Ver. 9 Dropped Eset connections

[itman 1,659]

Win 7 SP1, x64 and Eset Smart Security 9.0.377.0

 

Reinstalled ver. 9 last night to see if issues fixed from the initial release. Having HIPS issues but will post those in a separate reply one I shake down things for a while.

 

One thing that caught my eye immediately is the number of dropped incoming connections from Eset's U.S. server. See the below screen shot.

 

I suspect this is related to Eset's SSL protocol scanning for cert. pinning? Question is why are these un-statefull inbound connections from Eset occurring and is this normal behavior? I am sure these connections are from browsing activity since the number increases whenever a browsing session is initiated. Also, Eset sig. updating so far appears to be fine.

 

Edited May 1, 2016 by itman

[Marcos 5,071]

Click Details for more information about the blocked communication. It has nothing to do with protocol filtering.

[itman 1,659]

I did.

 

It stated something to the effect that unsolicited inbound TCP packets were blocked which to me means that these were not a result of any outbound initiated communication i.e. they were not statefull responses. Makes me wonder if a firewall rule is needed to allow all inbound traffic for ekrn.exe. And still doesn't explain why the traffic is occurring?

 

Doesn't matter now since I reverted back again ............... to ver. 8 due to numerous ver. 9 HIPS issues that still exist.

[Marcos 5,071]

Hard to say, haven't seen it. I've had 0 blocked connections so it's not a general problem, especially that you didn't run into issues because of that block. If somebody can reproduce it easily, enable diagnostic logging verbosity, reproduce the block and eventually provide me with pcapng files from C:\ProgramData\ESET\ESET Smart Security\Diagnostics.