Nobody said anything about the firewall . What do you think about it ?

I find it excellent . I tried Automatic mode and Interactive mode . Chose for myself Automatic . Works automatically and flawlessly , no user intervention .
In the help you can find that in Automatic mode blocks all unauthorised incoming connections and uses all default ougoing which is perfect in my opinion .

Works great for me as well.
Feels fast and very secure

Well i haven't test it but i wonder how many leaktest it can prevent :-X ;)

I also like a option to block an attacker for 1 hour if he scans my pc. I hope they will add this option in the future.

In the options there is a IDS section. You can find some known attacks that can be blocked. I first found there where where not many attacks blocked (IDS rules). But when i looked closer i found the folowing log entry:

"Detected ARP cache poisoning attack"

I cound not find this attack type in the options so there must be more rules (it think) :thumb:

I'm planning on testing it this evening.
Curious how leaktest proof it is.

I am very impressed with the ani-hacker in KIS. Let's see if they can compare.

Hallo,I`ve checked the firewall too(leaktest) from http://www.pcflank.com/pcflankleaktest.htm
(in "Automatic and interactive modus).Results:failled.
I`m on line on DSL through one router.
My PC:windows XP home with SP2

{QUOTE-> Nobody said anything about the firewall . What do you think about it ?

I find it excellent . I tried Automatic mode and Interactive mode . Chose for myself Automatic . Works automatically and flawlessly , no user intervention .
In the help you can find that in Automatic mode blocks all unauthorised incoming connections and uses all default ougoing which is perfect in my opinion . <-QUOTE}
From what I've gathered, the automatic mode is pretty much like that of XP integrated firewall. And one has to look to interactive mode for considerably dependable protection. Tell me if I'm wrong of course.

{QUOTE-> I'm planning on testing it this evening.
Curious how leaktest proof it is.

I am very impressed with the ani-hacker in KIS. Let's see if they can compare. <-QUOTE}
Make your tests with these leakers and post results to us: leak-test softwares (http://www.matousec.com/projects/windows-personal-firewall-analysis/introduction-firewall-leak-testing.php#description-leak-test-software) :thumb:
I cannot install ESS because my OS is 64 bit, but I am very curious about ESS performance in leak tests. :dry:

It has some issues with rules not being saved, and rule status for inbound/outbound won't update either.
Other than that, it's pretty easy to figure out.

But it has a critical lack of :


Adding a subnet directly (configuring zones isn't that practical on a connection prompt)
Exclusion mask : For example, for MSN Messenger I want to allow port 80 except for some subnets, which are ad servers. I have to create a rule to allow port 80, then a 'zone' containing the subnets, and then again, create a rule that blocks it. *NOT* very practical, either.
Also, the interface isn't quick : you have to enable checkboxes, etc, losing time, and often timing out. Not very good IMO either.
Leak test protection.
Preset rules.I'm sorry but for now it's not quite satisfying for me. That may however be normal since it's beta, I look forward to future releases.

Suggestion:

-[Firewall] In interactive mode, make the popup windows ALWAYS fit within the screen. As for my resolution 1024x768, when I expand the popup windows (when clicking on "Show Settings"), it always go below the bottom edge of my screen~~

It would be better if the popup windows re-position itself to fit inside screen~

I tested the Firewall with several leaktests.
All are tested in interactive mode

Leaktest results:

DNStester: FAIL
Tooleaky: PASS
Jumper: PASS
Leaktest 1.2: PASS
Outbound: PASS
PcAudit: PASS
PC Audit2: PASS
PCFlank leaktest: FAIL
Surfer: PASS
Thermite: PASS
Wallbreaker: FAIL
Yalta: FAIL


Failed 4 out of 12
pretty ok but still 4 too many.

Hope Eset will do something about it

Any one else tried the leaktests?

cant test it myself since like other people the firewall rules cant be loaded ive reported the bug in my thread.
lodore

Hmmm....I have it set to interactive mode and all of a sudden it's stopped prompting me whenever something tries to make a outbound connection; it just automatically blocks the connection.

The firewall seems nice for a beginning... :)

Although, I found some problems with the incoming and outgoing connections. It seems that ESS doesn't intercept correctly some programs like outgoing for stunnel, and I add to manually change the rule for Ad Muncher to allow incoming traffic through it...

The Allowed services should be disabled by default, and on installation the users can be prompt about them and choose with a nice explanation...

