silent blocking in interactive mode FW

Discussion in 'ESET Smart Security' started by hojtsy, Nov 16, 2007.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Dec 28, 2003
    I am trialling ESS 3.0.563 on windows xp sp2 32bit. FW is set up in interactive mode, with no blocking rules present. I enabled logging of FW blocking connections and worms.
    I run windows 2000 in a vmware virtual machine (Network is "bridged"). I have a VPN (Virtual Private Network) client, but no FW installed on the virtual machine.
    When I disable the firewall of ESS (on host computer), VPN connection works OK in the virtual machine. When the FW of ESS is set to interactive mode, the VPN software reports that it is unable to connect. I see no popups from ESS, and there are no FW logs created.
    I conclude that FW blocks some communication withouth popup or logs, which is a Bad Thing. I reviewed the FW settings, but I do not see anything being set to silently block.
    Any advices on how to let this VPN through without completely disabling the FW?
  2. ASpace

    ASpace Guest


    Enter the Advanced Setup Tree (F5)

    1. Navigate to Personal Firewall.
    Choose Interactive Mode

    2. Navigate to Personal Firewall -> IDS and Advanced options
    Make sure all services are allowed (a.k.a 4 services)

    3. In Personal firewall -> IDS and advanced options , enabled logging

    Open Personal firewall > Rules and zones > Zone and rule setup
    Choose Toggle detailed view of all riles (if already not set to this)
    Uncheck every rule that has Block in the name .

    Confirm with OK.

    Start creating new rule:

    Name : your choice
    Direction : Both
    Action : Allow
    Protocol : TCP & UDP

    Additional action:
    check Log

    In Local tab - For every (ports)
    In Remote choose - For every (ports)
    Then (AFAI remember , you should enter the IP address . So here enter the IP of the vpn client - example .

    Confirm with OK and restart.Try again
  3. hojtsy

    hojtsy Registered Member

    Dec 28, 2003
    Thank you HiTech_boy,
    This part was new to me. I was unaware that there are FW rules applying to all applications, not being shown in the application tree view. Maybe there could have been a quasy-application called "All applications" to show, and group those rules in this view.
    Anyway I created a new rule, and just for test purposes allowed any communication whatsoever. My VPN got through this way. But if I disable this rule or set it to Ask, the connection gets blocked without a popup dialog from ESS. I am starting to get the impression that
    - ESS is unable to identify any application behind the communcation. This is visible in the logs
    - it won't show an ask dialog if application is unknown, even if mode is interactive and/or rule is "ask", but silently block instead
    I am worried about this later finding - I don't like silent blocking in a FW because it hides the information from me that some app. on my system is started being nasty, and also makes it harder to create the proper allow rule.

    Hmm, by the way how do I reoder the detailed FW rules, so they get processed in a different order than creation order?
  4. alexissp

    alexissp Registered Member

    May 8, 2008
    I wanted to thank you all for the detailed answer. It worked well.

    A few remarks which may help others:
    - I experienced it with WMware version 5
    - I read somewhere the advice to switch from "bridged" to NAT. I did NOT do so, and it works.
    - I put the tick back in the "blocked" lines after the problem was solved, and it seems to run fine.
    - It seems the key is to add the new rule to pass the traffic for the VPN target address. The logging allows to identify the exact port(s).

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.