2

I have ESET Smart Security installed on computer A, and I usually connect from PC B to A using RDP. I have to add the IP of B to "trusted zone" on A so that B is not blocked, like in this tutorial.

Recently I was trying to connect from C to A using RDP, and I stopped the "ESET Service" instead of adding the IP of C to trusted zone of A, but C is still blocked until I started ESET again and added the IP of C to trusted zone again.

I'm rather curious that, is adding some IP to "trusted zone" in ESS changes some configuration of Windows permanently? Why connection from C is still blocked even with "ESET Service" stopped?

zhangxaochen
  • 263
  • 1
  • 2
  • 10

1 Answers1

1

ESS uses kernel drivers (epfw.sys, epfwwfp.sys, epfwlwf.sys) for network traffic filtering. These drivers have loaded firewall settings in kernel-mode, so there is no need for transition to user-mode just to evaluate every single network packet.

This is why network rules are applied even if ESET Service is not running.

ge0rdi
  • 1,553
  • 13
  • 18
  • Thx! So is there a way to break the rules automatically when `ESET Service` is down ? – zhangxaochen Sep 20 '15 at 10:30
  • Don't think so. But why do you need to stop service? If you want to temporarily disable firewall just use `Pause firewall` option from ESS tray menu. – ge0rdi Sep 20 '15 at 10:34