Problem with interactive mode - we need your comments

Discussion in 'ESET Smart Security v3 Beta Forum' started by Marcos, Apr 10, 2007.

Thread Status:
Not open for further replies.
  1. I-Vladimir

    I-Vladimir Registered Member

    Joined:
    Feb 17, 2006
    Posts:
    15
    Location:
    Ontario, Canada
    Hi,
    I got this issue with WinXP pro.
    I selected the interactive mode installing ESS.
    An application requested a connected, ESS poped up a message.
    I selected to create a rule (probaly :) ) for that application.
    Application connected with no problems.
    I lunched another one application, got no ESS prompt, application got blocked. All other applications that tried to connect got blocked. The rule created for the first app did work.
    Restart did fix the issue.

    Another one issue I noticed with the size of the box with the list of applicaations currently connected. ESS window resize fixed that.

    Another one issue is with localhost TCPIP traffic blocking, but I think I posted it thru ESS. I found a workaround creating a rule, but it was a sirious impact on the local traffic speed, so I finally revert the system to 2.7 You should add an option to ignore localhost traffic.

    Regards,
    Vladimir
     
  2. backspin

    backspin Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    7
    Hello again,

    now I'm really confused...
    Today the interactive mode works even fine for me, and it's a fact that I don't changed anything.

    regards
    backspin
     
  3. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    These incoming connections were regarding windows update (which connected as outgoing OK) and VLC Media Player (for a webtv, outgoing connection OK, too), and no popups for incoming connection so the applications just hanged.
    So basically the application can't initiate an incoming connection, since it's incoming, but ports were open and the firewall either should have allowed the connection (since the applications were connected as outgoing) or prompt me.

    And this wasn't gone after a reboot. I could (and have) allowed incoming connections for the selected application by manually creating rules, but that's not the safest practice, since I don't know IP/ports, and so they're open to all incoming connections...

    Also sometimes a pop-up must be skipped or something, because the ekrn.exe module suddently goes up to 100% CPU until I close the egui.exe, so there must be a problem somewhere... After that, connection is killed until I reboot, it doesn't even detect the wireless AP anymore.

    EDIT : This problem occurs with incoming UDP connections : the TCP ones (for example the ftp data connection) successfully trigger prompts from ESS.
     
    Last edited: Apr 12, 2007
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Now we'd need some volunteers with this issue who wouldn't mind invoking BSOD on their pc and creating a full memory dump. Therefore you should test it only on a virtual machine or be able to restore a disk image in case of a total system failure. Please drop me a personal message if you are willing to help us find the root of the issue, I will provide you with further instructions.

    Another question - has someone experienced the issue with prompt windows not showing also for outgoing connections?
     
  5. Wake2

    Wake2 Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    205
    After a uninstall and reinstall of ESS Beta using custom
    option, and the interactive firewall mode I have had the
    issue with prompt window not showing for outbound
    connections, this is on Vista Ultimate and the event
    viewer records this error:

    The Eset Service service is marked as an interactive service.
    However the system is configured to not allow interactive
    services, This service may not function properly.


    Log Name: System
    Source: Service Control Eventlog Provider
    EventID: 7030
    Level: Error
    User: N/A
    OpCode: Info
    Logged: 4/11/2007 11:18:45AM
    Task Category: None
    Keywords: Classic
    Computer: Sa-Be

    Details:

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7030</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2007-04-11T18:18:45.000Z" />
    <EventRecordID>27192</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>Sa_Be</Computer>
    <Security />
    </System>
    - <EventData>
    <Data Name="param1">Eset Service</Data>
    </EventData>
    </Event>

    Running the firewall in automatic mode, no errors
    are generated, running with UAC disabled, and the
    firewall set in interactive mode there are no errors,
    outbound connections prompts show, running with
    UAC enabled, and the firewall in interactive mode
    is when the no pop up issue occurs on my system.

    Regards,

    Wake
     
  6. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71
    The private messaging system isn't working at the moment, but I'm willing to test the issue on either virtual or physical computer.
     
  7. ArchChancellor

    ArchChancellor Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    11
    I can test the issue. I have it happening with outgoing connections.

    Today, it happened with AIMPRO. I can get it to happen with browsers and other connections, pretty much all outgoing connections. However, it is intermittent and very difficult to duplicate. Once it starts, the only way to get the pop up windows back is via a re-boot.
     
  8. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Both...
     
  9. idawgik

    idawgik Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    4
    I'm having this issue on Vista Ultimate 32bit.

    When I first installed the program, I got popup notices for a couple svchost items, and that was it. I had to manually create rules for firefox and IE since I got no popups for those, just a blocked connection.

    I'm also having issues getting my Pocket PC to connect with Vista's Windows Mobile Device Center.

    It works fine with the ESS firewall turned off, but with it on, I get no popups for it. I even looked up information online on which ports to open for that program (the instructions were for onecare though) and I did that, but still nothing, my pda will charge over usb, but the computer will not detect that it's plugged in at all with the ESS firewall turned on.

    I've yet to find any information about how to resolve that.
     
