interactivemode 0 Posted August 29, 2016 Posted August 29, 2016 The interactive mode of my firewall is not working as intended. It blocks all non explicitly allowed connections without prompting.Since when I upgraded to ESET 9 the problem occurred. I even uninstalled it and installed it again (exported/imported all my settings) the problem did not resolve. In my log the blocked connections no rule name is specified. I'd checked all firewall rules, but I can not find global deny rules. <ESET><LOG><RECORD> <COLUMN NAME="Time">8/29/2016 5:14:25 PM</COLUMN> <COLUMN NAME="Event">Communication denied by rule</COLUMN> <COLUMN NAME="Source">X.X.X.X:1843</COLUMN> <COLUMN NAME="Target">X.X.X.X:80</COLUMN> <COLUMN NAME="Protocol">TCP</COLUMN> <COLUMN NAME="Rule/worm name"></COLUMN> <COLUMN NAME="Application">C:\XXX.exe</COLUMN> <COLUMN NAME="User">xxx</COLUMN></RECORD></LOG></ESET>
Administrators Marcos 5,453 Posted August 29, 2016 Administrators Posted August 29, 2016 It sounds like a blocking rule is higher in the rule list than the appropriate allowing rule. Without checking your rule list and knowing what communication you would like to allow or to be asked about we can't tell more.
itman 1,801 Posted August 29, 2016 Posted August 29, 2016 (edited) It blocks all non explicitly allowed connections without prompting. Sounds to me you enabled the default deny all inbound/outbound connections that resides at the bottom of the firewall rule set. I did the same thing initially. That rule should only be enabled when running the firewall in policy mode. Disable that rule and make sure the firewall is set to interactive mode. You will then start getting alerts of anything for which an existing rule does not exist. Edited August 29, 2016 by itman
Recommended Posts