Issue
- Add an IP address to the IDS exception list from the "Network threat blocked" notification that appears when the connection is blocked
- Manually exclude an IP address from IDS
- Stop internal IP traffic from being detected as a threat by the ESET firewall
- ESET is detecting known safe internal IP traffic as a threat
- Examples of internal IP address ranges known to be safe (where "x" is 0-255):
- 172.16.x.x - 172.31.x.x
- 192.168.x.x
- 10.x.x.x
Details
Click to expand
This article applies to the following products:
- ESET Internet Security
- ESET Smart Security
- ESET Smart Security Premium
In some situations, the Intrusion Detection Service (IDS) may detect communication between routers or other internal networking devices as a potential attack. You can add the known safe address to the Addresses excluded from IDS zone to bypass the IDS.
Solution
Add an IP address to the IDS exception list from the "Network threat blocked" notification that appears when the connection is blocked
If you are not receiving "Network threat blocked" notifications, proceed to section 2 to manually exclude IP addresses from IDS.
-
Click Change handling of this threat in the notification window.
-
Click Allow.
- The IP address is excluded. To view the new exception, click Open IDS exception editor or Press the F5 key to open Advanced setup, click Personal Firewall, expand Advanced and then click Edit next to IDS exceptions.
The new IDS exception is in the list.
Manually exclude an IP address from IDS
-
Press the F5 key to open Advanced Setup.
-
Click Network Protection, expand Basic → Zones, and then click Edit next to Zones.
-
Select Addresses excluded from IDS and click Edit.
-
In the Edit zone window, type the IP address of the device being incorrectly detected as a threat in the Remote computer address (IPv4, IPv6, range, mask) field and then click OK.
-
The IP address you just added will be visible in the Firewall zones window. Click OK twice to save your changes and exit Advanced setup.
Your device can now connect to your home network and you should no longer see notifications about attacks coming from an internal IP address that you know is safe.