ESET SS 4 with limiters

Just to make sure, can you confirm that KAV actually employs WFP? Has somebody from KAV confirmed it?

 

No I cant confirm because I do not know how to recognize if it is WFP. I only know that works.

KIS has NDIS driver for filtering when i am looking on network details.

 

ESET, too, uses an NDIS driver for filtering the communication by the firewall. For HTTP/POP3 checking, we use WFP in Vista SP2 and newer.

 

But problem was found in Vista SP1 when Smart security comes vith 4-th version. Are you sure that WFP was used from SP2? not from SP1?

 

Whether or not WFP is used depends on the build of v4. Newer builds support WFP from Vista SP2.

 

But problem I found in SP1 when SS4 was released. If first version not using WFP in SP1 then problem is not in WFP. Am I right?

 

The earlier builds of v4 utilized WFP from Vista SP1, the latest builds support WFP from Vista SP2.

 

ok now I understand thank you

Did eset contact microsoft about this bug in wfp?

 

bump .

 

Hello Robis,

ESET works with Microsoft on a number of things, including issues like this.

Regards,

Aryeh Goretsky

 

OK thanks for responding
It is possible to se somewhere progres of this issue?

 

Hello,

As I understand it, Microsoft would make a change to WFP functionality when a Service Pack is released, so checking the technical documentation for Service Pack 2 and then on MSDN for information about WFP would be a good start.

Regards,

Aryeh Goretsky

 

ESET used bugged functionality of WFP and user must read whole documentation? I am shocked..
Its sounds like we have new tool lets use it, it does not matter that new tool is buggy It is new than use it.

If esset knows bug from SP1 and now from SP2 why they are still using buggy WFP?

 

Hello,

I think you misunderstood my previous message.

Microsoft changes things all the time--sometimes these changes are related to security issues, but they could also be to fix bugswhich are non-security related. Microsoft also makes changes to APIs, adding or removing new functions, or changing the way in which an existing one works. That occurs more rarely, though, since it can require a lot of Microsoft as well as third-party software to be updated. Sometimes the changes are at the request of independent software vendors (ISVs) who would like additional functionality.

When API changes occur, ISVs update their products to take advantage of whatever new features or fixes Microsoft has added, which is what happened in this case: Microsoft made changes to WFP, and ESET updated their software for compatibility purposes.

Regards,

Aryeh Goretsky

 

Geez give me a break. Agoretsky gave you a valid response and no, the sky isnt falling.

 

Yes I understand but:

ESSET SS4 was released - problem starts VISTA SP1 64b
now after many months with SS4 VISTA SP2 64b problem still there

I am using v 4 since was released ... from my point of view I am paying for product witch not working correctly since was released. If ESSET knows that why ESSET using bugged WFP instead another nobuggy technology? I know that microsoft updating they products but, I dont understand why so long is this functionality in ESSET SS 4 working bad.
FYI: This bug was announced to esset since SS was released.

 

Hello Robis,

If you review messages #15 and #23 from Marcos earlier in this message thread, you will see that ESET is using Microsoft's recommended method for implementing this type of security, and that the issue does not seem to be with ESET's software, but rather with what happens on Microsoft's side. As Marcos wrote in message #17 the solution is to not measure ping using HTTP as this skews the results.

Regards,

Aryeh Goretsky

 

ok but why simply page www.seznam.cz with this proactive version is loading about 15-30 seconds? if I unticked then within 1-2 seconds? I used web ping only as number for better explanation.

 

Hello,

I am not sure. It could be an issue with how the software is configured, or with the type of network connection in use.

Since you mentioned Seznam, by any chance are you located in the Czech Republic or Slovak Republic? If so, perhaps it would be easier to get your questions answered if you called ESET's headquarters and asked to speak to an engineer.

Regards,

Aryeh Goretsky

 

Yes I am form czech ... but from support I hear only wait for new version ... since 4 was released. It doesent matter if www is seznam.cz or other site. Fact is that www with few objects is loading very slow.

Connection to internet is garanted 4Mbit/1Mbit. I have router ASUS WL-500W ... but if I directly connect internet is it same.

 

At WFP forum some good man tell me try this:

NET STOP BFE

At my PC this command kills 2 services IPSec

after killing all is ok ping is 20ms

1)What BFE and IPSec services do?


2)If i disable this services what with security? I have smart security 4 is it ok is this replacing BFE and IPSec and Windows firewall?

I tried disabled one by one and problem is caused by BFE service. If i manualy shutdown by NET STOP BFE then all is ok. But if I all those services stop and set to dissabled than my computer is booting to blue screen :/ .


I tried uninstall smart security and boot with disabled services that is ok. But when I am trying install SS4 then i got bluescreen.

Why when I install SS 4 or booting windows where SS4 starting must be BFE service enabled?

Strange is that if I stop BFE and run again BFE then all works ok. When ESET SS4 is starting it seams that corrupt BFE functionality.

 

BFE Service -
http://itsvista.com/2007/03/base-filtering-engine/

 

I speak with microsoft man we together create test case via WFPUtil.
He gets my logs from that application and he say:

Code:

I've received the files and am looking them over.  1 thing I noticed is that Eset uses 5 filters, 3 of which would affect IPv4 traffic, of these 3, 1 is specific to TCP.
On an outbound flow, one of Eset's callout gets invoked (ALE_AUTH_CONNECT_V4).  when the reply comes back another of their callout's gets invoked (ALE_AUTH_RECV_ACCEPT_V4) Additionally if the packet is a TCP packet (such as HTTP), then another of their callouts is invoked (INBOUND_TRANSPORT_V4).  You would ned to have talks with them as to the performance and what they are doing in the callouts at those layers.
I am seeing 2 drops of multicast packets, and a lot of errors in regards to stream injection and removing associated contexts.

Marcos or Agoretsky please where should I send those logs from WFPUtil?

 

Hello,

Please mail them to support@eset.sk, along with a link to this message thread.

Regards,

Aryeh Goretsky

 

Hi

Now email was send with included file link to discusion

please let me know if you found something

EDIT: I got email from ESSET that i didint have ticket number. Do you have those logs?