paid for completely by advertisement revenue and the moderators are all volunteers. What this means is that any support and advice you receive from this site is completely free.

That said, the article is not sponsored nor paid by ESET so calling it a marketing practice is wrong.

As for upgrade to ESET Endpoint Security v8, from v7 it's automatic as long as you didn't turn off the auto-update policy.

image.png

Also when creating a software install task, it's available for selection:

image.png

As for the problem with Airdrop, it is that the firewall requires the appropriate rule to allow the communication. In automatic mode the firewall allows all outbound communication but for non-initiated inbound communication the appropriate permissive rule must be created.

According to https://support.apple.com/en-am/102538: Make sure that incoming connections aren't blocked in firewall settings. I've reached out to the developers with a request for instructions what rules need to be created for AirDrop to work.

Hi Marcos,

Do you have the instructions to create rules to allow Airdrop? I even enabled firewall logs in EP but I can't find the blocked communication to be able to create the correct rule.

 

Thanks.

Link to comment
Share on other sites

I have the fix to this issue (AirDrop not working because firewall is blocking it).

You must allow this app in ESET's firewall: /usr/libexec/sharingd

I have created a rule to allow incoming traffic for this app and it worked like a sharm.

image.thumb.png.ab3f93d6e460b13c72e842a05a83c46e.png

Maybe it's a good idea to have this rule by default if you select your zone as trusted.

Edited by Lockbits
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...