  10. marty56

    marty56 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    9
    I donw know if this is related but on Vista Business, Interactive mode prevents Internet Explorer from accessing the Internet (no prompt) yet an application like GOM Player, prompts and once you allow it, works correctly.

    How do you add Internet Explorer in Interactive mode?

    Edit: After a reboot, IE works after prompt. It seems changing from Automatic to Interactive requires reboot which makes sense.
     
    Last edited: Apr 13, 2007
  11. Maxkaos

    Maxkaos Registered Member

    Joined:
    Nov 4, 2006
    Posts:
    11
    Hola Marcos.

    I have this problem with Vista Business
     
  12. ArchChancellor

    ArchChancellor Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    11
    I'm having the exact same issue with my PDA and ESS's firewall.
     
  13. gderreck

    gderreck Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    24
    This is my experience installing applications with ESS running, except for Creative Audigy and Logitech Mouse Drivers (they were installed after a clean boot for stability). I am using Vista Home Premium.

    A prompt appeared asking for zone treatment for my public wireless network. I chose not to trust. Prompts appeared for scvhost, IE7, and MailFrontier antispam without my opening the programs. I allowed network access. User interface is in advanced mode. No problems reopening the applications. No prompt appeared for Diskeeper 2007 when I accessed the website from its GUI.

    Outlook requested access to the internet twice.

    Word, Excel, and PowerPoint all asked for access when I queried help. I am using Office 2003. In the first install, I was evaluating Office 2007. There was only one prompt for internet access when I queried help. I am assuming that Office 2007 uses a unified help system for all applications.

    Was prompted for access when I accessed update for Snagit 8.

    Was prompted for access when I updated Adobe Reader 8.

    Windows Media Player 11 requested internet access.

    Windows Media Player also requested access to connect to network services when I searched for an album tag update.

    No prompt when I opened web support in Acronis True Image Home 10.

    ******************************************************
    The above mentioned applications were installed before ESS.
    ******************************************************

    Will now install rest of programs, and list any conflicts, or disfunction in ESS as a result of installs.

    -Genie Backup Manager 7.0.179.349. Was prompted for internet access. All ESS controls working.

    -Microsoft Clear Type Tuner. Explorer.exe was prompted for intenet access during install. ESS is ok.

    -User string utility for IE7. No request for access. ESS is ok.

    -Windows Live Messenger. Was prompted when I first signed on. ESS is ok.

    -Internet Download Manager5.09 Build 4. Was prompted when I registered the product. ESS id ok.

    -M8 Clipboard Manager10.3.0.0. Application uses an html help file. I was not prompted when I first opened web help. ESS is ok.

    -Cyberlink PowerDVD 4.0.100.1190. Was prompted when I activated and when I registered. ESS is ok.

    -Cyberlink Power2Go 5.50.2614. Was prompted when program opened. Was also prompted when I opened Power2Go Express. ESS is ok.

    Performed a clean boot to install PCMCIA sound driver. The sound card and mouse drivers are sensitive to activity during installation and a clean boot ensures a proper install. I should note that performing a clean boot before installing ESS seems to have created a more stable experience than the first install.

    -Installed Creative Audigy ZS Notebook driver version 5.12.1.5410. Rebooted normally after install. System is stable and ESS is ok. I only installed the drivers, so there is nowhere in the Control Panel Sound applet to phone home.

    Performed a clean boot to install mouse driver.

    -Installed Logitech mouse driver version 3.30.00. Rebooted normally after install. System is stable and ESS is ok. There was no prompt when I accessed the Logitech website from the GUI.

    While there were two requests from Power2Go, PowerDVD and Outlook, there is only 1 rule for Outlook , 2 for PowerDVD and 3 for Power2Go.

    Regards
     
  14. lightning113

    lightning113 Registered Member

    Joined:
    Apr 15, 2004
    Posts:
    35
    Location:
    Western New York
    Same as many others-Vista Home Prem.-Interactive mode,no prompts at all and I had to create Firefox and IE rules as well.
     
  15. Najmi

    Najmi Registered Member

    Joined:
    Mar 24, 2007
    Posts:
    36
    i am willing to test this issue out :)

    please send me the details. also i have faced isssuess for prompt not showin up for outgoing connections
     
    Last edited: Apr 14, 2007
  16. gaolin

    gaolin Registered Member

    Joined:
    Apr 8, 2007
    Posts:
    6
    Location:
    中国 四川
    It's OK on my XP!
     
  17. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Strange one this. I've never had any issue on XP Pro with Interactive mode. It continues to work perfectly. Just had another pop-up this morning as 'Windows Genuine Advantage' tried to phone home...and I can invoke it by asking apps on my machine to check for updates.
     
  18. idawgik

    idawgik Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    4
    Interestingly enough, my computer just started working better with interactive mode. I seem to be getting popups for everything now, and my pocket pc is even connecting fine. I'm not really sure why things changed all the sudden as I haven't changed anything in a few days or rebooted.

