Firewall question,- advanced mode

Discussion in 'ESET Smart Security' started by mango, Aug 8, 2009.

Thread Status:
Not open for further replies.
  1. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    maybe a novice question but,-

    Had eset in normal view but had problem connecting locally between two computers.

    The machine with eset was able to see the other, but not the other way around.

    Switched to advanced mode, and when connecting the machine with eset started showing warnings of incoming connection when trying to connect to it.

    Does the firewall only display warnings in advanced mode?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Most likely you've also switched the firewall to interactive mode. I assume that with automatic mode you didn't have the other computer added to the trusted zone.
     
  3. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    It was in interactive mode, didnt notice that.

    checked share files at install, and the local ip 192.168.00 is in trusted zones.

    Going to try with automatic mode
     
  4. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    Cant seem to communicate on local network, 192.168.0.1. With ip ranges from 192.168.0.100-192.168.0.110.

    The problem is local sharing etc between two computers with eset

    -allowed filesharing on install
    -trusted zone subnet 192.168.0.0
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you enable logging blocked connections in the IDS setup, what kind of connections are logged in the firewall log? The logs should provide detailed information about the rule that blocked the communication.
     
  6. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    im on win 7, and ive read that this is a a common problem..

    In automatic mode the blocked connections looks like

    Code:
    No usable rule found	192.168.0.101:55231	192.168.0.100:5357	TCP		System	
    No usable rule found	192.168.0.101:55231	192.168.0.100:5357	TCP		System	
    No usable rule found	192.168.0.101:55231	192.168.0.100:5357	TCP		System	
    No usable rule found	192.168.0.101:60756	239.255.255.250:3702	UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found			UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found			UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found	192.168.0.101:60756	239.255.255.250:3702	UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found	192.168.0.101:55213	192.168.0.100:5357	TCP		System	
    No usable rule found	192.168.0.101:55213	192.168.0.100:5357	TCP		System	
    No usable rule found	192.168.0.101:60756	239.255.255.250:3702	UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found			UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found			UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found		UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    No usable rule found		UDP		C:\Windows\System32\svchost.exe	NT AUTHORITY\LOCAL SERVICE
    
    Communication denied by rule	192.168.0.100:138	192.168.0.255:138	UDP	Block outgoing NETBIOS requests	PID=4	
    If i set firewall to interactive mode and follow this guide it worrks fine:
    Code:
    1. Switch to Advanced Mode by clicking Toggle Advanced mode in the lower left corner of the main window.
    2. Click on Setup tab > Personal firewall > Advanced Personal firewall setup and make sure the filtering mode is set to Interactive mode.
    3. Go to Rules and zones and click Setup under Trusted zone and make sure that Allow Sharing is checked. Click Setup under Zone and rule editor and click on Toggle detailed view of all rules
    4. Uncheck the two following default rules; Block Incoming NETBIOS Requests and Block Outgoing NETBIOS Requests 
    5. Now create those two same exact rules again using any name of your choice by clicking New with the only difference that under Address you should only have Networks automatically marked as untrusted NOT All.
    Switch to automatic mode and the firewall blocks incoming connections on network again. So rules created in interactive mode does not work
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You'd need to switch to Automatic mode with exceptions so that the created rules are applied.
     
  8. mango

    mango Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    82
    local folder share seems to work with those settings
     
Thread Status:
Not open for further replies.