questions

[plassenopdestoep]

Hi I have quite some questions about ESS (I have Vista HP SP2 32bits)

First I'd like to know about some outbound requests for svchost.exe after computer start-up

It wants to connect to 4 things, does anyone one exactly what for?
1. IP:24.0.0.252
Remote port: 5355 (llmnr)
Local port: 52078

2. IP:239.255.255.250
Remote port: 3072 (3072)
Local port: 49152

3. IP:FF02::C
Remote port: 3072
Local port: 49153

4. IP:208.111.170.97 cds833.ord.llnw.net
Remote port: 80 (HTTP)
Local port: 49169

llnw.net leads to some corporation, which is weird, because if I don't allow it, windows update won't work.


Second question:
When checking common ports with ShieldsUP! at grc.com it replies to a Ping (ICMP Echo) request:
"
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

Can't find an option in firewall to turn it off, how can I stop replying to Ping (ICMP Echo) request?


Third Question:
When scheduling a start-up scan there are 7 scan levels to choose from:
1. Files run before user logon
2. Files run after user logon
3. Only the most frequently used files
4. Frequently used files
5. Commonly used files
6. Rarely used files
7. All registered files

Does one scan level also scan the lower levels, so if I choose Only the most frequently used files does it also scan Files run before and after user logon etc.?



Fourth Question:
I have four pc's with ESS installed(3 Vista, 1 XP.) At 2 of the Vista pc's sometimes Vista Security center reports that firewall or av is off, while Eset reports everything is OK,, if I then disable firewall or av trough Eset, and then enable it again trough Eset, the MS sec. center reports everything is allright. One of these pc's is using ESS 4.0.417, the other 4.0.467. What's the problem? The one with .467 had an older version before, and after installing .467 the firewall was really disabled and reported corrupt, and after uninstalling .467 properly as instructed on Eset website, then installing .467 again, and everything was ok. But this is different because Eset is fine now, windows is just acting weird.

[plassenopdestoep]

Bump!

[Marcos]

1, as for Link Local Multicast Name Resolution (llmnr), enable pre-release updates in the update setup so that a newer firewall module with Windows 7 support is downloaded and installed

2, couldn't it be that you're behind a router which responds to ping ?

3, if you choose to scan most frequently used files, files run before and after user logon should be scanned if you (re)start the computer frequently and thus the files are started frequently, too.

[plassenopdestoep]

1 I have vista, not w7, so would that help?
Do you know what the other connections are for?

2 Yes, I'm behind a router, so that could be it.

3 So technically a higher level doesn't automatically mean it also scans the subsequent levels? The question with frequently used files was just an example, the question was actually in general, about every level.

4 Any idea?

[plassenopdestoep]

another bump

[ronjor]

A couple of off topic posts removed. Please use the Personal Message feature of the forums for personal conversations.

[agoretsky]

Hello,

To answer your question about LLMNR and the ESET Personal Firewall module, enabling pre-release updates will help with this issue under Microsoft Windows Vista.

Regards,

Aryeh Goretsky

[Marcos]

As for the problem reporting status through MSC, follow these instructions to reset the WMI repository.