Log is showing No Usable Rule Found. This is for svchost and color coded blue. Does this mean svchost has gone online ? I want to have control over svchost going or not going online. Also, where is the color code key located ?

-{ Quote: "Log is showing No Usable Rule Found. This is for svchost and color coded blue. Does this mean svchost has gone online ? I want to have control over svchost going or not going online. Also, where is the color code key located ?" }-
Anyone with an explanation ?
BTW..I have Interactive Filtering Mode enabled.

I am experiencing this as well. As far as I can tell, this occurs on the IGMP protocol. Here is a snippet from my log when it occurs:

12/1/2007 11:08:27 PM No usable rule found 192.168.2.2 224.0.0.22 IGMP

A quick search on Google revealed that this is local subnet multicasting (http://technet2.microsoft.com/windowsserver/en/library/9feb45d5-bf5a-4e55-8c71-a37b7e7c3b311033.mspx?mfr=true). This is benign. Also, svchost is a generic host server that lots of programs use. It is best to leave it alone and let ESS watch for malware infiltrations.

I have problems with IGMP protocol, too.. The only way how I managed to run VLC smoothly was to generally allow all IGMP traffic for any application.

The IGMP entry in ESS's firewall log is normal. It is a multicast broadcast from Windows. Allowing this traffic will not compromise the security of your computer. In fact, blocking IGMP traffic could cause all kinds of problems on your system (especially with streaming media). Hopefully eset will update their firewall to ignore this entry.

-{ Quote: "Log is showing No Usable Rule Found. This is for svchost and color coded blue. Does this mean svchost has gone online ? I want to have control over svchost going or not going online. Also, where is the color code key located ?" }-

First: I am going to assume you are in either Interactive or Policy Based Mode, and that you have told the firewall to log blocked connections.....
Now: No Usable Rule Found means that (while being in Interactive or Policy Based Modes, the firewall detected a connection (usually incoming but it can be outgoing) and there was no rule for it in the Ruleset, so, as a consecuence it drops the connection, it means that you have not set a rule for that connection and probably did not see the alert pop up for it so the firewall had to make a desition, and since there is no rule, it drops and registers the event.
I know because it is what tech support told me when I asked them.

-{ Quote: "First: I am going to assume you are in either Interactive or Policy Based Mode, and that you have told the firewall to log blocked connections.....
Now: No Usable Rule Found means that (while being in Interactive or Policy Based Modes, the firewall detected a connection (usually incoming but it can be outgoing) and there was no rule for it in the Ruleset, so, as a consecuence it drops the connection, it means that you have not set a rule for that connection and probably did not see the alert pop up for it so the firewall had to make a desition, and since there is no rule, it drops and registers the event.
I know because it is what tech support told me when I asked them." }-
OK Thanks MasterTB ... this, for me, is just another problem for this program. It is hard to believe i did not see the popup and as far as i am concerned the program should do what it wants to do, BUT should continue to send popups until the user takes a definitive action. I have faith that ESET will, in time, get the bugs out of ESS.

-{ Quote: "OK Thanks MasterTB ... this, for me, is just another problem for this program. It is hard to believe i did not see the popup and as far as i am concerned the program should do what it wants to do, BUT should continue to send popups until the user takes a definitive action. I have faith that ESET will, in time, get the bugs out of ESS." }-

Well don't be so surprised about missing a pop up, If you leave your computer allways on, then it could have happened over night or at any moment you weren't on. Remember that the alerts usually have a time out, connections cannot be held hostages of an answer :) . And if the program insisted upon it, then it will appear again. I believe it was some ICMP or a Multicast of some type. Read the logs and check for the protocol, if it was an ICMP (mine allways are) then there was no pop up because there is no need for one, Eset is just keeping you Stealth.

Can a rule be made for this?? To allow or block?

Ruben

anyone??

Ruben

-{ Quote: "Can a rule be made for this?? To allow or block?

Ruben" }-

Hi Ruben:

A Rule made for what, do you ask ??
I believe it is always possible to make rules .. could you be more specific?

to allow IGMP traffic for some apps

Ruben

Hello,

you can allow incoming streams from the Internet via IGMP protocol by checking appropriate checkbox in the Setup>Personal firewall>IDS and advanced options

the 224 network is multicast...

see this site: http://en.wikipedia.org/wiki/IP_Multicast

I have seen no specific multicast rules w/i ESS.

@mayt
I do have that enabled,but I still get that -no usable rule found error

Ruben

any idea

Ruben

Anyone?

Ruben

anyone that can help us?

Ruben

still would need some help here

Ruben

still hoping for some help with IGMP

Ruben