Wilders Security Forums  

Go Back   Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET Smart Security
Reload this Page Apply ICMP Filter
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old October 8th, 2011, 10:50 PM
AVPro AVPro is offline
Infrequent Poster
  
Join Date: Mar 2011
Posts: 15
Default Apply ICMP Filter
Hi. We have a situation that mirrors brady747's Apply ICMP Filter thread. That thread was too old to reply to, so I am starting this one.

In essence, we have communication being stopped by ESET's firewall, and the firewall log shows the following:
  • Time = the date and time the communication is attempted (and blocked)
  • Event = "Communication denied by rule"
  • Source = the IP address of the client attempting to connect
  • Target = the IP address of the computer running ESET firewall (and blocking the communication)
  • Protocol = "ICMP"
  • Rule/worm name = "Apply ICMP filter"
  • Application = blank
  • User = blank

We can replicate it very easily by pinging from the client machine to the machine running ESET firewall.

If we completely disable the ESET firewall (Advanced setup... -> System integration -> Personal firewall is completely disabled), the communication goes through without a hitch.

There are a number of rules / settings labeled "ICMP", and we've tried to disable / circumvent all of these, but still the communication is blocked.

In short, ESET firewall is applying some rule / filter that is described by the ESET firewall in its log as "Apply ICMP filter". There is only one (1) defined rule [an ESET default rule] using the ICMP protocol, and there are no defined rules that indicate an "ICMP filter".

What is this rule / filter that ESET firewall is applying, and how can it be disabled (without disabling the firewall)? Is this some internal communication control that users cannot alter?

In the aforementioned thread, Marcos indicated "If a communication is being blocked and you need to figure out the rule that is blocking it . . . [t]his should give you enough information to adjust the necessary rule."

In general that is true. However, in this case we cannot determine from the information provided by the ESET firewall (above) the rule that should be adjusted, let alone how "to adjust the necessary rule".

Can anyone shed light on what ESET firewall is doing to prevent the communication, and how to keep ESET firewall from blocking it?


.
Last edited by AVPro : October 9th, 2011 at 01:33 AM.
  #2  
Old October 12th, 2011, 01:40 AM
AVPro AVPro is offline
Infrequent Poster
  
Join Date: Mar 2011
Posts: 15
Default Re: Apply ICMP Filter
Bump.

.
  #3  
Old October 14th, 2011, 03:56 PM
JesusV's Avatar
JesusV JesusV is offline
Former ESET Support Rep
  
Join Date: Jan 2010
Posts: 93
Default Re: Apply ICMP Filter
Hello AVpro,

Can you ping the workstation when you disable ICMP protocol attack detection under IDS and advanced options?

Let me know.

Regards,
Jesus
 

Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET Smart Security « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 12:18 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums