I am not an expert. I have just disabled Home/Public/Domain under Advanced Settings - Firewall properties on Win 7 64. My prob was I was getting Win FW & Eset FW network selection window. Now I am not getting Win FW network selection window. Only getting Eset FW network selection window & this I wanted. So my prob is solved by disabling all the 3 networks under advanced settings.
Yep. As I suspected by setting WIN7 firewall service back to automatic last night after the gyration I mentioned previously, it reset itself upon first cold boot to the correct settings. I have verified the WIN7 firewall is indeed off for monitoring local host and external Internet public profile connections on my PC for both Home and Public networks via visual TCPView and Win 7 event log verification. The WIN 7 is on for the domain profile as it should be since Eset doesn't monitor that. The WIN 7 firewall also monitoring and blocking inbound local subnet traffic from other devices per public profile policy. Appears this is controlled at the network level in WIN 7 and can't be turned off unless you totally disable the WIN 7 firewall by disabling it's service. Below are screen shots of current WIN 7 firewall settings:
In regards to this: The WIN 7 firewall also monitoring and blocking inbound local subnet traffic from other devices per public profile policy. Appears this is controlled at the network level in WIN 7 and can't be turned off unless you totally disable the WIN 7 firewall by disabling it's service. There appears to be a glitch in the Eset firewall rules. I just saw more multicast DNS inbound requests i.e. inbound IP address 224.0.0.252, port 5355, blocked by the WIN 7 firewall. These are for other devices on my local network and are being blocked under the WIN 7 public profile setting. They should likewise be blocked by Eset under the Public profile setting but the current rule is to allow all multicast DNS inbound requests. Go figure? I suspect these are coming from my router which is normal broadcast activity. Also I have a theory as to why the WIN 7 firewall is not properly reconfigured after an initial Eset SS install. This probably is due to the virtualization of the WIN 7 registry. When settings are changed many will not take effect until a cold boot occurs.
Found another firewall glitch. And this is an important one. Appears Eset firewall and possibly all of Smart Security features take a few seconds to initialize coming out of sleep mode. My event log showed over 70 connections that were blocked during that time! Which means you definitely don't want to totally turn off the WIN 7 firewall by disabling it's service. If you do, you have zip inbound protection till the Eset firewall comes online.
Believe I finally have this straightened out. First, the Win firewall needs to be set to "ON" for all profiles. Here are a couple of links attesting to that fact: https://forum.eset.com/topic/358-smart-security-firewall-issue-on-windows-8-pro-64/ https://www.wilderssecurity.com/thre...et-managing-windows-built-in-firewall.343630/ I believe this true based on my prior posting of what I observed coming out of sleep mode and what I believe happens at boot time; the Eset firewall takes time to initialize itself. Also I believe the WIN firewall is being used to perform proxy like activities for the Eset web filtering processing although I have no present proof of that. Most security products I am familiar with that perform port web filtering, do so via an internal local host proxy server. I see no evidence of that activity in Eset Smart Security. I am questioning the web filtering at this point since to date I have yet to see it block anything unless it is doing so silently? Finally, I activated Eset detail firewall logging; not the easiest thing to do. I verified that all events I observed in my WIN 7 security audit-failure event log were actually blocked by the Eset firewall. As such, it is the Eset firewall that is generating those event log entries. Hence the reason Eset detail firewall logging is turned off by default; there is no need for it except for special case instances. I did observe a slight lag in browsing speed with the WIN 7 firewall on for my current profile. Nothing dramatic in my opinion.
Yes, both HIPS and Firewall logging is disabled by default as they are mainly meant for troubleshooting purposes, and logging should not be left enabled for long periods of time or else the log file can grow quickly in size. We had a user not long ago that was asking why there was a big 1,3 GB HIPS log and what it was for, the user had enable HIPS logging so the solution was to simply delete the log file and disable HIPS logging.
