I know ESS has an IDS system for blocking certain attacks, but with V3 I had never seen it block something and not knowing what it whas...
With V4 I have this lots of logs displaying: Packet Blocked by Active Defense (IDS) followed by Local and Remote adresses, ports and protocols.
What does it mean?? and what has been blocked??

Here is a pic.

I have no idea but suppose that this could be packets blocked because of the fact that the firewall performs SPI (stateful packer inspection)

{QUOTE-> In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected. <-QUOTE}

v3 is SPI firewall , too , by the way , at least it should be ;D

That's exactly my point, what has changed so dramaticaly that there where no such alerts in V3?? If Eset improved IDS so much it would be nice to know what it is that it does now that didn't do then...

Thanks for the reply.

hello,
i am using adsl and i didnt see any attack logs in my ess4.
after seeing you post i enabled both options under node IDS .

204279

now i get flooded in logs refreshing every second. its terrible:wacko: !

204280

i am wondering...
did you enabled the logging options above,
before receiving the logs showed in your first post?
if not, oh they look more weird.

@Bensec:
Exactly as you, all options enabled from the beginning. Another problem that I saw (and posted about here:http://www.wilderssecurity.com/showthread.php?t=225779 -- with a screen shot here: http://www.wilderssecurity.com/showpost.php?p=1352237&postcount=3) is that enabling such detalied losg leaves the firewall window on a constant refresh loop and renders the GUI to a halt (freezes) and you have to kill it and restart it.

{QUOTE-> I know ESS has an IDS system for blocking certain attacks, but with V3 I had never seen it block something and not knowing what it whas...
With V4 I have this lots of logs displaying: Packet Blocked by Active Defense (IDS) followed by Local and Remote adresses, ports and protocols.
What does it mean?? and what has been blocked??

Here is a pic. <-QUOTE}

What blocking rules do you have created / enabled? Is this causing some issues with certain applications or the system? The message appears if a certain communication is blocked, but the firewall could not identify the reason (e.g. if a packet has been received, but no information about the connection exists any more. Either it has already been terminated or never existed.).

Marcos:
I have the standard outgoing rules for web browsers, mail and IM programs. Rules for the programs that require a web connection for update purposes and others for programs like word or excel that require web to provide help and other uses.
I have no incoming trafic allowed whatsoever, but I have a local network set up for sharing printers and other stuff.
The weird thing is that when traffic is blocked due to a rule, I see the rule that blocks the traffic so that -I guess- is not the case for this alerts.
They are very generic and don't tell much, do you agree??

edit: no problems with any applications that I'm aware of, what needs internet has it, so far...