Apply ICMP Filter

Discussion in 'ESET Smart Security' started by AVPro, Oct 8, 2011.

Thread Status:
Not open for further replies.
  1. AVPro

    AVPro Registered Member

    Joined:
    Mar 9, 2011
    Posts:
    15
    Hi. We have a situation that mirrors brady747's Apply ICMP Filter thread. That thread was too old to reply to, so I am starting this one.

    In essence, we have communication being stopped by ESET's firewall, and the firewall log shows the following:
    • Time = the date and time the communication is attempted (and blocked)
    • Event = "Communication denied by rule"
    • Source = the IP address of the client attempting to connect
    • Target = the IP address of the computer running ESET firewall (and blocking the communication)
    • Protocol = "ICMP"
    • Rule/worm name = "Apply ICMP filter"
    • Application = blank
    • User = blank

    We can replicate it very easily by pinging from the client machine to the machine running ESET firewall.

    If we completely disable the ESET firewall (Advanced setup... -> System integration -> Personal firewall is completely disabled), the communication goes through without a hitch.

    There are a number of rules / settings labeled "ICMP", and we've tried to disable / circumvent all of these, but still the communication is blocked.

    In short, ESET firewall is applying some rule / filter that is described by the ESET firewall in its log as "Apply ICMP filter". There is only one (1) defined rule [an ESET default rule] using the ICMP protocol, and there are no defined rules that indicate an "ICMP filter".

    What is this rule / filter that ESET firewall is applying, and how can it be disabled (without disabling the firewall)? Is this some internal communication control that users cannot alter?

    In the aforementioned thread, Marcos indicated "If a communication is being blocked and you need to figure out the rule that is blocking it . . . [t]his should give you enough information to adjust the necessary rule."

    In general that is true. However, in this case we cannot determine from the information provided by the ESET firewall (above) the rule that should be adjusted, let alone how "to adjust the necessary rule".

    Can anyone shed light on what ESET firewall is doing to prevent the communication, and how to keep ESET firewall from blocking it?


    .
     
    Last edited: Oct 9, 2011
  2. AVPro

    AVPro Registered Member

    Joined:
    Mar 9, 2011
    Posts:
    15
    Bump.

    .
     
  3. JesusV

    JesusV Former ESET Support Rep

    Joined:
    Jan 21, 2010
    Posts:
    93
    Hello AVpro,

    Can you ping the workstation when you disable ICMP protocol attack detection under IDS and advanced options?

    Let me know.

    Regards,
    Jesus
     
Thread Status:
Not open for further replies.