ESS 4.2 & foo_upnp

Hello

Ever since installing ESS 4.2 on my Windows 7 laptop I can no longer stream music via UPnP

I have enabled UPnP in the IDS section (as discribed here http://kb.eset.com/esetkb/index?pag...arch&viewlocale=en_US&searchid=1280847951202), but still no joy

I installed ESS 4.2 with the default settings

This issue is really annoying and if I can't resolve it, I will be forced to look for another product

Thanks

Ben

 

try disabling HTTP, HTTPS protection (at your own risk)
When you're done streaming make sure you turn it back on.

 

That didn't work

 

I have set the firewall to learning move, and while it add rules for foobar2000.exe, the uPnP element still does not work

 

My media server shows up under "Network"

http://imgur.com/XBY8n.png

But not in my media app

http://imgur.com/IdgyX.png

I just can't work out what is going on, this is a show stopper for me

Ben

 

Disable the firewall

http://imgur.com/SCG3Z.png

BINGO!

How can I fix this?

 

Setting the firewall on interactive, running foobar2000 and creating a custom rule for foobar2000.exe (allowing every port and address) works

I can then set the firewall to Automatic mode with exceptions still works

Can anyone tell me why Automatic mode does not work?

 

Automatic mode allows all outbound communication and blocks any uninitiated incoming communication.

In case the communication of a certain application is blocked, enable logging blocked connections in the IDS setup, reproduce the problem and then check the firewall log for details about the blocked communication. This will give you a clue as to which rule needs to be modified in order to allow the communication.

 

Here's my log file

It is quite clearly blocking foobar2000.exe's UPnP requests, which I don't understand as UPnP is enabled for the trusted zone

Code:

03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55699	255.255.255.255:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55699	255.255.255.255:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	127.0.0.1:11607	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	127.0.0.1:11607	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55698	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55698	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:2789	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:2789	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben

Ben

 

I want to leave my firewall in automatic mode, can this be fixed? I have enabled UPnP for the trusted zone but it clearly does not work

 

Allow UPNP in the Trusted zone

Enables UpnP (Universal Plug and Play), which allows for automatic configuration of network devices​

I can only assume that this is broken, I have enabled it, but UPnP does not work for me, my laptop is in the trusted zone but I cannot see my UPnP media server

 

I give up!

Looks like I'll have to ask for a refund and find myself another security suite

 

I assume the firewall is just doing its job. If UPnP is blocked in the TZ in spite of having it allowed in the IDS setup, continue as follows and provide the necessary stuff for perusal:
1, leave logging blocked connections enabled in the IDS setup
2, configure the firewall to create pcap logs with blocked packets captured per the instrucions here
3, reproduce the problem

Compress the following stuff to an archive, upload it somewhere and PM me a link to it:
- pcap log
- Eset firewall log
- configuration of your ESS exported to an xml file (Setup -> Export/import settings)

 

Thanks Marcos

I am at work at the moment, I'll try this later when I am home and I'll be in touch

Ben

 

PM sent

 

Port 1900 is a standard UPnP port

http://www.grc.com/port_1900.htm

So why is ESS blocking it in Automatic mode? I can only assume the FW is broken, what else is it blocking?

I now have no faith in ESS

 

It'd be a security gap if every application was allowed to communicate via UPnP by default. See this.

 

Why does enabling UPnP under IDS still not work then?

Why should I have to create a rule to allow foobar2000.exe through?

I would not expect ESS to block UPnP traffic on my home network!

 

bump

Why does ESS block UPnP traffic on my home network, even though it is enabled under IDS?

 

For security reasons, UPnP is enabled within TZ for system services. To allow UPnP for other applications, an appropriate rule needs to be created for the application. The developers will have a look at this though.

 

Thanks, can you let me know their response

I feel ESS needs another mode, Automatic blocks things I need, Interactive mode is overkill, I don't want to have to review everything trying to get out, we need a new Automatic mode that asks us to review anything not taken care of automatically
Thanks

 

Any news from the developers?

 

This will be improved in future versions. In interactive mode, you'll be offered an option to create a rule for other applications and then switch back to automatic rule with exceptions. Outgoing UPnP communications within TZ will be enabled for all applications. Maybe a new option to allow UPnP communication for all applications within TZ will be added in the IDS setup.