Fix WSA Network Issues Caused by ESET Firewall

Posted on 2025-03-20 In Virtual Machine Word count in article: 533 Reading time ≈ 2 mins.

This article explains how to resolve the unexpected network blocking issue where ESET Internet Security firewall arbitrarily prevents Windows Subsystem for Android (WSA) from accessing the internet.

Troubleshooting Process

Today, I encountered a bizarre problem: WSA, which had been working perfectly for over a month, suddenly lost network connectivity. The previous day, everything was fine, and I had made no changes to my network settings. However, after booting up my computer today, Android apps in WSA would get stuck on the loading screen.

To investigate further, I accessed Android system settings through WSA Toolbox and checked WLAN options. The interface showed no available networks, whereas it should normally display “FakeWiFi” connection.

During google search, some users suggested ESET firewall might cause this issue. I then opened ESET and navigated to: Settings → Network Protection → Troubleshooting network access protection → Resolve blocked communication.

There, I discovered multiple recently blocked inbound connections, and the blocked remote IP address matched the one used by WSA.

Solution

Based on this finding, I attempted to manually unblock the WSA IP address in ESET.

After clicking the Unblock button in the top-right corner of the ESET window, I checked the Android settings again. This time, the WLAN option successfully displayed a FakeWiFi connection.

I then relaunched the Android app, and network connectivity was restored, confirming that the issue was resolved.

Rule Analysis

After resolving the issue, I was curious about the firewall rules that ESET automatically created when unblocking the connection. I also wanted to ensure that these rules didn’t pose potential security risks.

By navigating to: Settings → Network Protection → Firewall → Configuration → Rules → Edit, I found that ESET had created a rule allowing inbound connections to svchost.exe from the Trusted Zone and the Local Subnet.

To check the specific IP ranges included in these two groups, you can go to:
Advanced Settings → Protection → Network Access Protection → IP Sets → Edit.

Local Subnet

The Local Subnet usually refers to the LAN segment that the current device belongs to. It is automatically determined based on the IP configuration of your network adapter.

For example, if your router’s IP is 192.168.1.1 and your computer’s IP is 192.168.1.100, then the entire 192.168.1.0/24 subnet (255.255.255.0 subnet mask) is your Local Subnet.

This option is used to identify devices on the same subnet to allow or restrict communication with them.

Trusted Zone

The Trusted Zone is a user-defined or automatically assigned IP address range that ESET considers safe, meaning security restrictions are relaxed for devices within this range.

For more details, refer to the Trusted Zone documentation.

Security Considerations

Although I’ve already forgotten most of what I learned in cyber security class, my personal assessment is:

Allowing Local Subnet and Trusted Zone to communicate inbound with svchost.exe is generally safe when connected to a home Wi-Fi network.
Therefore, ESET’s default rule can be kept in such cases.

However, if you frequently connect to public Wi-Fi networks, I recommend manually adjusting the rule to enhance security.

A safer approach is to only allow svchost.exe inbound and outbound communication within the 172.16.0.0 – 172.31.255.255 private IP range, rather than granting full access to the entire Local Subnet or Trusted Zone.