Bug - ESS RC1 - Unable to access shares from Macbook Pro in trusted zone

Discussion in 'ESET Smart Security v3 Beta Forum' started by Arsenal, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. Arsenal

    Arsenal Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    26
    From my new Macbook Pro i can see the computer name show up on the Network, but when i try to access it, it never connects. I am not prompted on the Vista32 computer with ESS to allow anything and the Macbook is definitely in the trusted zone. My Xbox in the same trusted zone can view the shares fine.

    I have had the same issue with Beta 2 and RC1 in both automatic filtering and interactive filtering modes. If i disable filtering the Macbook can connect and view the shares perfectly.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please enable logging of all blocked connections in the firewall - IDS setup then reproduce the problem and check the firewall log for details as to why the connection was blocked.
     
  3. Arsenal

    Arsenal Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    26
    23/09/2007 8:45:23 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:59 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:47 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:37 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:31 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:30 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:28 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP
    23/09/2007 8:44:27 PM Detected SMB Relay attack 192.168.16.148 192.168.16.113 TCP

    Disabling "SMB Relay attack detection" in Personal firewall -> IDS and advanced options -> Intrusion detection fixes the problem, is this expected behaviour though?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please install Ethereal, start packet capturing, replicate the error and send the outcome log to support[at]eset.com with this thread's url in the subject.
     
  5. Arsenal

    Arsenal Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    26
    Ok thanks have done that, although i used a program called Wireshark which i assume is the follow on from Ethereal as it is on the sourcefouge site linked from the Ethereal Download site, and all the Ethereal downloads say they are corrupt when i download them (tried multiple sites and browsers). Hopefully the file format is the same (.pcap).
     
Thread Status:
Not open for further replies.