Firewall

Discussion in 'ESET Smart Security v3 Beta Forum' started by ASpace, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. MNKid

    MNKid Registered Member

    Joined:
    Apr 2, 2007
    Posts:
    17
    I tend to agree with you on that.

    MNKid
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, these are not editable (on my setups on W2k or XP). I am very concerned about the rule for "Allow remote Administration", is this a joke? Remote Administration for ekrn.exe, why? what for?
    I will not be re-installing this firewall as long as the hard_coded (non-removal/editable) rules are in place.
     
  3. OAKside

    OAKside Registered Member

    Joined:
    Sep 30, 2006
    Posts:
    36
    I am really enjoying the ESS Beta 1. (Thanks for the opportunity, Eset!) The interface is awesome and the performance still quite lean for an entire security suite.

    Regarding the firewall, I would love to be able to forward ports in Automatic filtering mode. (Won't allow any tweaking unless Interactive mode is used.) I'm careful enough all-around so I find Automatic safe enough for me, but I simply need to allow a couple ports/ incoming connections. *Thinking of µTorrent*

    I would also like the ability to mark a "suspect" (quarantined) item as safe, as ESS has already wrongly accused - and deleted - a perfectly safe file of mine.

    All in all, already very impressed by this early beta build of ESS. Currently testing on Vista and XP, replacing my precious NOD32. :thumb:
     
  4. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    580
    try re-installing it in advanced mode, and change from automatic to interactive during instal.
    then no hard coded rules are made, except for one

    "for all tcp & udpactivity = ask"

    seems if you leave as automatic during instal, them stupid hard coded rules are made and cant be removed.
     
  5. ASpace

    ASpace Guest

    If so , it should be fixed . In all modes (incl. Automatic) , I think , there should be no unremobable rules.I don't want/like things like "Add to trusted zone without asking" , it can't be removed at the moment . Me as well as the majority of my clients would like to have absolutely nothing in the trusted zone and if it appears by default to be removed after that .
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I did try various installations. On W2K setup, there was no choice of install, this was set as automatic with no other option (bug?). I did make install onto XP with "Interactive", but after installation, when going into the rules "window" and changing the view to "show all rules including system" the hard_coded rules would appear.(have you set the view to this?)

    I will of course try another install later, just to re-check.
     
  7. FiSz

    FiSz Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    13
    i did set to interactive while instaling ess and still the system rules cant be edited/deleted but since this is beta1 im sure that esset will fix this issue.

    I also would like to suggest a feature similar to the one from outpost. outpost detects most common applications and suggests all the rules for them when they try to connect for the first time. it shouldn't be too hard to implement and its quite nice feature.
     
    Last edited: Apr 9, 2007
  8. gladius

    gladius Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    10
    Location:
    UK
    Hi,

    ekrn.exe is part of the ESS product itself, the remote admin on this is for interoperability with the ESET Remote Administration software which allows the control of the configuration etc for management purposes. This remote communication is only relevant to that process, just as in every version of NOD32.

    The rules are editable in "interactive" mode, they're not 'hard coded' as such, they just are automatically assessed in the default mode, which should be fine for most purposes. If you have need to make more fine-grained decisions about the firewall, you can use interactive mode. Of course, to allow proper functioning of the system, certain processes are by default allowed, for instance the communication needed to allow ESS to recieve updates.

    hope that helps

    -AJ
     
  9. FiSz

    FiSz Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    13
    predefined rules are very good idea (something like outposts suggested rules for most common applications which are very useful) but they MUST be editable and they are not.
    http://img155.imageshack.us/img155/332/nbnnbi2.th.jpg
    grey rules are predefined system rules and cannot be modified. I hope that in final version this will be fixed
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello.
    My knowledge of AV`s is certainly limited, and certainly have no problem in my admission of this. But I thought that the remote admin was part of the Enterprise(and above) editions of NOD, and am certainly interested why the inclusion of a rule to allow this for an home product would be included. I certainly do not want any "remote admin" on my setup.(and do not see this in the installed NOD2.7 I currently have installed)

    This I have still to see. I have, and posted the fact, I have made a number of installations, and changed many settings, but none, as yet, have allowed me to change the system rules, which do indicate "Hard_coded". I would certainly be interested on how you have manged to change these rules.
    Of course, for an AV updates are needed. From previous versions of NOD, we can see the sites that will be connected to(update servers), I am sure that rules can be made that allow only connections to such sites to be included for updates. This could be done with a "trusted zone" for outbound to such sites, and as these lists can be updated in nod, I am sure these could be updated in the firewall.(with an option to allow/deny}

    From the lack of responce from Eset on this, I will presume that this (hard_coded rules)is not a bug, but in fact intentional.
     