{QUOTE-> But it has a critical lack of :

Adding a subnet directly (configuring zones isn't that practical on a connection prompt)
Exclusion mask : For example, for MSN Messenger I want to allow port 80 except for some subnets, which are ad servers. I have to create a rule to allow port 80, then a 'zone' containing the subnets, and then again, create a rule that blocks it. *NOT* very practical, either.
Also, the interface isn't quick : you have to enable checkboxes, etc, losing time, and often timing out. Not very good IMO either.
Leak test protection.
Preset rules.I'm sorry but for now it's not quite satisfying for me. That may however be normal since it's beta, I look forward to future releases. <-QUOTE}

Yes, all valid concerns. Am I missing something, or are the rules in my attached screenshot all hard-coded? They seem to be. The firewall has potential, but in its present form it is not to my liking. The log entries are also way too crowded. It has refresh problems as well, as it is often necessary to click in the blank spaces to get some of the entries to display. The "Open in new window" option doesn't do anything yet, and there are also no right-click options the suite's tray icon.

{QUOTE-> and I add to manually change the rule for Ad Muncher to allow incoming traffic through it... <-QUOTE}

Ad muncher problems here too. Finally got rules created for it after ESS initially did not recognize it, though it was logging its connection attempts.

{QUOTE-> The Allowed services should be disabled by default, and on installation the users can be prompt about them and choose with a nice explanation... <-QUOTE}

I agree

This suite has terrific potential. Hopefully the developers do away with the hard-coded rules and improve the logging layout in the firewall. This beta is truly only for the very adventurous :)

Offcourse the firewall isn't we all like.
It's the first beta. It looks good but also me hope it will be tighter and offcourse with some kind of HIPS

{QUOTE-> Any one else tried the leaktests? <-QUOTE}

Yes - same results unfortunately!

{QUOTE-> Yes, all valid concerns. Am I missing something, or are the rules in my attached screenshot all hard-coded? They seem to be. <-QUOTE}

Then, it's a bug : No hard-coded / preset rules were existing in my configuration, I had to create them all manually.

Also I second Sjoeii about the HIPS idea.

{QUOTE-> Then, it's a bug : No hard-coded / preset rules were existing in my configuration, I had to create them all manually.
<-QUOTE}

Okay, because I could not edit nor even delete any of those screenshot rules.

Some/all of the pre-defined system rules do seem to be hard-coded.

There is a little bug in the GUI:
188966
188967

Maybe it would be a nice idea to add a column "other zones".


And another suggestion:
instead of changing the filtermode between "Interactive mode", "automatic mode" and "Policy-based mode" a "last" rule for "any other applications" with the possibility to change the "ask", "deny" or "block" for all zones seperatly.

What is with the zone "Add to trusted zone without asking"?

Hi, I'm here again and on my way to deeper leak testing. Only one thing I'd like to say : the internet speed is impressive, faster than with OP or KIS, almost like I had no firewall/webscanner at all. Very nice :)

(however, still my previous concerns stay valid)

I agree with you, IcePanther :)

Until now it works very smoothly, besides of the normal bugs for a initial and beta version...

{QUOTE-> The firewall seems nice for a beginning... :)

The Allowed services should be disabled by default, and on installation the users can be prompt about them and choose with a nice explanation... <-QUOTE}

I tend to agree with you on that.

MNKid

{QUOTE-> Am I missing something, or are the rules in my attached screenshot all hard-coded? They seem to be. <-QUOTE}Yes, these are not editable (on my setups on W2k or XP). I am very concerned about the rule for "Allow remote Administration", is this a joke? Remote Administration for ekrn.exe, why? what for?
{QUOTE-> The firewall has potential, but in its present form it is not to my liking. <-QUOTE}I will not be re-installing this firewall as long as the hard_coded (non-removal/editable) rules are in place.

I am really enjoying the ESS Beta 1. (Thanks for the opportunity, Eset!) The interface is awesome and the performance still quite lean for an entire security suite.

Regarding the firewall, I would love to be able to forward ports in Automatic filtering mode. (Won't allow any tweaking unless Interactive mode is used.) I'm careful enough all-around so I find Automatic safe enough for me, but I simply need to allow a couple ports/ incoming connections. *Thinking of µTorrent*

I would also like the ability to mark a "suspect" (quarantined) item as safe, as ESS has already wrongly accused - and deleted - a perfectly safe file of mine.

All in all, already very impressed by this early beta build of ESS. Currently testing on Vista and XP, replacing my precious NOD32. :thumb:

{QUOTE-> Yes, these are not editable (on my setups on W2k or XP). I am very concerned about the rule for "Allow remote Administration", is this a joke? Remote Administration for ekrn.exe, why? what for?
I will not be re-installing this firewall as long as the hard_coded (non-removal/editable) rules are in place. <-QUOTE}

try re-installing it in advanced mode, and change from automatic to interactive during instal.
then no hard coded rules are made, except for one

"for all tcp & udpactivity = ask"

seems if you leave as automatic during instal, them stupid hard coded rules are made and cant be removed.

