MEssage: Detected covert channel exploit in ICMP packet Eset v5.0.95.0

Discussion in 'ESET Smart Security' started by gslabbert5119, Jan 6, 2012.

Thread Status:
Not open for further replies.
  1. gslabbert5119
    Offline

    gslabbert5119 Registered Member

    I just upgraded to ESET security suite V5.0.95.0
    I keep keep getting this warning "Detected covert channel exploit in ICMP packet"
    OS Windows 7 Pro SP1 64bit

    I looked up the message and I am told that I should have personal firewall version newer than "1047", well I have version "1071" as per the modules so that should not be an issue.

    I have opened up a ticket but I cant wait 24 hours for a response, for this message every 3 minutes is really annoying.

    Thanks for the help

    My modules are as follows ...
    Virus signature database: 6772 (20120106)
    Update module: 1037 (20110921)
    Antivirus and antispyware scanner module: 1333 (20111215)
    Advanced heuristics module: 1121 (2011120:cool:
    Archive support module: 1138 (20111214)
    Cleaner module: 1052 (20111129)
    Anti-Stealth support module: 1026 (2011062:cool:
    Personal firewall module: 1071 (20110912)
    Antispam module: 1019 (20111213)
    ESET SysInspector module: 1221B (20110623)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)
    Translation support module: 1034 (20111214)
    HIPS support module: 1026 (20110725)
    Internet protection module: 1025 (20110929)
    Web content filter module: 1009 (20110705)
    Advanced antispam module: 1019 (20111202)
    Database module: 1016 (20110726)
  2. Marcos
    Offline

    Marcos Eset Staff Account

    The detection is correct. You must have software installed that exploits ICMP for transmitting non-standard data. A Wireshark pcap log with the communication captured may shed more light.
  3. gslabbert5119
    Offline

    gslabbert5119 Registered Member

    I did not get this until this morning when I upgraded from v4 to v5.
  4. Cudni
    Offline

    Cudni Global Moderator

    Could you also post few software that use that tactic? It might help user to narrow it down.
    as in
    http://www.wilderssecurity.com/showpost.php?p=1996020&postcount=19
  5. Marcos
    Offline

    Marcos Eset Staff Account

    For instance, Battlefield 3. For this one, we'll make an exception in the next build of the firewall module.
  6. gslabbert5119
    Offline

    gslabbert5119 Registered Member

    I dont play any computer games on any of my computers, I am just not a gamer, the computer is strictly work related, and the software on the computer is either a Microsoft product, SQL Server or an Oracle product related to OBIEE. I have a computer and a laptop, each running the same software, on the PC I have CS5.0.94.0 and I am not having any issues, on the laptop I am running CS5.0.95.0 and am having this issue.

    I run Google Talk on both computers and that is the only 3rd party software that is used.
  7. adza
    Offline

    adza Registered Member

    Maybe I can be of assistance.

    Written with Delphi 2007 and Indy's TIdICMPClient

    xttp://www.jvxp.com/temp/EsetPingProject1.exe

    This project simply puts out a ICMP request through to Google's server 8.8.8.8

    Very simple (Threw together in seconds) so doesn't even display the result - but it should raise the red window that you see.

    Hope this is of help...

    Adza
    Last edited by a moderator: Jan 9, 2012
  8. RonS
    Offline

    RonS Registered Member

    I upgraded to ESS about 10 days ago but just experienced the same thing todayo_O ...after a brief power outage:ouch: , (at which time my UPS came on:) ). After poking around in ESS setup I found that for some unknown reason ESS became reconfigured...possibly because of the power outage...and it changed the "Computer protection mode in network" from "Allow sharing" to "Strict protection." As soon as I changed it back to "Allow sharing I stopped getting the warning for all computers, printer and external hard drive on my network.:D
  9. S3curityPlu5
    Offline

    S3curityPlu5 Registered Member

    Yes this message is usually when other networked or workgroup computers try to link up to your computer with eset set on this Strict option. I also just realized the same problem, and i have a SOHO network that I use for sharing, well I did not change the option but it must have changed itself since I just rebooted.
  10. adza
    Offline

    adza Registered Member

    For me I have eset set to allow sharing - yet the problem still occurred with other pinging apps.
  11. foneil
    Offline

    foneil Eset Staff Account

Thread Status:
Not open for further replies.