Firewall Blocks Thunderbird and Winamp

I am using ESS 4.0.424.0 in interactive mode. I did a clean install and am having the following problems with ESS firewall:

1. I use Thunderbird with the Hotmail WebMail extension. The ESS firewall prevents me from sending/receiving mail even though there is a rule to all Thunderbird access.

2. The ESS firewall is preventing Winamp from accessing Online services like Shoutcast. Again there is a rule allowing access.

This all used to work with previous versions of ESS but recently their firewall is a pain in the a..

I have searched extensively for a solution. If anyone could help I would really appreciate it.

Thanks

SurfRat.

 

I suggest you delete the rules, change the firewall to learning mode and launch the apps, then change it back.

 

Hi!

I suppose this is connected to the email client integration . I'd suggest you disable integration with the email client . Note - this will stop the ESET anti-SPAM protection for Thunderbird but I suspect this wouldn't be a problem since both Thunderbird and Hotmail have their own good anti-spam filters.

http://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN2110/email_s.png

This should be investigated with a log file from a network traffic capturer program like Network Monitor or the Wireshark . But I'd first suggest you delete all rules related to Winamp and additions and try to start the program so that a rule is created when a pop-up appears in Interactive mode .

If this doesn't work , have you tried to temporary disable the firewall or turn to Learning mode ?

 

I turned the integration off when it deleted three emails before I could verify there were spam or not.
There in the box one second gone the next. Looks like another bug.

 

Thanks for all your suggestions.

I tried disabling Email Client Integration and that didn't help.

I then monitored the firewall logs and saw the following for Thunderbird and Winamp:

Thunderbird Webmail (Hotmail)
2009/04/26 10:29:09 AM Detected DNS cache poisoning attack 192.168.1.1:53 192.168.1.77:50270 UDP


Winamp Shoutcast
2009/04/26 10:34:52 AM Detected DNS cache poisoning attack 192.168.1.1:53 192.168.1.77:52061 UDP

The culprit is that it is detecting both as a "cache poisoning attack" and then blocks all comms after that.

Is there a way I can add a rule to allow comms with 192.168.1.1 on all ports?

I am going to try this myself and will post back if successful.

 

Did some more testing...

I turned off "DNS Poisoning Attack Detection" and got the following from the
firewall log:

2009/04/26 10:50:41 AM Address temporarily blocked by active defense (IDS) 192.168.1.77:49535 65.54.186.80:80 TCP

This log is too general to determine which IDS setting was causing the problem. So I turned them all off and it worked. But this is a bad situation as I have no protection. This is almost as bad as turning the whole firewall off which is what I have had to do up until now to get my mail and browse Shoutcast stations.

Eset need to fix this problem and give more info in the firewall logs. For now I will leave everything at defaults and disable the firewall when I get my mail. I am looking forward to the next version where this is fixed.