{QUOTE-> seems if you leave as automatic during instal, them stupid hard coded rules are made and cant be removed. <-QUOTE}

If so , it should be fixed . In all modes (incl. Automatic) , I think , there should be no unremobable rules.I don't want/like things like "Add to trusted zone without asking" , it can't be removed at the moment . Me as well as the majority of my clients would like to have absolutely nothing in the trusted zone and if it appears by default to be removed after that .

{QUOTE-> try re-installing it in advanced mode, and change from automatic to interactive during instal.
then no hard coded rules are made, except for one

"for all tcp & udpactivity = ask"

seems if you leave as automatic during instal, them stupid hard coded rules are made and cant be removed. <-QUOTE}I did try various installations. On W2K setup, there was no choice of install, this was set as automatic with no other option (bug?). I did make install onto XP with "Interactive", but after installation, when going into the rules "window" and changing the view to "show all rules including system" the hard_coded rules would appear.(have you set the view to this?)

I will of course try another install later, just to re-check.

{QUOTE-> try re-installing it in advanced mode, and change from automatic to interactive during instal.
then no hard coded rules are made, except for one

"for all tcp & udpactivity = ask"

seems if you leave as automatic during instal, them stupid hard coded rules are made and cant be removed. <-QUOTE}

i did set to interactive while instaling ess and still the system rules cant be edited/deleted but since this is beta1 im sure that esset will fix this issue.

I also would like to suggest a feature similar to the one from outpost. outpost detects most common applications and suggests all the rules for them when they try to connect for the first time. it shouldn't be too hard to implement and its quite nice feature.

{QUOTE-> Yes, these are not editable (on my setups on W2k or XP). I am very concerned about the rule for "Allow remote Administration", is this a joke? Remote Administration for ekrn.exe, why? what for?
I will not be re-installing this firewall as long as the hard_coded (non-removal/editable) rules are in place. <-QUOTE}

Hi,

ekrn.exe is part of the ESS product itself, the remote admin on this is for interoperability with the ESET Remote Administration software which allows the control of the configuration etc for management purposes. This remote communication is only relevant to that process, just as in every version of NOD32.

The rules are editable in "interactive" mode, they're not 'hard coded' as such, they just are automatically assessed in the default mode, which should be fine for most purposes. If you have need to make more fine-grained decisions about the firewall, you can use interactive mode. Of course, to allow proper functioning of the system, certain processes are by default allowed, for instance the communication needed to allow ESS to recieve updates.

hope that helps

-AJ

predefined rules are very good idea (something like outposts suggested rules for most common applications which are very useful) but they MUST be editable and they are not.
http://img155.imageshack.us/img155/332/nbnnbi2.th.jpg (http://img155.imageshack.us/my.php?image=nbnnbi2.jpg)
grey rules are predefined system rules and cannot be modified. I hope that in final version this will be fixed

Hello.
{QUOTE-> ekrn.exe is part of the ESS product itself, the remote admin on this is for interoperability with the ESET Remote Administration software which allows the control of the configuration etc for management purposes. This remote communication is only relevant to that process, just as in every version of NOD32. <-QUOTE}My knowledge of AV`s is certainly limited, and certainly have no problem in my admission of this. But I thought that the remote admin was part of the Enterprise(and above) editions of NOD, and am certainly interested why the inclusion of a rule to allow this for an home product would be included. I certainly do not want any "remote admin" on my setup.(and do not see this in the installed NOD2.7 I currently have installed)

{QUOTE-> The rules are editable in "interactive" mode, they're not 'hard coded' as such, they just are automatically assessed in the default mode, which should be fine for most purposes. If you have need to make more fine-grained decisions about the firewall, you can use interactive mode. <-QUOTE}This I have still to see. I have, and posted the fact, I have made a number of installations, and changed many settings, but none, as yet, have allowed me to change the system rules, which do indicate "Hard_coded". I would certainly be interested on how you have manged to change these rules.
{QUOTE-> Of course, to allow proper functioning of the system, certain processes are by default allowed, for instance the communication needed to allow ESS to recieve updates. <-QUOTE}Of course, for an AV updates are needed. From previous versions of NOD, we can see the sites that will be connected to(update servers), I am sure that rules can be made that allow only connections to such sites to be included for updates. This could be done with a "trusted zone" for outbound to such sites, and as these lists can be updated in nod, I am sure these could be updated in the firewall.(with an option to allow/deny}

From the lack of responce from Eset on this, I will presume that this (hard_coded rules)is not a bug, but in fact intentional.

{QUOTE-> From the lack of responce from Eset on this, I will presume that this (hard_coded rules)is not a bug, but in fact intentional <-QUOTE}

Stem , the lack of responese is one thing , the rules are other .

