Co-Existance with Agnitum Firewall - Issues

Discussion in 'ESET NOD32 Antivirus' started by pbmcmlxxi, Nov 5, 2007.

Thread Status:
Not open for further replies.
  1. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    Hi, I was just wondering if other users who are using the latest version of Agnitum Outpost Firewall Pro (6.0.2168.211.415.268 ) are still having issues using it with the Latest version of Eset Nod32 AntiVirus? (3.0.551.0).

    I have found that when Agnitum is installed, I can't access the internet unless I disable the firewall. Yet with the same settings applied without Eset installed internet access is ok.

    I know that Agnitum are aware of the issues with the 2 applications running together, and have since released 2 version they said have fixed it - but it does not appear they have yet.

    Have anyone found a way for these 2 applications to co-exist in harmony?

    Thanks.
     
  2. Eclipse99fwb

    Eclipse99fwb Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    54
    Location:
    Lakewood, CO
    what order are you installing them in? Im running 08 outpost but I have yet to upgrade to NOD32 3.0. Just wondering cause I know with the way it use to work, NOD32 liked to be last in the winsock level, not sure if this is still the case. Just something you might want to give a shot.
     
  3. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    i think on the outpost forum, they said that you had to install outpost first and then nod32. i had the same problems, so ill try that way.
     
  4. Meitricsu

    Meitricsu Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    9
    It's even more problematic than that. I had to uninstall Agnitum and wait for Eset or Agnitum to solve the problems.
    I had Agnitum Outpost Firewall Pro 2008 (6.0.2160.205.402.266) installed and, after I installed NOD32 Antivirus v3.0.551.0, had lots of BSOD. They really don't "like" each other. :) I didn't have the patience to study the error, but after I uninstalled Agnitum and installed only NOD32 everything worked smoothly. I don't know if the last build of Agnitum Outpost solves the problem, but until I find out that it does, I'll just wait and keep my nerves cool. :p
     
  5. TonyDownUnder

    TonyDownUnder Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    46
    As a long term user of both products, I don't think that either Outpost or NOD v3 are "release ready" and certainly not on Vista.

    Yes I know there will be a million "It's working okay for me" replies - but looking through both support forums there are very fundamental aspects of function that need more work. I do not recall seeing the volume of problems nor the fact that in many cases the issues were made known by Beta testers but the products were released anyway.

    I'd rather wait for stable products and I don't them being offerered by either Agnitum or Eset.

    Good luck if your prepared to try to sort them out. Me I wouldn't borther as I am sure that in each case some fundamental code rewrites are lurking.

    "To market, to market to buy a fat pig... home again, home again jiggidy jig" :doubt:
     
  6. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    I am running the latest version of both softwares without major problem (except that I cannot automatically update the Virus signature database which I have reported to ESET).

    The concept of NOD32 V3.0 is different from V2.70, it has web access protection which means traffic from other applications will have to tunnel through it.

    http://img227.imageshack.us/img227/4785/84395549vb0.jpg

    The firewall rules for NOD32 V2.70 will not work for V3.0 under Agnitum Outpost Firewall Pro (6.0.2168.211.415.268 ).

    Each application that requires internet access will require this rule (except Firefox which has a defualt "Allow local TCP activity").

    Where the protocol is TCP
    and direction is Outbound
    and remote address is localhost (127.0.0.1)
    and remote port is 30606*
    Allow

    * communication with EKRN.EXE is via this port

    EKRN.EXE is now acting as the link between applications & Internet, hence it will require the browser, E-Mail Client rules etc (depend on your needs).

    I have the following rules set up for EKRN.EXE:

    1) Browser HTTP connection
    2) Browser HTTPS connection
    3) Browser PROXY connection
    4) Receive mail using E-Mail Client
    5) (SSL) Receive mail using E-Mail Client
    6) Send mail using E-Mail Client
    7) (SSL) Send mail using E-Mail Client

    I guess the easy way for you is to turn on the Wizard mode in Outpost Firewall Pro & train it.

    Please take that the rule assigned by the Wizard mode might not be tight enough, you may need to fine tune it.

