[KB2939] Exclude an IP address from IDS in ESET Windows home products (15.x – 16.x)

Issue

• Add an IP address to the IDS exception list from the "Network threat blocked" notification that appears when the connection is blocked
• Manually exclude an IP address from IDS
• Stop internal IP traffic from being detected as a threat by the ESET firewall
• ESET is detecting known safe internal IP traffic as a threat 
• Examples of internal IP address ranges known to be safe (where "x" is 0-255):
  • 172.16.x.x - 172.31.x.x
  • 192.168.x.x
  • 10.x.x.x

Details

Solution

Add an IP address to the IDS exception list from the "Network threat blocked" notification that appears when the connection is blocked

If you are not receiving "Network threat blocked" notifications, proceed to section 2 to manually exclude IP addresses from IDS.

1. Click Change handling of this threat in the notification window.

2. Click Allow.

3. The IP address is excluded. To view the new exception, click Open IDS exception editor or Press the F5 key to open Advanced setup, click Personal Firewall, expand Advanced and then click Edit next to IDS exceptions.

The new IDS exception is in the list.

Figure 1-4

Manually exclude an IP address from IDS

1. Open the main program window of your ESET Windows product.

2. Press the F5 key to open Advanced Setup.

3. Click Network Protection, expand Basic → Zones, and then click Edit next to Zones.

4. Select Addresses excluded from IDS and click Edit.

5. In the Edit zone window, type the IP address of the device being incorrectly detected as a threat in the Remote computer address (IPv4, IPv6, range, mask) field and then click OK.

6. The IP address you just added will be visible in the Firewall zones window. Click OK twice to save your changes and exit Advanced setup.

Your device can now connect to your home network and you should no longer see notifications about attacks coming from an internal IP address that you know is safe.