ekrn.exe as a proxy

Hello,

I use NOD32 version 3.0.650.0 with the latest comdo fw.
I have to allow, in comodo, for outlook to access tcp port 30606 on 127.0.0.1 for it to access ekrn.exe (by NOD32), for emails to go out.

This is nice and OK.
The problem is that I wish NOT to allow outlook to go out on any non-email ports, like HTTP, to avoid web threats and so, originating from email I receive.

Now, with version 3 of NOD32, I can't do that since it is acting as a proxy, "outside" comodo, and I can't granularly make NOD32 NOT allowing outlook to go out in any non-email ports.
Thus, NOD32 is creating a bypass to my fw, making it somehow useless... (unless it is a way to make us go for smart security... ).

I tried adding a specific comodo rule, before the one for ekrn.exe, blocking the access of outlook to http ports, but, of course, it didn't help since outlook redirects, in advance, http traffic via port 30606 to ekrn.exe and not by outlook itself via port 80...

Now, outlook.exe is only marked only as an email client and not web browser.
But this doesn't help since the advanced option of "protocol filtering" has no sub-option to defer between email traffic and web traffic - they are bundled.
I tried the middle option, "applications marked..." but it didn't help.
It looks like eset should give here more granular settings, separating email traffic from web traffic.

Please advise how can overcome this issue.

Thanks.

 

There will be a solution to this for Vista users in the version we're working on.

 

Thanks, that's great to hear! ... but what if I use XP?...
And when is it planned to be released (the XP supported version, of course)?

Thanks!

 

Only Vista supports a feature that we'll take advantage of instead of redirecting the traffic through a local proxy. The only options how to work around it are:
1, disable protocol filtering -> files will be scanned by the real-time protection on file save
2, use a firewall that supports local proxies
3, use the firewall built in ESS

 

Thanks.
Sorry to hear it will be solved only for vista.

Can you give me some names, from your knowledge, of FWs that support local proxies?

Thanks.

 

Most firewalls support local proxies if you remove the localhost from the list of trusted network addresses. Of course, writing a ruleset will become harder.

Marcos,
What's that feature only present in Vista?

 

Thanks lucas1985.

The issue here is not really a networking one, but more of a process.
I can, of course, with comodo, control what ekrn.exe can do towards the intrenet, but it masks to me the original application that initiated the session - and this is the real problem, since I care about the first app and I wish to control its networking behavior.

I don't know of any FW that can give this to me, showing me and enabling me to control the whole chain of apps and their networkin behavior.

If NOD32 had operated INSIDE of outlook, in a way that it controlled what outlook will do in the end and NOT being OUTSIDE of outlook - it could have been better.

Thanks.

 

I don't know about Comodo (don't use it) but in the Internet filtering rules it should have a rule to allow all comms to localhost/loopback or something that makes it trust the loopback adapter. Untick that rule and you'll see the pop-ups.