Detected covert channel exploit in ICMP packet

KB Solution ID: SOLN2274|Last Revised: November 06, 2014

Issue

  • Your ESET product displays the notification "Detected covert channel exploit in ICMP packet"
  • Games or other applications that connect to the Internet do not function properly when this notification is displayed

Details

If you receive a “Detected covert channel exploit in ICMP packet” message from ESET Smart Security in your notification area, traffic either to or from your computer is being blocked by ESET’s active defense system. Fragmented ICMP packets may be used to enable rapid detection of a client connection to the domain controller. In some cases, this detection can prevent games or other applications that connect to the Internet from working as expected.

Solution

There are two possible solutions for this issue. If you are unsure which solution applies to you, follow the steps in solution 1 and do not continue to solution 2.

  • Use solution 1 if you want to disable notifications so that you no longer receive pop-up notifications each time an attack is detected.
     
  • Use solution 2 If this issue is preventing a network-enabled application or game from functioning properly and your Personal firewall module is up to date (versions of the ESET Personal firewall module earlier than version 1047 may identify fragmented ICMP packets as threats and block communication. The problem will be resolved in Personal firewall modules version 1048 and later).

Solution 1: Disable notifications after attack detection

You can disable notifications and configure ESET Smart Security to run in the background without lowering your level of protection if you are unsure whether the cause of notifications is a legitimate threat:

  1. Open ESET Smart Security. How do I open my ESET product?
     
  2. Press F5 to open Advanced setup.
     
  3. Expand Network   Personal firewall and click IDS and Advanced options.
     
  4. Expand Intrusion detection and deselect the check box next to Display notification after attack detection. Click OK to save your changes. You should no longer receive "Detected covert channel exploit in ICMP packet" notifications.

Figure 1-1
Click the image to view larger in new window

Solution 2: Add a trusted IP address to Personal firewall

Add the IP address of the domain controller to the trusted zone by following the appropriate link for step-by-step instructions:

Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All