ESET issues identified

Updated 3 weeks ago by admin

We have identified an issue with certain versions of ESET software that causes incompatibility with software that also uses the Microsoft WFP (Windows Filtering Platform) layer for intercepting network traffic, such as the USS Agent for Windows. The issue causes WFP-redirected connections to fail and is not specific to the USS Agent for Windows software.

The following software version numbers are known to cause the issue:

  • ESET Endpoint 7.2.2055.0
  • ESET Endpoint 7.1.2053.0
  • ESET Endpoint 7.1.2045.5
  • ESET Internet Security 13.0.22.0
  • ESET ESET NOD32 Antivirus 13.0.22.0

The following software versions do not exhibit the problem:

  • ESET Endpoint 7.0.2100.4
  • ESET Endpoint 6.6.2089.2

Further Information / Diagnostics

To confirm the issue is not related to the USS Agent for Windows, it is possible to recreate the problem without the agent installed by following these steps:

  1. Install ESET version
  2. Build and deploy Microsoft WFP sample from here https://github.com/microsoft/Windows-driver-samples/tree/master/network/trans/WFPSampler
  3. Build server.cpp (requires Boost)
  4. Start server.exe as follows: server.exe 44444
  5. Start WFP redirection as follows: WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -pra 127.0.0.1 -prp 44444 -v -iprp 443 -plspid <server.exe process PID>
  6. Start Chrome browser and try to open multiple HTTPS websites, so that Chrome creates a few simultaneous connections.
  7. The server app fails to get redirect records and context for some accepted connections. Browsing is not possible.

There are other third party products reporting the same issue on public forums, such as https://github.com/nmap/nmap/issues/1529


How did we do?