ekrn.exe as proxy - version 2.0 ...

Discussion in 'ESET NOD32 Antivirus' started by eitanc, May 28, 2008.

Thread Status:
Not open for further replies.
  1. eitanc

    eitanc Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    7
    Hello,

    I refer to https://www.wilderssecurity.com/showthread.php?t=207071

    I recently updated to version 3.0.657.0.
    I disabled "web access protection".
    I disabled "HTTP checking" in a sub-tree of "web access protection".
    In "protocol filtering" I choose "Applications marked as Internet browsers and email clients".
    Outlook.exe is marked as "email client" but not as a "web browser".

    Still, when messages enter Outlook - they download items (like pictures) from the web using HTTP via ekrn.exe ... and not directly using outlook.exe (which I can block for outgoing HTTP using my personal firewall).

    Can you tell me what is wrong here?
    Did version 3.0.657.0 made a step backwards?

    Thanks.

    Eitan
     
  2. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    in v3 everything goes thru ekrn.exe and work as proxy
     
  3. eitanc

    eitanc Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    7
    No. The features I disabled should make me go out directly from the relevant app regarding HTTP, and not via nod32.

    Can I get an official answer from an eset supporter?

    Thanks.
     
  4. eitanc

    eitanc Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    7
    OK, I found (with a bit of help from Eset support by email) the solution (regarding version 3.0.650.0 . version 3.0.657.0 is not stable and generates high CPU).

    I am using windows XP w/SP3 and IE 6 + FF 2.0.0.14 + Outlook 2003 + YPOPs (freeware SMTP client for yahoo web mail) + comodo personal fw.

    The following combination allows me to:
    1. Keep outlook protected at the application level (since the "Microsoft outlook" defense is active).

    2. Keep pop3 protection active when using ypops and any other temporary application I may use (like outlook express).

    3. Keep NOD32 defending my HTTP access via browsers.

    4. Keep the outlook.exe being the one application accessing the web/HTTP and NOT using ekrn.exe as proxy - thus blocking this kind of access by outlook using my comodo personal fw (to avoid any connection between my email client and any web related content, like html based "read receipts"...).


    Here are the MINIMUM needed values in the "advanced setup tree" of NOD32 (you can of course add more options as you wish):

    Email protection = Enabled.
    Microsoft outlook = Received mail + sent mail - both enabled.

    POP3 = Enabled with port 110.
    Email Clients = Outlook is on the list but NOT selected.
    (This is done because if it was selected - it would have accessed HTTP using ekrn.exe - don't ask me why and what is the connection... ask ESET. any way, outlook is protected anyway using the "Microsoft outlook" option mentioned above).
    Compatibility = Maximum.

    Web access protection = Enabled.
    HTTP = Enabled.
    Web browsers = Outlook is on the list but NOT selected (any real web browser are selected, of course).
    Active Mode = Outlook is on the list but NOT selected.
    Protocol filtering = "Applications marked as Internet browsers and email clients" is selected.

    I hope this will help any of you.

    Cheers!
     
Thread Status:
Not open for further replies.