Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: Meg on June 14, 2025, 05:40:50 AM

Title: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 14, 2025, 05:40:50 AM
Hello: I have hosts (i4.c.eset.com, and c.eset.com) required for live grid on eset antivirus that have been added to exclusions but are still showing in blocked conversations heat map. Can anyone explain to me why these items are being blocked when they have been excluded globally.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: sy on June 14, 2025, 05:52:50 AM
Hi,

What is the Block Message in Blocks report for these domains?
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 15, 2025, 08:26:28 PM
Thanks for the reply SY: Im not sure what you mean Block Message in Blocks report. Where do I find that?
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: sy on June 16, 2025, 04:26:40 PM
Hi,

In the Live Sessions - Blocks tab, there is a "Block Message" column. If it does not exist, you can enable it from the Layout section on the same page.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 16, 2025, 08:44:12 PM
The block message is firstly seen sites. I don't understand why it still gets blocked when it is added to the exclusions list.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Seimus on June 17, 2025, 12:39:44 AM
Did you exlude them as i4.c.eset.com, and c.eset.com or as eset.com?
Can you make a pic and show us the exact exclusion in ZA?

Regards,
S.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 20, 2025, 09:08:08 PM
Thanks Seimus. Yes I had excluded them as you said , but they keep getting blocked
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Seimus on June 21, 2025, 09:16:25 PM
This is wierd,

On the heatmap actually they are shown as
i4.c.eset.com:80
c.eset.com:80

From perspective of the domain, this is different from i4.c.eset.com & c.eset.com. I think ZA here is for some reason showing the domain with the port 80. Cloud be a BUG

Regards,
S.

Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 22, 2025, 01:10:11 AM
Thanks for your reply. I will wait and see if anybody else has any more insight into this. I don't remember it doing this on earlier versions of opnsense.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 22, 2025, 06:07:34 AM
Update: I put in the ip address that the host name resolves to instead of the host name in the exclusions and it seems to have solved the problem so far.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: sy on June 24, 2025, 01:43:48 PM
Hi,

Most probably "*:80" causes the issue. If you can share debug logs we can investigate it. You can increase log level in Settings - Logging - Level - DEBUG4. then please contact to the support team via "Have Feedback" option in the bottom left corner of UI to share the logs.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: sy on June 24, 2025, 02:05:13 PM
Hi @Meg,

We have determined the issue. It is due to the hostname is with ":80" port number and doesn't match to the whitelisted domain. The next maintenance release will have a fix for this.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: Meg on June 25, 2025, 09:44:04 PM
I have sent report as requested.
Title: Re: Items Show up inBlocked Conversations Heatmap that have been added to exclusions
Post by: sy on June 26, 2025, 02:00:43 PM
Hi,

Thanks for sharing. It will be fixed with the upcoming release.
Text only | Text with Images