Installing ESS V5 beta, you can not access router settings page（192.168.1.1）,but after uninstalling ESS can enter the page,can not even turn off all protection to solve the problem
Resolved as soon as possible！

-{ Quote: "Installing ESS V5 beta, you can not access router settings page!Resolved as soon as possible!" }-
Did v4 work fine? Maybe the router produces attacks which are subsequently blocked by firewall. Could you enable logging of blocked connections in the IDS section of the firewall setup, reproduce the problem and post here the relevant entries from the firewall log?

v4 work fine! Using the interactive mode, no pop-up boxes

Ok, so we'll wait for the firewall log records.

Same problem here.

The firewall log only shows such entries :


07/05/2011 12:50:50 Communication denied by rule 192.168.1.1:1900 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests C:\Program Files (x86)\Opera\opera.exe IcesLaptopV3\IcePanther
07/05/2011 12:50:50 Communication denied by rule 192.168.1.1:1900 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests C:\Program Files (x86)\Opera\opera.exe IcesLaptopV3\IcePanther
07/05/2011 12:50:50 Communication denied by rule 192.168.1.1:1900 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests C:\Program Files (x86)\Opera\opera.exe IcesLaptopV3\IcePanther
07/05/2011 12:50:50 Communication denied by rule 192.168.1.1:1900 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests C:\Program Files (x86)\Opera\opera.exe IcesLaptopV3\IcePanther
07/05/2011 12:50:50 Communication denied by rule 192.168.1.1:1900 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests C:\Program Files (x86)\Opera\opera.exe IcesLaptopV3\IcePanther
07/05/2011 12:50:46 No usable rule found 192.168.1.15 239.255.255.250 IGMP System
07/05/2011 12:50:16 No usable rule found 192.168.1.15 239.255.255.250 IGMP System
07/05/2011 12:49:53 No usable rule found 192.168.1.10:64832 255.255.255.255:8612 UDP
07/05/2011 12:49:53 No usable rule found 192.168.1.10:64832 255.255.255.255:8612 UDP


I enabled the log all options in the advanced setup. These happen every minute or so, it's because my router is UPnP enabled, I guess. But this doesn't explain why I can't reach it : no HTTP connection is reportedly being blocked. Firewall is in interactive mode, my browsers (Opera and FF) have outgoing TCP connection to port 80 access to all adresses enabled.

Opera says "connection closed by distant server" (Firefox just shows a blank page), but it could be that the ESET proxy closed the connection. Never had this problem with v4, AVIRA, or no AV. Disabling protection doesn't seem to help either.

Additional details :
192.168.1.15 is my PC, and 192.168.1.10 is the networked multifunction printer (Canon MX 870)

2011-5-7 19:06:15 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests

What if you switch fw to automatic mode with exceptions and disable the rule "Block incoming SSDP (UPnP) requests" which is enabled by default?

Firewall is in interactive mode

-{ Quote: "Firewall is in interactive mode" }-
Ok. So does disabling the above mentioned rule make a difference?

Can not

I disabled the rule by switching the rules view to list all connections independently of the application ("toogle detailed view of all rules"), but still, doesn't work.

I had a firewall pop-up though, that Opera wants to use the SSDP (I guess because of the Unite feature). I allowed communication temporarily for the application, but still, no go. HTTP to 192.168.1.1 still gives a "connection closed by distant server" error, and a blank page under Firefox.

What about allowing IGMP as well as UPnP in the Trusted zone in the IDS setup?

can not

-{ Quote: "What about allowing IGMP as well as UPnP in the Trusted zone in the IDS setup?" }-

Nope, enabled both and it still returns the same error message.
I also tried rebooting the router and PC, to no avail.

-{ Quote: "Nope, enabled both and it still returns the same error message.
I also tried rebooting the router and PC, to no avail." }-
Whenever you adjust firewall rules and subsequently reproduce an issue, please always post your current firewall log records so that we can see what communication is being blocked.

Okay. I'll do from now on.

With both UPnP rules disabled AND IGMP and UPnP allowed in trusted zone, I get less errors, only saying it doesn't find a rule, instead of blocking.


07/05/2011 14:51:16 No usable rule found 192.168.1.1:67 255.255.255.255:68 UDP
07/05/2011 14:51:16 No usable rule found 0.0.0.0:68 255.255.255.255:67 UDP
07/05/2011 14:50:47 No usable rule found 192.168.1.16:5357 192.168.1.15:1371 TCP
07/05/2011 14:50:40 No usable rule found 192.168.1.16:68 255.255.255.255:67 UDP
07/05/2011 14:50:38 No usable rule found 192.168.1.16:5357 192.168.1.15:1370 TCP
07/05/2011 14:50:37 No usable rule found 192.168.1.16:68 255.255.255.255:67 UDP
07/05/2011 14:50:32 No usable rule found 0.0.0.0:68 255.255.255.255:67 UDP
07/05/2011 14:50:29 No usable rule found 0.0.0.0:68 255.255.255.255:67 UDP
07/05/2011 14:50:25 No usable rule found 0.0.0.0:68 255.255.255.255:67 UDP
07/05/2011 14:49:05 No usable rule found 192.168.1.15 239.255.255.250 IGMP System
07/05/2011 14:48:34 No usable rule found 192.168.1.15 239.255.255.250 IGMP System


But the HTTP connection to 192.168.1.1 still doesn't work.

