Hi Dear friends
when i lock at log viewer I see : Detected ARP cache poisoning attack. but unlike other firewall ESS do not inform me when he block or detect an attack. all of my setting is in default mode. Does anybody know what should i do that ESS inform me once he detects an attack by pop up or so on ?

Regards

Attacks are of course blocked.

Hello.

The question was how to set up ESS to display alerts at the time of attack?

Is that part of the built in rules that come with the program, or part of the "IDS and advanced" options?

If so it doesn't look like either one of those allow you the option to be notified when those rules are hit. Rules you create have the option to be logged and for you to be notified.

I guess if you want to be notified every time your hit buy some default rule you're going to have to wait till ESET allows that option.

Would be nice also to have more info coming from the tool-tray icon. Visual indicators of network activity like Sygate firewall had would be nice.

Switch to Interactive mode of the firewall .

AFAIK , you will not be notified of blocked attached by the IDS (the program works that way)

My firewall is on interactive mode. but after it detects attack, it do not notify me like other firewalls. How can I change it?

You cannot change it . ESS is by design made so that it won't let you know if something is detected (something , I mean instrusion , instrusions are detected by the Instrusion Detection System - IDS) . By design , no changes

Another question would be why would you want to know that someone has attacked you and ESS saved the day ?

Well what has me intrigued is that I checked my log and had the same entry in it.




And its the only entry!


Anyone else?

I mean it gives no source no target nothing other than protocol 0

-{ Quote: "Another question would be why would you want to know that someone has attacked you and ESS saved the day ?" }-

One reason would be to assess the reliability of the attack detection engine and react appropriately. Outpost firewall, which I used to like a lot, produced plenty of false positives when detecting attacks. Sometimes it meant I couldn't connect to a benign website, because the firewall blocked the offending IP range for a time. But since Outpost showed notifications, I knew it was at fault and could tweak or disable the detection egnine. Without these notifications I could only assume the server in question was down.

Since I need connectivity for most of my paid work, lack of notifications could have serious consequences for me, or at least make it much harder to diagnose connection problems. (I ditched Outpost for other reasons some time ago and am using ESS now.)

.marek

Hi dear friends, I want to know how can we set ESS firewall that inform us when we are under attack. I can see attack list in log file but I want see them like pop up.

thank you

ESET Smart Security will only inform you for incoming connection (which may be possible attack) only when the firewall is in Interactive Mode . However , when in Interactive Mode it will also ask you for permission for each and every program that wants incoming/outgoing access

But it do not inform me when I am under ARP attack

ESS does not inform at all for any known intrusion detected by the instrusion detection system (IDS)

But I think it is flaw foe ESS, it should notify us

Silly me , now when the thread got merged , one can see this has already been answered

I do not silly you, I just want answer, because I think it is possible we set filrewall to notify us when we are under ARP attack