PCAPdroid block Eset Endpoint Security virus signature updates.

[moakt3]

Hi.
I have a problem with Eset Endpoint Security (enterprise antivirus for android) signatures updates. PCAPdroid fully block it even with outgoing rule for app. Disabling firewall not help. Only fully stop help. There is no even dns request in conection tab when try update.

PS: Eset online app activation and another netwotk services work fine with working PCAPdroid with firewall.

LineageOS 14.1 (Android 7.1.2)

Please help.

[emanuele-f]

Hello,
Based on your information it seems like the AV may be detecting that a VPN is active and refuse to run the update via it. You can try to:

• exclude the AV app from the capture (VPN): in the PCAPdroid settings, add the AV app to the "VPN Exemptions"
• alternatively, capture in root mode, however you won't be able to use the PCAPdroid firewall to block connections

[moakt3]

Nope. I try two different firewall's with vpn filtering methods. Eset update work fine. Moreover i'm install Android 5 (OS from the box) and Eset update work fine with PCAPdroid. I think there is some incompatibility with PCAPdroid and LineageOS.

PS: I can't exclude Eset from firewalling because blocking some Eset app telemetry hosts.

[emanuele-f]

Have you tried with a fresh PCAPdroid install, e.g. flushing the app data? There could be some rule or setting which may affect the AV. I'm not aware of specific issues linked to LineageOS, but maybe you can try with another rom

[moakt3]

Many times. Eset always show "No internet connection".
All custom OS for my phone forked from LineageOS. I try AOKP. Results the same.

Eset for updates use 80 port. Maybe this is some conflict with PCAPdroid. All others Eset services use 443 port.

...or maybe this a problem with a dns resolving in PCAPdroid. There is no dns request at all when i try update Eset. All SSL/TLC connections hardcoded inside Eset and can connect without resolving. Just a guess, but ...