Having problems with the latest firewall module 1047?

[Marcos]

Hello,
a problem has been found in the latest version of the firewall module 1047 in certain system configurations in spite of intensive pre-release testing when the module had been distributed to several dozens thousands users with test mode enabled and subsequent staggered update to other users.

Known symptoms are the loss of Internet connectivity or inability to obtain an IP address from the DHCP server.

If you're experiencing these problems after the recent update of the firewall module, please provide us the following information:

1, version of ESS (e.g. ESS 32-bit, 4.0.437)
2, version and platform of the operating system, including installed service packs (e.g. Vista 32-bit, SP1)

Get a list of blocked connections by enabling the "Log all blocked connections" option in Setup -> Personal firewall -> IDS and advanced options. With this option enabled, reproduce the problem and disable logging.

If you see "No usable rule found" for port 53, create a bi-directional rule for all applications with remote port 53 allowed. If you're having this problem, check if you have the "DNS Poisoning attack detection" enabled in the IDS section (should be enabled) and let us know if it's actually enabled if you're having problems with Internet connectivity.

If the computer cannot obtain an IP address, you should see the communication between x.x.x.x:67 and 0.0.0.0:68 blocked in the firewall log. Creating a rule for inbound communication with local port 68 and remote port 67 should work.

Enclosed find an xml file with predefined rules that should work as an interim solution. If you have the firewall set to automatic mode, switch it to automatic mode with exceptions so that the rules are actually applied.

[funkydude]

Not had any issues, but it's nice to see you guys on top of this so fast,

[dirkivs3]

ok , huge problem here ,
every computer with windows vista that has ESETSS on it ,
is not getting an ip adress,
if i turn off ESET firewall and internet protection it all works fine ,
i can update ESET if i turn off the security so i hope they find a fix for it soon,
i work at a computer store and now have like 15 computers here that i cant repair, (all with ESET an windows vista)
kind of an urgent update needed over here...
help plz!

[mbonus]

Add me to the list of those affected by the 1047 release. Two laptops running Vista.


First noticed the problem on a machine running ESET 32bit SS 4 / Vista SP1 (not currently in front of this machine for the specific build). Would not connect to home wireless nw.

The other laptop is the following and will not connect to either Wi-Fi or Mobile Broadband (ATT):

Vista 32bit Home SP1
ESET SS 3.0.657.0

I tried to upload the temprule you posted to no avail. ESET 3 does not seem to have a Automatic mode with exceptions. Any support would be appreciated.

Mike

[dirkivs3]

new update! i think it is fixed now, turn of firewall and internet protection then do the update and then turn it on again, it should be fixd, small mistake probally by ESET programmers, but they fixd it really fast

[Cudni]

Quote:

Originally Posted by Marcos

Enclosed find an xml file with predefined rules that should work as an interim solution. If you have the firewall set to automatic mode, switch it to automatic mode with exceptions so that the rules are actually applied.

and it does work, before the rule was applied the only way i could reconnect was to disable the FW, connect and then reenable it. Any other mode, other than with automatic in their name, caused a block.

[mbonus]

Quote:

Originally Posted by dirkivs3

new update! i think it is fixed now, turn of firewall and internet protection then do the update and then turn it on again, it should be fixd, small mistake probally by ESET programmers, but they fixd it really fast

I am not sure you are correct. I tried that procedure and nothing updated. The only way I can connect is to disable the firewall.

[mbonus]

Quote:

Originally Posted by Cudni

and it does work, before the rule was applied the only way i could reconnect was to disable the FW, connect and then reenable it. Any other mode, other than with automatic in their name, caused a block.

I wonder if this fix is only applicable the v4. I have not been able to get it to work on v3 although I will be the first to admit that I don't entirely understand how to apply the temprule.

[Cudni]

Quote:

Originally Posted by mbonus

don't entirely understand how to apply the temprule.

is there an option to import/export settings somewhere in the menu bar, under setup in 4.x ?

[ronjor]

There is a new firewall module available if you have the test mode enabled.

Quote:

Virus signature database: 4180 (20090623)
Update module: 1028 (20090302)
Antivirus and antispyware scanner module: 1226 (20090622)
Advanced heuristics module: 1092 (20090309)
Archive support module: 1096 (20090616)
Cleaner module: 1041 (20090603)
Anti-Stealth support module: 1012 (20090526)
Personal firewall module: 1048 (20090623)
Antispam module: 1011 (20090114)
SysInspector module: 1212 (20090414)
Self-defense support module : 1006 (20090513)

[mbonus]

Quote:

Originally Posted by Cudni

is there an option to import/export settings somewhere in the menu bar, under setup in 4.x ?

correct, however this laptop is on v3 of ESET. V3 also has a import/export, but this rule does not seem to take effect under this version.

[mbonus]

Quote:

Originally Posted by ronjor

There is a new firewall module available if you have the test mode enabled.

Silly question, how do I enable test mode?

[cqpreson]

Good job.Thank you.

[ronjor]

Quote:

how do I enable test mode?

Click the tray icon, press f5 for advanced mode, and set it as in the screen shot.

[mbonus]

Quote:

Originally Posted by ronjor

Click the tray icon, press f5 for advanced mode, and set it as in the screen shot.

I guess this is not an option for version 3?

EDIT: PS thank you for the answering of NOOB questions... I should have been clear that I was on V3 and had already gone to the advanced settings of the udate tab.

[ronjor]

Quote:

not an option for version 3

Not an option for Version3 as far as I know.

[mbonus]

oh well, fiddlesticks

[Marcos]

A KB article with instructions has been created for both v3 and v4 users. It's available here.

[Cudni]

Good move to introduce an ask rule, among few others, for unknown traffic in the Personal firewall module: 1048 (20090623) - test mode for now

[Jarth]

I had the problem as mentioned, where you couldent obtain the propper IP.
Thx for the fix mentioned above. (Though, when i import, i also adds: Remote port DNS(53) ).

That aside, i got a worse problem, i cannot get the "interactive mode" to work. In the sence, that the firewall blocks applications, but dont ask to add rules.
(I cleared the list a while back, so all empty now, except for the standard-rules).
When useing the "automatic mode" however, the applications are still blocked, so i cant realy use the firewall till thats all fixed.
Thx in advance.

[ronjor]

Do you try the learning mode?

[dirkivs3]

in you reinstall it , all works fine again ,
but how long is the question

[stratoc]

could do with stickying http://kb.eset.com/esetkb/index?page...nt&id=SOLN2277 maybe?

[stratoc]

and you change server back to automatically choose after update to 1048 im guessing?

[HealingStargate]

Quote:

Originally Posted by Marcos

A KB article with instructions has been created for both v3 and v4 users. It's available here.

OK Marcos and thank you.

I have SS3 and followed the instructions. I had to reboot and then did the update with firewall disabled and it did give me 1048.

Do you suggest to place the update BACK to 'choose automatically' or leave it on the new server?

Thank you.

KOR-