Firewall blocking random stuff inc/ IPv6

I sent them an email directly as asked by agoretsky, I will try using the GUI instead, thank you.

 

I think ESET's firewall creats many rules for many protocols,but only for some hackneyed protocol.And IGMP is not included in those protocols,so the firewall blocks the IGMP data and creats log which is named "No usable rule found".

 

The firewall seems to block STEAM and HotSpot Shield.
I can connect to Steam, but I cannot join any servers when the firewall is enabled. Same with HotSpot Shield.

 

I get the same things on Ver3 with module 1049 but I am not running any games or torrents. The logs are full of this

Why oh why can't ESET respond to this or fix it ?

 

This is getting really frustrating now, I finally got a reply since the weekend is over and I'm being asked for a FW log (which I already provided), an ESI log, for which I have NO IDEA why would be required to debug problems in the firewall when I already provided pcap logs, and my ESS settings? Why, Incase I created rules to block this data just to mislead you guys? Sounds more to me that the support person didn't bother reading this thread to which I explicitly linked.

 

I don't think I can win this one, I just can't see myself using ESET for much longer, they won't settle for anything less than:

Settings file: Which reveals not only settings but such details as every single email address I've sent a mail to, every single application I've allowed internet access to, even the temporary ones from months ago.

ESI log: Which shows anything anyone could ever dream of about my system, what's on it, how it runs, and basically what it eats for breakfast.

Firewall log: Even though I sent the block pcap log, they still need this why? I've obviously since deleted it from ESS considering the massive size, and the screenshot is self explanatory.

 

Same with Firewall 1050

Code:

5/07/2009 10:37:37 AM	 Packet blocked by active defense (IDS)	192.168.1.2:1068	 90.183.101.16:80	TCP
5/07/2009 10:45:48 AM	 Packet blocked by active defense (IDS)	192.168.1.2:1310 	93.184.71.21:80	TCP			

Where
192.168.1.2 -> my computer IP behind billion 7402vgp router & its firewall
90.183.101.16 -> u46.eset.com
93.184.71.21 -> um10.eset.com

Actually I wonder if there problem is attempting to implement software timers / packet ordering without checking timer accuracy / ordering reliability / cpu load.

ESS was running a full scan when above was reported on older windows 2000 laptop with the scan causing 20-40% cpu load.

Either way the firewall still has an unacceptably high false positive rate.
There fire wall log provides little assistance for them to debug the problem.

 

I just don't have the time for this kind of thing, I mean, it's a firewall, how much more basic can you get, I shouldn't have to worry about packet timings and things. Wonder why the windows firewall hasn't gone through 50 module changes? At least I can use IPv6 with windows firewall now

 

Agree it is letting their suite down.
Reasonable metric to judge a filter by would be
1) Sensitivity / false negative rate
2) Specificity / False positive rate (see all threads on firewall blocking internet)
3) Ease of use

Everyone should make up there own mind, however I would not give ESS firewall a glowing report card.

 

These false positives with IDS and IPv6 are becoming a joke. I'm pleased that ESET have fixed some of the other issues which have caused me to roll back to v3 each time but the false positives issue have been present with every single build of v4. It really isn't good enough. There has been more that enough feedback either directly to ESET or on here to address the issue. I'm just amazed that some aspects of Smart Security seem to be regressing at an alarming rate...but at least it looks pretty now!

 

What exactly is the criteria required to generate a 'packet blocked by IDS' log entry? Obviously ESET feels loading legitimate, trusted websites should be deemed as some sort of attack...but what exactly is the threat?

It has been mayhem tonight...thousands of IDS block entries have been filling the log at an alarming rate. I'm not even running uTorrent or streaming any content. It's absolutely shocking as traffic becomes affected and the only temp fix is to disable the firewall or reboot.

Some clarification would be nice then perhaps the ESET developers could work to tweak the detection rule a little bit to make it more efficient.

 

Would be grateful if someone from ESET could answer this question for me please:

In the last 10 hours, I have seen well over 600 log entries created for 'Packet blocked by active defense (IDS)'.

It's nuts.

 

Same here I suppose I could just disable ipv6 too stop it.

 

ESET do not have a clue what they are doing. That is why it is not fixed and never will be. If they do not have the courtesy to respond to people and offer solutions then they will loose people like they have done with the absolute cr?p they dished out with ver4

 

I plan on looking at comodo.com

In another post a recounted how my inquiries about false positive TCP flooding attacks was preventing a Samsung application from working properly (use TV to view/listen to photos, movies, music stored on pc). It should be clear even to first level support that a log entry of TCP flooding attack is controled by the IDS option TCP protocol overload detection. It took me several days, and the luck of finding a thread discussing ICMP issues to determine wherein ESET SS needed to be disabled. Further, I should not have to disable a global rule that is turned on by default to simply allow my TV and pc to communicate on my home network.

I am not saying ESET is not working hard at fixing problems. I am saying their failure to respond to end-user inquiries, which are clearly pointing out weaknesses in their product, in a collaborative and informational way rather than providing short, errant, and incomplete responses shows a lack of appreciation and respect for their customers.

I switched from Norton to Trendmicro when Symantec got to big. I switched from Trendmicro to ESET when after 5+ years of loyal patronage the product became an impediment to getting the job done--where reported problems when on for months, actually nearly a year. In fact it was a Trendmicro forum post that pointed me to ESET as this post points me to comodo.com just a little over 18 months ago.

My recommendation is that ESET customer support should turn up the customer appreciation level by a huge margin, and prioritize the issues that we're complaining about most loudly. GM thought they did not have to listen to their customers (not the ones who buy loyally regardless of product quality or cost effectiveness, but the ones who said if you don't listen we walk--and they did--and GM collapsed).

 

I was just looking at firewall specific software and ZoneAlarm seems to be the way to go if you are going to use best of breed products. NOD32 and ZoneAlarm. ZoneAlarm even allows you to integrate another vendors AV software.

I will need to reevaluate when my ESET SS software licensing comes full-term.

 

Its a shame, NOD32 was a great app, ESS is a joke. My 3 year multi user licence runs out next month and i wont be renewing.

V4 should never have been released when it was, i remember it was cutting you off from the internet, this board was awash with people complaining, it took ages to fix and during this, they released it anyway, that was when they lost my vote going forward.

Like you guys say, who's got the time to do their work for them, i'm off elsewhere.

 

As I've stated a few times now, Windows Firewall is brilliant. I've even been using it confidently at wireless hotspots (just make sure you set the network to public).