"Trusted zone" in ESET Smart Security still works even with "ESET Service" stopped?

Question

I have ESET Smart Security installed on computer A, and I usually connect from PC B to A using RDP. I have to add the IP of B to "trusted zone" on A so that B is not blocked, like in this tutorial.

Recently I was trying to connect from C to A using RDP, and I stopped the "ESET Service" instead of adding the IP of C to trusted zone of A, but C is still blocked until I started ESET again and added the IP of C to trusted zone again.

I'm rather curious that, is adding some IP to "trusted zone" in ESS changes some configuration of Windows permanently? Why connection from C is still blocked even with "ESET Service" stopped?

score 1 · Answer 1 · answered Sep 20 '15 at 08:55

ESS uses kernel drivers (epfw.sys, epfwwfp.sys, epfwlwf.sys) for network traffic filtering. These drivers have loaded firewall settings in kernel-mode, so there is no need for transition to user-mode just to evaluate every single network packet.

This is why network rules are applied even if ESET Service is not running.

"Trusted zone" in ESET Smart Security still works even with "ESET Service" stopped?

1 Answers1