Nod32 B2 and Port Explorer

Discussion in 'NOD32 Early v2 Beta' started by Harold77, Mar 7, 2003.

Thread Status:
Not open for further replies.
  1. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    I wonder if anyone else is having this problem ot if I'm the only one.

    When I installed Port Explorer (either PE 1.35 or 1.5) I lost all e-mail scanning and the IMON function no longer worked.

    When I uninstalled PE, I lost internet connection and had to run LSP-Fix to get it back and then had to uninstall and then re-install NOD32 B2 to get it to work again.

    I did notice that, even with PE uninstalled and NOD32 B2 working normally, if I run LSP-Fix it shows that the imon.dll is causing a problem.

    I know that Jason at DCS is aware of this problem, but am I the only one haviing a conflict between these two programs?:)
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Harold77, I have had all versions of PE running (including PE betas) & Amon / IMON with absolutely no conflicts - Not the NOD32 Beta though. So maybe something in the NOD beta has changed or there is some internal checking software in the beta that is causing the problem.
    BTW What OS are you using? Sorry if I missed this from a previous post.

    Pilli
     
  3. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    I'm using Win XP SP1.
     
  4. grey_ghost

    grey_ghost Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    60
    Hi

    Same problem here. No IMON after PE 1.50.
    I have been running Port Explore since it came out.
    This did not happen with previous versions.

    WinXPpro SP1

    Regards
     
  5. grey_ghost

    grey_ghost Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    60
    Hi,

    I should have waited on the first post.

    uninstalled and reinstalled Beta2 and it's running correctly again. The install of Port explorer after NOD32 did something to Imon so it would not work.

    Regards
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Hello all,

    First of all I have had the same problem. It seems to involve the LSP's (layered service providers) and NOD beta's use of them. This has also made my internet connection kind of "flaky" at times. NOD beta, once installed, does not seem to like anything messing with the LSP's. If a LSP is there before NOD beta installs, everything seems to be OK. Also just about every program that I have tried that checks the LSP's, sees imon.dll as a broken LSP. There definitely seems to be a serious bug here. At one point I had to totally uninstall beta 2 to get internet connectivity back.

    You can try HiJackThis http://www.spywareinfoforum.com/~merijn/files/hijackthis.zip or StartUpList http://www.spywareinfoforum.com/~merijn/files/startuplist.zip . Both of these pick up as imon.dll possibly causing a broken internet connection and recommend you remove it....

    Also all LSP repair programs I have tried wants to remove imon.dll in order to fix the LSP's.

    I hope my ramblings here may help ESET at least a little bit with this issue...

    Please note that I do not know a lot about LSP's, but it appears like NOD32 v2 b2 needs to find a better way of using them.

    Regards,
    Kent
     
  7. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    Well, we do have to remember that we are dealing with a Beta of NOD32, so this is just the sort of glitch that Beta testing finds, hopefully the tech folks at ESET will clear this up soon in a B3.

    Here's a nice little program for checking and repairing the LSP: http://cexx.org/lspfix.htm that I got from Jason at DCS.:)
     
  8. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi all,

    >When I installed Port Explorer (either PE 1.35 or 1.5) I lost all e-mail scanning and the IMON function no longer worked.

    Checking it here now - I'll let you know.

    Thanks, :)

    jan
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,370
    Hi guys,

    ultimately we have figured out the reason for such a strange
    behaviour.

    Indeed, the problem lies in Port Scanner that routes
    all requests directly to the lowest service layer (MSAFD) and not
    to the below layer. As a result, if Port Scanner is installed after NOD32
    then Imon (NOD32 service) is bypassed and e-mails are not scanned.

    This is going to be fixed by adding an option to prioritize NOD32 service
    so all requests will be routed to the below service layer (in this case
    to the layer utilized by Port Scanner). As an interim solution, we
    recommend restarting IMON (this would bring the NOD32 service to the
    highest service layer) in case IMON stops checking e-mails due to
    having Port Scanner installed.

    If NOD32 service (Imon) is installed on the highest layer and there's
    another layer between MSADF and NOD32 (e.g. Port Scanner) that
    has meantime been removed, Imon is now able to remedy this by
    updating necessary network settings (available in the following beta
    release). As a result, it won't route requests to the non-existing layer
    but to the lower layer that actually exists in the service layer hierarchy.
     
  10. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Hi Marcos :D !!!

    Thanks for the prompt analysis and reply!!!! ESET is on top of it as always ;) !!!!!

    Regards,
    Kent
     
  11. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Thanks a lot!

    Does this relate to the claims programs like LSPFix make about imon.dll appearing to break the connection/chain?
    Or is that a separate issue?

    Also, would your explanation mean that DCS either have to make PE routing to "the next one just below" layer and add PE to the top of the chain or that they can insert it right above the lowest layer, routing to the lowest layer, but that then they have to take measures in their install routine so that it in fact is inserted into the chain rather than "opening a side-chain"?
    And - more general - is something wrong in anybody's install/uninstall routines?

    TIA,
    Andreas
     
  12. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    So is the fix for this going to be incorporated it a B3 of NOD32 or in the final product?:

    BTW I tried re-enabling IMON after installing Port Explorer killed it, but Nod32 B2 still wouldn't work as long as PE was installed even though IMON showed as enabled in NOD32 B2... it still would not check e-mail.:)
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    But I take it that this isn't a problem for everyone?

    Because I'm pretty sure I put the latest version of PE in after the latest NOD beta, and I'm not having the problem at all - all received emails are clearly marked as being checked by NOD (and Benign, as far as that goes.

    Could it be that, in this instance, installing the latest PE "over-the-top" of the older version was actually beneficial in this respect?

    Or did I just get lucky? :) Pete
     
  14. grey_ghost

    grey_ghost Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    60
    Hi,

    Same results here, installed over the top and IMON is working correctly.

    Previously I had uninstalled PE 1.35 and installed 1.50.

    Regards.
     
  15. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    This is a problem with both Nod32 and Port Explorer. Nod32 developers are fixing their problems and we are fixing ours. Look for an update to Port Explorer within the next few days.
    -Jason-
     
  16. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    Very cool info, thanks for the quick attention to this problem, Jason.:)
     
  17. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,402
    Location:
    North Carolina, USA
    Kudos to Jason also :D !!!

    I installed the new Port Explorer on top of the old version also but with my system IMON quit working........

    Glad to see both ESET and DCS working to solve the problem. Way to go guys ;) !!!

    Regards,
    Kent
     
Thread Status:
Not open for further replies.