    For example the wizard rule for access to Port 30606 is without "and remote address is localhost (127.0.0.1)" (I added it myself to restrict it to local host).

    Good luck!
     
    Last edited: Nov 5, 2007
  7. TonyDownUnder

    TonyDownUnder Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    46
    Ah - Mr Smith2006 yet again a post with settings that I can use! I'll add this to my collection of your wisdom:)

    I used to run NOD32 2.x with Outpost 4 with no problems. Unfortunately with Outpost 2008 I have suffered the various Vista freezes etc. although I see there is a later version.

    Your comment as to the architecture of NOD is of particular interest and I assume it's what explains the firewall driver present in the NOD AV ver3 as well as in ESS.

    I am wondering whether trying to run both applications (Outpost and NOD AV) is now verging on overkill? In a sense there are 2 Firewalls running plus a Sandbox in Outpost and the heuristic engine in NOD. As you say the problem with the latter is that it wants all traffic to pass through it rather than purely monitoring what is passing through the system.

    As I am behind a hardware firewall with the router/modem it may be time to just run one or the other. My preference would be for NOD as its malware that I need to seriously address.

    I guess I am just a little disappointed that both applications seem to have generated more than their fair share of major issues so soon after release. It's taken a while for my Vista sytem to "settle" and on top of long waits for buggy drivers I had hoped for more stability from each of these apps.:doubt:
     
  8. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    Hello Tony,

    No problem, sharing is caring. :D

    Cheers
     
    Last edited: Nov 6, 2007
  9. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    Thanks Tony & MR Smith,
    I will give your advise a try on my test pc later today, and will keep you posted if it succeeds.. Ever hoping! :)

    P.s Eclipse - I have tried both way of installing, only to find Eset First then Agnitum second worked best in the install phase for me.
     
  10. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    Hi, I have found that by modifying some settings I have managed to get network connectivity.

    In Eset I have under Web Access Protection, added:
    C:\Program Files\Ad Muncher\AdMunch.exe
    and placed a red cross within that.

    In Agnitum I have made sure rules are set for Firefox and Admuncher.

    It seems that within Eset if Admuncher was unticked or ticked no internet access works when using Agnitum, however when not using Agnitum with it unticked or ticked internet access worked.

    I have just sent some log files to Agnitum to analyse. There are still some issues which remain, i.e. If not in rule wizzard mode, and in block most, you do not appear to be notified of any application that is trying to access the net, it just remains blocked.
     
    Last edited: Nov 6, 2007
  11. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    Hello pjb,

    No problem. :)

    I guess the only way to check (when in block most mode) is by reviewing the firewall log.

    It is best to use the firewall in wizard mode for at least 1 day, let it learn the behavior & set rules of most commonly used applications that require internet access.

    After that, you can review them & change the firewall to block most mode.

    Cheers
     
  12. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    I am not using Ad Muncher.

    I found this in Outpost Forum:

    http://outpostfirewall.com/forum/showpost.php?p=139970&postcount=5

    EKRN.EXE & AdMunch.exe both act as a proxy of sorts, this could be the reason of conflicting. :eek:
     
  13. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    Indeed the proxy issue my be causing some conflicts, will continue to monitor it throughout today.

    Now seems strange why I can now surf using either IE of FF, Update Eset, but Agnitum will not update! LOL. Oh the joy of software.... :shifty:
     
  14. Alaska99

    Alaska99 Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    24
    I use Outpost 6.0.2168.211.415.268 and I have try Nod3 rc1 and come back to 2.7.
    I hate the fact that all trafic pass through Nod3 (ekrn.exe) special rules are needed for all application. Same if I disabled web protection in Nod3 all pass throught ekrn anyway... :thumbd: Why there is not option to disabling ekrn.exe?
    Also ekrn.exe suck a lot of cpu time. Sometimes 70% cpu time and more during 1 to 5 minutes.
    I have reinstall nod 2.7 and now all run fast without high cpu consumption.

    Anybody have found change log of nod3 rc1 to final releaseo_O
     
  15. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    I guess you will have to check with ESET on that.
     
Thread Status:
Not open for further replies.