  11. ASpace

    ASpace Guest

    Stem , the lack of responese is one thing , the rules are other .

    I have mailed ESET beta support and they are aware of these "hard-coded" rules.I very helpful ESET employee told me the developers would be made aware of them .

    I use Automatic mode and these rules appear here , too . I think they are bugs because ESS asks me about some things : "Allow or not" and it just does not remember my choice . The same applies for the local host and additing a subnet to the "trusted zone without asking" . I get asked about them but it does not remember them after that . Hope ESET will fix them ;)
     
  12. SpookyET

    SpookyET Guest

    I've been running it in Automatic Mode and I have been very satisfied until I have realised that it blocks incoming uTorrent connections.

    So, I switched to Interactive Mode. The problem is that now I have to define rules not just for uTorrent, but for a million other applications. It doesn't come with predefined rules for common applications/common protocols (SmartFTP/FTP Program).

    It will take a while for them to create a database of all common applications and their rules.

    I think that they should allow Automatic Mode with Rules. It's the best of both worlds. Deal with everything automatically, but allow me to specify rules for a few applications that need incoming connections. That way, the user would not have to switch to interactive mode and configure a million apps just because he only needs one app to have incoming connections while the other are handled very well by the Automatic Mode.
     
  13. SFC

    SFC Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    33
  14. Hillsboro

    Hillsboro Registered Member

    Joined:
    Jul 21, 2006
    Posts:
    86
    Location:
    CH/USA
    I think Stem has some very legitimate concerns regarding the hard-coded rules. I have sent two emails to Eset regarding this and have gotten no response. Regardless of their lack of response to me, their lack of response here to the concerns expressed by Stem and others, IMO, speaks volumes. Why can't one of the Eset mods just post a simple yes or no answer to this concern so we can move on? For me if it is the answer is, yes, the hard coded rules will remain, then I can move on because, even though I have been a long term subscriber to Nod 32, for me it is time to look at other options. As I said, their lack of response here speaks volumes; at least to me.
     
  15. SpookyET

    SpookyET Guest

  16. iphigenie

    iphigenie Registered Member

    Joined:
    May 31, 2004
    Posts:
    6
    I must say i just had to uninstall it as no matter what I tried with the rules, I was unable to access my network attached drive.

    Bummer :doubt:
     
  17. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    Hmm - re-installed it with "standard" settings and it wouldn't allow Spybot OR Adaware to connect for updates. No pop-ups either asking permission.
    Strangely it worked fine with AVG Anti-Spy updater pop-up showed, ticked "allow" and off it went!
     
  18. SFC

    SFC Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    33
    "I think that they should allow Automatic Mode with Rules. It's the best of both worlds. Deal with everything automatically, but allow me to specify rules for a few applications that need incoming connections."

    Config a rule for allow outgoing for all applications is the same that "automatic mode". Putting that rule in "policy-based mode" or "interactice mode" is was you need, or not?
     
  19. KoRn

    KoRn Registered Member

    Joined:
    Apr 15, 2007
    Posts:
    4
    works really perfectly i love it
     
  20. zoli62

    zoli62 Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    12
    Location:
    Hungary
    It's possible globally turn off firewall?
     
  21. WizardMaster

    WizardMaster Registered Member

    Joined:
    Sep 24, 2006
    Posts:
    27
    Location:
    Auckland, NZ
    Re: VPN block by firewall

    Hi, I got problem with VPN network was blocked by Eset Security Suite's firewall. What do I fix the Firewall give a VPN allow access network the server via internet. Also MSN Messenger's Remote Assistance allow to us.

    How do I fix the Firewall, eg TCP or UDP and port get allow.... Thanks for help
     
  22. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    The firewall has a rather erratic memory at times! (Interactive mode)
    I run one laptop connected wirelessly to an ADSL modem/router, so in computing terms, that is classified as a network.
    This a.m., on booting, I had a dialogue box pop up informing me that the firewall had detected an unrecognised network - did I want it allowed? This is in spite of that self same network, (my wireless connection) having been "allowed" and "remembered" yesterday. The delay in my ticking the box (I was making the early morning tea!) meant that even after allowing this "new" network, my wireless connection failed to connect properly and I had to re-boot. Annoying!
    Similarly when re-booting I was asked if I wanted to allow "generic host process...." access to the internet. Yet another forgotten setting this also having been allowed previously and supposedly remembered
    This element of the firewall certainly needs tightening up.
    Positively, I can say that once up and running I am impressed by the minimal impact, if any, the Eset Suite has on my surfing etc.
    Much better than other combinations, of firewall & AV from separate vendors I have tried!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.