ESET issues identified
We have identified an issue with certain versions of ESET software that causes incompatibility with software that also uses the Microsoft WFP (Windows Filtering Platform) layer for intercepting network traffic, such as the USS Agent for Windows. The issue causes WFP-redirected connections to fail and is not specific to the USS Agent for Windows software.
The following software version numbers are known to cause the issue:
- ESET Endpoint Security 7.3.2039.0
- ESET Endpoint 7.2.2055.0
- ESET Endpoint 7.1.2053.0
- ESET Endpoint 7.1.2045.5
- ESET Internet Security 22.214.171.124
- ESET Internet Security 126.96.36.199
- ESET ESET NOD32 Antivirus 188.8.131.52
The following software versions do not exhibit the problem:
- ESET Endpoint 7.0.2100.4
- ESET Endpoint 6.6.2089.2
Installing version 0.997 or later of the
npcap library provides a workaround to the issue.
- Download the 0.997 version of
- Install the new version of
npcapon the machine running ESET and the USS Agent for Windows
- In some cases, if the problem persists you will need to re-install ESET and then reboot once more
Further Information / Diagnostics
To confirm the issue is not related to the USS Agent for Windows, it is possible to recreate the problem without the agent installed by following these steps:
- Install ESET version
- Build and deploy Microsoft WFP sample from here https://github.com/microsoft/Windows-driver-samples/tree/master/network/trans/WFPSampler
- Start WFP redirection as follows:
WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -pra 127.0.0.1 -prp 44444 -v -iprp 443 -plspid <server.exe process PID>
- Start Chrome browser and try to open multiple HTTPS websites, so that Chrome creates a few simultaneous connections.
- The server app fails to get redirect records and context for some accepted connections. Browsing is not possible.
There are other third party products reporting the same issue on public forums, such as https://github.com/nmap/nmap/issues/1529