Wilders Security Forums  

Go Back   Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET Smart Security
Reload this Page ESET blocks google.com on my PC
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old October 11th, 2011, 10:18 AM
adi2011 adi2011 is offline
Infrequent Poster
  
Join Date: Oct 2011
Posts: 13
Default ESET blocks google.com on my PC
Hi,

I am not sure why this is happening on my computer but whenever I try opening google.com in Internet explorer or in Chrome I can't and all other websites are opening normally. When I choose option "Block firewall" everything works OK and I can open google.com and all other websites normally.

It always worked ok before, I am not sure why it isn't wokring now?

Any help is appreciated and many thank in advance for prompt replys!

Cheers,
Adi
  #2  
Old October 11th, 2011, 10:25 AM
Marcos Marcos is online now
Eset Moderator
  
Join Date: Nov 2002
Posts: 14,193
Default Re: ESET blocks google.com on my PC
Carry on as usual when a connection is blocked for some reason:
1, in the IDS setup, enable logging of blocked connections
2, reproduce the problem
3, paste here the relevant records from your firewall log

Also you might want to disable the option for blocking addresses after an attack detection in the IDS setup.
  #3  
Old October 12th, 2011, 02:51 PM
adi2011 adi2011 is offline
Infrequent Poster
  
Join Date: Oct 2011
Posts: 13
Default Re: ESET blocks google.com on my PC
Quote:
Originally Posted by Marcos
Carry on as usual when a connection is blocked for some reason:
1, in the IDS setup, enable logging of blocked connections
2, reproduce the problem
3, paste here the relevant records from your firewall log

Also you might want to disable the option for blocking addresses after an attack detection in the IDS setup.

Thanks a lot Marcos reply, I appreciate it.

1. I have enabled this option
2. I tried opening google.com in Internet explorer and Google Chrome
3. This is part of ESET firewall log after typing www.google.com which I have exported as XML file:

Code:
<?xml version="1.0" encoding="utf-8" ?> 
- <ESET>
- <LOG>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:46:16 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">No application listening on the port</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:67</COLUMN> 
  <COLUMN NAME="Target">255.255.255.255:68</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:44:35 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1026</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:44:35 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:44:18 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:59 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1025</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:59 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>

-------------------------------------------------------------------------------------------------------


- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:46 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:44 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1518</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:44 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1517</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:44 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1514</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:44 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1512</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:44 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1510</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1518</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1517</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1514</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1512</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1510</COLUMN> 
  <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:43:41 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
  <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
  <COLUMN NAME="Protocol">UDP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>


----------------------------------------------------------------------------------------------------------



- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:38:14 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:38:13 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:38:12 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:37:58 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">192.168.0.237:1150</COLUMN> 
  <COLUMN NAME="Target">209.85.148.147:80</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>

------------------------------------------------------------------------------

  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.147:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1150</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:32 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.147:443</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1168</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:32 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:29 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.147:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1150</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:28 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:26 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:25 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
- <COLUMN NAME="Time">
  <DATE>12-Oct-11</DATE> 
  <TIME>1:36:25 PM</TIME> 
  </COLUMN>
  <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
  <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
  <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
  <COLUMN NAME="Protocol">TCP</COLUMN> 
  <COLUMN NAME="Rule/worm name" /> 
  <COLUMN NAME="Application" /> 
  <COLUMN NAME="User" /> 
  </RECORD>
- <RECORD>
  #4  
Old October 12th, 2011, 03:11 PM
adi2011 adi2011 is offline
Infrequent Poster
  
Join Date: Oct 2011
Posts: 13
Default Re: ESET blocks google.com on my PC
I also must note that after I have disabled "blocking addresses after an attack detection" I can open google.com and everything is working perfect as before but I am not sure is this the right solution to disable this option?

Also I notice beside being unable to open google.com some other websites that I open normally each day are taking to long to load or can't load at all

I hope you can help me solve this Marcos and thanks for your time and patience
  #5  
Old October 13th, 2011, 04:19 AM
dmaasland's Avatar
dmaasland dmaasland is offline
Frequent Poster
  
Join Date: Nov 2010
Posts: 468
Default Re: ESET blocks google.com on my PC
Could you make another log right after rebooting your computer? This log only shows that IDS has blocked an address, but not the main reason which probably occured before you enabled logging.
  #6  
Old October 14th, 2011, 06:28 AM
adi2011 adi2011 is offline
Infrequent Poster
  
Join Date: Oct 2011
Posts: 13
Default Re: ESET blocks google.com on my PC
Sorry, I didn't new U had to restart PC after changing IDS options. Since I am not at my workplace right now I can't send is log right away but as soon as I can I will post results from firewall log.

All the best,
Adi
  #7  
Old October 14th, 2011, 06:39 AM
dmaasland's Avatar
dmaasland dmaasland is offline
Frequent Poster
  
Join Date: Nov 2010
Posts: 468
Default Re: ESET blocks google.com on my PC
Quote:
Originally Posted by adi2011
Sorry, I didn't new U had to restart PC after changing IDS options. Since I am not at my workplace right now I can't send is log right away but as soon as I can I will post results from firewall log.

All the best,
Adi

Well a restart is not needed, but if the detection that caused the block is triggered before logging is enabled, the root cause won't show in the logs .
 

Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET Smart Security « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:06 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums