Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Tommy wrote:

Actually this is quite simple in the paid version of Online Armor. I have never tried the free version so I can't comment on that. OA allows you to set up what it calls "Endpoint restrictions". You can do this globally (i.e. for all programs) or on a per program basis. You can allow connections "to any endpoints except the following" or "only to the following endpoints". You can enter one address, a range of addresses, or one address and use a mask.
I wish I had some good snap shot software so I could post some screen shoots. You'll just have to take my word for it. It is that simple. Perhaps one of the users of the free version could say whether this can also be done in that version.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Can't be done in any firewall with the ekrn.exe proxy. ekrn is the sole connect point to the internet, the individual programs connect to ekrn locally. The only setting possible is to allow each program to connect to ekrn locally, ekrn then connects to the internet for the program. This setup makes it not possible to restrict individual program behavior, as they are not connecting to the internet. You can restrict ekrn, but that would have a global affect across all programs accessing the internet. This is main point/complaint of this thread.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

msrourke, thanks for pointing this out. I really should have tested this before opening my big mouth. I will now sulk away to my drawing board and rip everything up.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

That's the first explanation I've managed to get my head around at the first attempt!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

So basically the only working solution would be for ESET to have ip address filtering options for each app on its HTTP port list like a firewall.

Really, if ESET is removing functionality from your firewall then they should replace it.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

don't know what I did right but I have used Outpost & it ran fine & I had used Look & Stop & it prompted me for in & out rules, so I'm at a loss as to why your having problems. My wife is using it currently & it fboots quickly & runs fine but she is on XP. On my vista machine I had no problems with firewalls but boot process was very slow...

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

...and they do have those options - it's called you have to buy their suite rather than trying to use someone elses firewall.

Again, they did...
...it's called please buy OUR suite (although there was very little please and much more of ha ha - now you have to!)

cheers
Gordon

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

It is very easy to get you firewall to work fully with each and every application, controlling very specifically, on a granular basis, allowed ports and destination addresses on a per application basis...

...do not AV check web browsing ports or applications or email clients.

Sort of defeats the object though!

cheers again
Gordon

 

At least everybody understands the problem NOD 3.x and Browser, etc. Traffic Proxying in combination with a external firewall.

Result of this thread:
You cant get full aplication control with an external FW while proxying the traffic via Nod Proxy!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Well said - I believe that is one main/point complaint of the thread.
The other is that ESET changed the technical direction of their AV product and were not forthcoming about it.
After going back and looking at the various suggestions people on this forum have made about this product not one of them said -- "Hey! What would be cool is if ESET changed their AV product and made Ekrn the sole connect point to the internet and made it not possible to restrict individual program behavior and render everyone's firewall but theirs useless and not tell anyone"!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Or go back to the IMON model and scan traffic at the transport layer via winsock. But that has had it's problems in the past. I don't know if it is even doable on Vista, that may be why they went with a proxy. Using the proxy fits ESET's theory that it better to have a strong AV/AS, and if the AV/AS does it's job, you don't really need a firewall. There were some posts by ESET awhile back (which I can't find), that explained this approach.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Thanks for summarizing it all. Don't have the time to read all of it and to play with 3 so I am sticking with 2.7. When that's out of date I'm moving on. Will be a cold day in hell when I ditch Outpost for the esetsuite. Certainly not when forced to it. Thanks Eset! Great job.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

What do the other popular AV products do for web scanning in Vista? (sorry if it's mentioned somewhere already). Don't they all use the same approach?

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I have been using nod32 for at least 2 years now, I have jumped from one AV to another, and Nod has been the best AV I have found, tha is until V3, in its beta's I had a lot of issues, in the final version, its not too bad, but this proxy issue, I say is the worst idea, Im currently using outpost pro V4, I have been using that firewall for years, I don't want to ditch it, and Im still on XP, I don't want the security suite, and I think it is utter stupid that to fix this proxy issue we are FORCED tp upgrade to it, the problem is, as it is now, my system is open to leaks,

http://www.grc.com/lt/leaktest.htm

even that simple program is allowed through, the only way I can get my firewall to block ot is if I disable "Enable HTTP checking" then my firewall will detect the leaktest program and block it,

but nod32 V3 should not interfer with the firewall as it stands, I too am seriously considering reverting back to 2.7, as my system doesn't seem to be safe with V3, and to me, that is one huge mistake, a Av program should increase security not decrease it, and V3 does just that,


Im very dissapointed with the direction that V3 and the company have taken, and I hope that there is a fix for this, I guess like so many others, from now on, I will be using 2.7 until this proxy issue is resolved for all users / OS setups, it would be a sad day if I have to ditch Nod32, and my firewall, as both companys seem to have made the same miistakes as many others are, just forcing down people's throats one suite and not allowing for freedom for choice

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I think you've missed the point here - it is not NOD v3 that is at fault on a leak test, it is your firewall. Your Firewall let the leak test through, or you clicked on allow, if that came up. Dont't blame NOD because it chooses to act as a proxy, the FIREWALL leaked, not NOD. If you follow the work around's earlier in this post and get CFP3, then you'll have a bullet proof firewall that nod works with. Comodo never leaks,even on its initial settings, even with NOD running as Proxy.

And before you ask why I am not using it - my trial come to an end and my finances dictated I got the best product for the least pounds.

 

No, the point is his setup (plus many others including mine) worked just fine and as desired, possibly for many years. This decision by ESET essentially is forcing (or trying to force) people to change more than just their antivirus. And that's just not right.

Here it's simple:

Before v3 - configured computer protected fine and worked as desired
After v3 - oops, proxy introduced which wasn't wanted and system is no longer as desired

Then there's the issue what if you have many computers to look after? You have to go change the lot of them too? What about the money paid on other products? Got to ditch those too now just to stick with this approach?

I set up a network for someone for about 6 computers, including laptops which go mobile. He wanted his computers set up and controlled in a particular way, including choice of firewall and how the rules were set up. I recommended NOD32 2.7 to him at the time as the best AV and everything worked fine. Now if he comes asking for an upgrade to v3 that's going to be a pain to go through every computer and sort out the firewall too. I can't imagine what it would be like for people who have to maintain large networks. In any case if he did ask I'd seriously suggest he sticks with the tried and tested setup he has now. After all, why would I tell him to spend even more money for this? Hmmmm....

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

my point is before V3, on 2.7, that leak test would fail because outpost would detect the leaktest, on V3 its simply allowed, this isn't a firewall issue as the FW is bypassed, I get no prompt to either allow or deny the leaktest, for me that is a security risk

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Soo ESET changes its AV design & now we have to face the fact that unless I use the ESS suite I no longer have a leakproof firewall. Of course I can diddle around with the rules or go & get a different firewall or disable some of the internal components of EAV but it now becomes my problem to make the ESET product work like it once did. ESS is not that great a suite yet & it may become one soon but I did like the setup I had with Zonealarm Pro & NOD 2.7, it worked flawlessly. I went back to 2.7 since I don't want to change my firewall .Using EAV I now have the same proxy problem I had with Sygates firewall & I dumped Sygate for that reason alone & got a more secure solution. I think I am done with EAV period . When 2.7 becomes obsolete, & that won't be very long in the future I suspect, I am going to find a nice security suite that I like . I have tried F Secure , Zone Alarm Security Suite, & Bit Defender. All work flawlessly & I suspect are better than ESS at this point. It should not be my problem to make EAV work as some have suggested. ESET did the deed & they should fix it.

 

Perhaps if ESET doesn't fix this, they should just upgrade everyone's license to the full suite.

 

look'n'Stop with Nodv3. Unable to connect with the leaktest. Nice.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Does the newest NOD32 v3 build released 12/21 offer any relief for the problems that its usage of a proxy has with personal firewalls?

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Haven't tried this myself, using V2.7, but this was posted on Comodo forums...

Update to the latest version of Comodo Firewall and Enable this feature:
Firewall -> advanced -> Firewall Behavior Settings -> Alert Settings -> Enable alerts for loopback requests

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

No, and Marcos was quite clear in his response when he answered it in the build 621 release thread https://www.wilderssecurity.com/showpost.php?p=1144730&postcount=16 . It is a designed-in "feature", not a flaw. IMO, it will never be addressed.

Hopefully, knowledgeable users will be able to work around it and "less" knowledgeable users will hopefully be lucky (because if they aren't, they could have no outbound firewall control for the apps running through NOD32's proxy.)

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Well, it could've fooled me . Anyone knows which AV's don't have this eh feature and anyone knows if this will be a feature of all AV's in the future?

 

Hmmm, reading this whole thread has made me ditch version 3 for good. Thats sad as i was just getting to like it.
Back to 2.7 and sticking with it i guess.