One more thing to try - switch fw to learning mode for a while so that the appropriate rule is created automatically.

2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests

-{ Quote: "2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
" }-
It's impossible you'd get this error after disabling the "Block incoming SSDP (UPNP) requests" rule as I advised.

-{ Quote: "One more thing to try - switch fw to learning mode for a while so that the appropriate rule is created automatically." }-

I've let it in learning mode since your last message. No new rule gets created, and still it's blocked.

Log:

07/05/2011 15:59:34 No usable rule found 192.168.1.15 239.255.255.250 IGMP System
07/05/2011 15:59:01 No usable rule found 192.168.1.15 239.255.255.250 IGMP System
07/05/2011 15:58:57 No usable rule found 192.168.1.12:68 255.255.255.255:67 UDP
07/05/2011 15:58:55 No usable rule found 192.168.1.12:68 255.255.255.255:67 UDP


As you can see, same messages as above.

Problems remain

-{ Quote: "Problems remain" }-

Try to uncheck

"Block unsafe address after attack detection"

I use router TP-Link and no problem with it (XP, 7)

-{ Quote: "Try to uncheck

"Block unsafe address after attack detection"

I use router TP-Link and no problem with it (XP, 7)" }-

Doesn't help here.

-{ Quote: "Try to uncheck

"Block unsafe address after attack detection"

I use router TP-Link and no problem with it (XP, 7)" }-

Doesn't help here.

Eset Moderator help!!! help!!!!

Please bear in mind that it's weekend and I'm replying here in my free time. Also you submitted your post early morning at 4 AM so it may take some time to get a reply.

When a certain communication is blocked, please do the following in the given order (ie. carry out step 1 prior to collecting other logs) :
1. enable logging of blocked packets as per the instructions here (http://kb.eset.com/esetkb/index?page=content&id=SOLN742)
2. collect the following stuff and compress it to an archive:
- ESS configuration exported to an xml file
- SysInspector log
- 2 Wireshark (http://www.wireshark.org/) logs (with no filter set), one created with fw disabled when the issue does not occur and the other with fw enabled when the issue occurs (indicate in their names which log belongs to which situation)
- pcap file as mentioned in the above KB article
- output (ipcfg.txt) of running "ipconfig /all > ipcfg.txt"

When you have the stuff ready let me know and I'll pm you with further instructions. This should eventually help us figure out the root of the issue.

-{ Quote: "Please bear in mind that it's weekend and I'm replying here in my free time." }-
Indeed. :thumb: I hope you can enjoy the weekend some how anyway ;).

-{ Quote: "It's impossible you'd get this error after disabling the "Block incoming SSDP (UPNP) requests" rule as I advised." }-


Love this reply.

It's Beta so of course it's possible as err bugs happen in betas. Come to think of it in final products as well. :)

Enjoy your weekend.

Goto Setup

Click on network tab

Goto configure rules and zones, and select zones tab at the top of pane

Double click on 4th item on that list "addresses excluded from protocol filtering"

Click on add ipv4 address, and enter your routers ip address (Eg : 192.168.1.1) , hit ok and apply that. And presto you got access to your router ;D ;D ;D ;D ;D

-{ Quote: "Please bear in mind that it's weekend and I'm replying here in my free time. Also you submitted your post early morning at 4 AM so it may take some time to get a reply.

When a certain communication is blocked, please do the following in the given order (ie. carry out step 1 prior to collecting other logs) :
(...)

When you have the stuff ready let me know and I'll pm you with further instructions. This should eventually help us figure out the root of the issue." }-

Will do so as soon as I can.

I had to completely disable the firewall to let windows updates download (otherwise it cut the connection to their server, error 80072f76), and I could access my router settings page. So it definitely is an ESS-related problem.

-{ Quote: "
2. collect the following stuff and compress it to an archive:
- ESS configuration exported to an xml file - OK
- SysInspector log - OK
- 2 Wireshark (http://www.wireshark.org/) logs (with no filter set), one created with fw disabled when the issue does not occur and the other with fw enabled when the issue occurs (indicate in their names which log belongs to which situation) - OK
- pcap file as mentioned in the above KB article - NOT OK : It did not create a pcap file despite me creating the correct registry key (screenshot attached in the archive)
- output (ipcfg.txt) of running "ipconfig /all > ipcfg.txt" - OK

When you have the stuff ready let me know and I'll pm you with further instructions. This should eventually help us figure out the root of the issue." }-

Here you go. I can send you a ZIP or RAR archive via PM if you want.