    For those having issues with WMDC, do a google search for "windows mobile device center firewall" and follow the instructions for onecare on what ports to open, that's what I did and it's working now, although it didn't for a few days.
     
  19. stueycaster

    stueycaster Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    293
    Location:
    Indianapolis
    When I first installed it I set it to interactive mode. Then when I tried to access the internet it asked me what to do just like it was supposed to. Then when I installed new programs and tried to access the internet with them it just blocked them with no explanation.

    I have found it to be easy to set up allowances for new programs manually and they work well.

    I think this is going to be an awesome security suite once it's all finalized. I've been an ESET subscriber for almost 2 years now and definitely plan to renew again when my subscription runs out.
     
  20. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    Yes; I have had this problem. First install was with the firewall set to Automatic mode. This loads the fixed system rules that we can see but not edit; one of them is to deny incoming and outgoing NETBIOS . Thought this was the problem, so uninstalled, cleaned and reinstalled but with firewall in Interactive mode. No uneditable system rules loaded this time (at least not any we can see) but in trying to establish a VPN type connection the log shows the firewall denied the connection because of DNS scamming (I think this is what it said). This rule must be hard coded in your firewall program itself as there are no other rules visable but the ones added manually (or through the pop ups). Both times the VPN program was added with full access to Trusted and UnTrusted zones and the ESP protocol was added to the zones. The only way to connect is to stop filtering (allow all traffic) which is not very convenient since there is no fast access to the firewall configuration from the task bar icon.

    I guess this brings up the question of what is a Trusted Zone for ESS? Usually, most other firewalls will allow all connections to and from a Trusted Zone but it seems that ESS still filters some of the traffic. Also, in testing this firewall there seems to be an issue with what ESS processes as a zone. If I manually add 1.2.3.0 - 1.2.5.255 as a Trusted Zone then when I connect to 1.2.4.0 network ESS wants to add 1.2.4.0 - 255.255.255.0 to the Trusted Zone. Is this not already in the range first specified? Maybe this is part of the problem. Also, does the firewall (or ESS) have to be reloaded for rules to take affect? Seems slow to apply manually edited rules.o_O
     
  21. hotdogandchips

    hotdogandchips Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    17
    I've just had this issue now with my VMWare Console refusing to connect on a Windows XP Machine - thinking it was my server playing up, it got restarted a few times before I found on the logs that it was operating perfectly and that it was actually my firewall... :blink:. Worked perfectly up until now, just this morning on boot it prompted me for another Windows component which was to be expected. Curiously, at the same time I noticed the interactive mode failing I was also alerted to the fact that the virus signature database download has failed, claiming "the download was interrupted". I've since created a rule manually to allow the VMWare console so it isn't a problem.

    EDIT: I've since had another few experiences - once with another Windows component that seemed to request access at the correct time, however just now I was unable to connect to an internet radio station. Frustrated, thinking the URL had changed, I checked it on the website that links to it and found that was still the same URL. I tried Windows Media Player 11 once more and bam, a NOD dialog querying WMP11's connection. My theory would be it doesn't seem to be of my doing - directly or indirectly. I had initially suspected the way I've configured my machine to sleep (it goes to S3 [everything off, voltage maintained to RAM) compared to the more usual S1 [hard drives off, motherboard/cpu to a low power state with fans still going] however the situation persisted despite a restart and shutdown in between, ruling that idea out.

    I've also experienced the update issue described here: https://www.wilderssecurity.com/showthread.php?t=170955. The only way I've found to get the ESS to update successfully was to find a public proxy and use that - for some reason without a proxy being specified in the "Update HTTP Proxy" section I would not only not get prompted to allow the ekrn.exe access to the outside world but the update process seemed to skip the update process completely - just regard the update attempt as failed. I am behind a transparent Squid proxy that might be causing problems, but now that I've updated (using my proxy method) I wont be able to test any of my other possible solutions until new updates are available ;).

    As I have a VMWare machine ready, I'm perfectly willing to setup a Windows box in my spare time to help a great piece of software I'll likely be selling soon (I have the Microsoft ActionPack so licensing isn't an issue either).
     
    Last edited: Apr 17, 2007
  22. roaringhere

    roaringhere Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    36
    Location:
    On the moon
    I have it on Vista Ultimate on dial-up. If I change from Automatic to Interactive all my connections get block and I don't get any pop-up, switching back to Automatic solves it, so basically I cannot use Interactive mode...
     
  23. mst

    mst Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1
    Is it true?
     
  24. hotdogandchips

    hotdogandchips Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    17
    Just tried updating (was receiving the message saying ESS couldn't update) with my squid proxy enabled - didn't work. When I disabled it, it worked perfectly first time. Looks like there might be an issue there (will continue testing to ensure it's not an unknown variable in my setup).
     
    Last edited: Apr 20, 2007
  25. hotdogandchips

    hotdogandchips Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    17
    Yup, looks confirmed - ESS doesn't like a transparent squid proxy in the way of its updates. With the proxy enabled, I get this message:

    With the proxy disabled, I get this message:

    NOD32 managed to update through the proxy fine.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.