I have mailed ESET beta support and they are aware of these "hard-coded" rules.I very helpful ESET employee told me the developers would be made aware of them .

I use Automatic mode and these rules appear here , too . I think they are bugs because ESS asks me about some things : "Allow or not" and it just does not remember my choice . The same applies for the local host and additing a subnet to the "trusted zone without asking" . I get asked about them but it does not remember them after that . Hope ESET will fix them ;)

I've been running it in Automatic Mode and I have been very satisfied until I have realised that it blocks incoming uTorrent connections.

So, I switched to Interactive Mode. The problem is that now I have to define rules not just for uTorrent, but for a million other applications. It doesn't come with predefined rules for common applications/common protocols (SmartFTP/FTP Program).

It will take a while for them to create a database of all common applications and their rules.

I think that they should allow Automatic Mode with Rules. It's the best of both worlds. Deal with everything automatically, but allow me to specify rules for a few applications that need incoming connections. That way, the user would not have to switch to interactive mode and configure a million apps just because he only needs one app to have incoming connections while the other are handled very well by the Automatic Mode.

SpookyET, you can do a rule to allow outgoing for application *.* it works for me ^_^.

http://www.Photo-Host.org/thumb/951024allow_outgoing.png (http://www.Photo-Host.org/view/951024allow_outgoing.png)

{QUOTE-> Stem , the lack of responese is one thing , the rules are other .

I have mailed ESET beta support and they are aware of these "hard-coded" rules.I very helpful ESET employee told me the developers would be made aware of them .

I use Automatic mode and these rules appear here , too . I think they are bugs because ESS asks me about some things : "Allow or not" and it just does not remember my choice . The same applies for the local host and additing a subnet to the "trusted zone without asking" . I get asked about them but it does not remember them after that . Hope ESET will fix them ;) <-QUOTE}

I think Stem has some very legitimate concerns regarding the hard-coded rules. I have sent two emails to Eset regarding this and have gotten no response. Regardless of their lack of response to me, their lack of response here to the concerns expressed by Stem and others, IMO, speaks volumes. Why can't one of the Eset mods just post a simple yes or no answer to this concern so we can move on? For me if it is the answer is, yes, the hard coded rules will remain, then I can move on because, even though I have been a long term subscriber to Nod 32, for me it is time to look at other options. As I said, their lack of response here speaks volumes; at least to me.

{QUOTE-> SpookyET, you can do a rule to allow outgoing for application *.* it works for me ^_^.

http://www.Photo-Host.org/thumb/951024allow_outgoing.png (http://www.Photo-Host.org/view/951024allow_outgoing.png) <-QUOTE}

I believe that you misunderstood me. Read my post again.

I must say i just had to uninstall it as no matter what I tried with the rules, I was unable to access my network attached drive.

Bummer :-\

Hmm - re-installed it with "standard" settings and it wouldn't allow Spybot OR Adaware to connect for updates. No pop-ups either asking permission.
Strangely it worked fine with AVG Anti-Spy updater pop-up showed, ticked "allow" and off it went!

{QUOTE-> I believe that you misunderstood me. Read my post again.
<-QUOTE}

"I think that they should allow Automatic Mode with Rules. It's the best of both worlds. Deal with everything automatically, but allow me to specify rules for a few applications that need incoming connections."

Config a rule for allow outgoing for all applications is the same that "automatic mode". Putting that rule in "policy-based mode" or "interactice mode" is was you need, or not?

works really perfectly i love it

It's possible globally turn off firewall?

Hi, I got problem with VPN network was blocked by Eset Security Suite's firewall. What do I fix the Firewall give a VPN allow access network the server via internet. Also MSN Messenger's Remote Assistance allow to us.

How do I fix the Firewall, eg TCP or UDP and port get allow.... Thanks for help

The firewall has a rather erratic memory at times! (Interactive mode)
I run one laptop connected wirelessly to an ADSL modem/router, so in computing terms, that is classified as a network.
This a.m., on booting, I had a dialogue box pop up informing me that the firewall had detected an unrecognised network - did I want it allowed? This is in spite of that self same network, (my wireless connection) having been "allowed" and "remembered" yesterday. The delay in my ticking the box (I was making the early morning tea!) meant that even after allowing this "new" network, my wireless connection failed to connect properly and I had to re-boot. Annoying!
Similarly when re-booting I was asked if I wanted to allow "generic host process...." access to the internet. Yet another forgotten setting this also having been allowed previously and supposedly remembered
This element of the firewall certainly needs tightening up.
Positively, I can say that once up and running I am impressed by the minimal impact, if any, the Eset Suite has on my surfing etc.
Much better than other combinations, of firewall & AV from separate vendors I have tried!