Home article search

Detected covert channel exploit in ICMP packet


  • Your ESET product displays the notification "Detected covert channel exploit in ICMP packet"
  • Games or other applications that connect to the Internet do not function properly when this notification is displayed


If you receive a “Detected covert channel exploit in ICMP packet” message from ESET Smart Security in your notification area, traffic either to or from your computer is being blocked by ESET’s active defense system. Fragmented ICMP packets may be used to enable rapid detection of a client connection to the domain controller. In some cases, this detection can prevent games or other applications that connect to the Internet from working as expected.


There are two possible solutions for this issue. If you are unsure which solution applies to you, follow the steps in solution 1 and do not continue to solution 2.

  • Use solution 1 if you want to disable notifications so that you no longer receive pop-up notifications each time an attack is detected.
  • Use solution 2 If this issue is preventing a network-enabled application or game from functioning properly and your Personal firewall module is up to date (versions of the ESET Personal firewall module earlier than version 1047 may identify fragmented ICMP packets as threats and block communication. The problem will be resolved in Personal firewall modules version 1048 and later).

Solution 1: Disable notifications after attack detection

You can disable notifications and configure ESET Smart Security to run in the background without lowering your level of protection if you are unsure whether the cause of notifications is a legitimate threat:

  1. Open ESET Smart Security. How do I open my ESET product?
  2. Click Personal Firewall and click Edit next to IDS and advanced options in the Basic section.

Figure 1-1
Click the image to view larger in new window

  1. Expand Intrusion Detection and click the slider bar next to Display notification after attack detection to deselect it. Click OK to save your changes. Click OK again to exit Advanced setup. You should no longer receive "Detected covert channel exploit in ICMP packet" notifications.

Figure 1-2
Click the image to view larger in new window

Solution 2: Add a trusted IP address to Personal firewall

Add the IP address of the domain controller to the trusted zone by following the appropriate link for step-by-step instructions:

Was this information helpful?