I've been seeing that the protocol filtering in the new V3 of the NOD32 antivirus intercepts the TCP calls for web browsers and mail clients redirecting them thru the loopback interface and doing the browsing by itself. What is bothering me is that it interferes with my firewall.
Currently I'm using Kerio which has a web filtering capability to remove cookies and adverts, among other things, but since I swithced to V3, it hasn't been doing it's job, seems like the proxy in NOD is routing traffic in a non transparent way...

Hello,

Yes, on a quick check I am seeing this problem, as from the point of Kerio filtering of cookies.

I see from both NOD (RC) and Kerio 4.3, that both are making use of localhost for filtering. NOD on local 30606, Kerio on local 44334 (with many other redirects).
Redirecting NOD to localhost proxy 44334, will cause (with default rules) kerio to be bypassed on its application filtering, but still, filtering of "cookies" is not done.

Yes, that's exactly what I thought was going on, only I'm no expert so I couldn't give that much detail:)

On another note, the problem is being reflected on Comodo Firewall as well, the current Beta3 of the upcoming comodo V3 Firewall is conflicting with nod as well, so, from my side, I think installing ESS could be the best choice because if Kerio's filters are being bypassed I think I better have the firewall integrated in ESS and some third party HIPS in case I need it, does this make sense??

We have implemented an option to the firewall that enables you to exclude certain applications from being routed via the local proxy when another firewall is used. Go to the Advanced setup -> Antivirus and antispyware protection -> Web access protection -> HTTP -> Web browsers and put a cross next to the desired application. In the Protocol filtering section, you can choose what traffic will be routed through the local proxy.

-{ Quote: "We have implemented an option to the firewall that enables you to exclude certain applications from being routed via the local proxy when another firewall is used." }-Option to the firewall? With respect, We are looking at the NOD AV (not ESS), with added 3rd party firewall.

I was talking about the web protection as such. You should have these options in EAV as well.

-{ Quote: "I was talking about the web protection as such. You should have these options in EAV as well." }-So a need, basically, to disable web filtering with 3rd party firewalls is needed, for correct filtering of 3rd party firewalls?

I know from my own preferance of firewalls, I do not need this interception of re-direct, as the drivers are below/intercept before NOD AV.
Would this infer that web filtering is not in fact made by NOD with my setups on this?

I know from the last implimentation (IMON~ installation) that NOD caused problems with 3rd party firewalls, it now looks like we will see problems due to this implimentation?

-{ Quote: "We have implemented an option to the firewall that enables you to exclude certain applications from being routed via the local proxy when another firewall is used. Go to the Advanced setup -> Antivirus and antispyware protection -> Web access protection -> HTTP -> Web browsers and put a cross next to the desired application. In the Protocol filtering section, you can choose what traffic will be routed through the local proxy." }-

So, in order to use my favourite firewall properly I have to criple the Webfilterint in the Upcoming NOD32?? is that what you are saying?? or will NOD still analize web traffic before the realtime filters??

edit: I really don't like the AV acting like a proxi, IMHO the web filter in NOD32 shold scan traffic only after it has properly been allowed by a firewall, of course this is only if you are using the standalone version and not ESS, in which case the filtering is correct.

Hi Stern: how would you redirect the traffic in Kerio to ensure the web filtering?? if posible of course ... Thanks.