ESET breaks wireless printing

Discussion in 'ESET Smart Security' started by ethandlowry, Feb 20, 2012.

Thread Status:
Not open for further replies.
  1. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    ESET has been constantly breaking my wireless printing. The only way I can print is to disable firewall, power on my printer, and print. Any other order ESET will prevent printing. I have added my printer as a trusted IP, I have added my whole zone as a trusted zone, but no matter what I do it doesn't help. I setup interactive to allow printing, it allows it, but it still doesn't fix the issue. I see the blocks in the log below;

    2/20/2012 7:55:03 PM Packet blocked by active defense (IDS) 192.168.1.211 192.168.1.211 ARP

    For all that is holy PLEASE help me fix this. I am beyond frustrated with this product. If an IP is trusted I should NOT have to create even more rules. It's totally ludicrous.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Is that record complete? I assume it should be "ARP cache poisoning". You can solve that by adding the IP address of your printer (192.168.1.211) to the list of addresses excluded from active protection in the Zone setup.
     
  3. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    That was the complete entry. How do I do that? The IP is already added and the zone is trusted. Where else can I create a rule?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Check your zone settings:
     

    Attached Files:

  5. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    OK added the rule there and I still get the same event in the log every time I power on my printer and I'm unable to print.
     
  6. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    Side note; I have disabled the ESET firewall and printing is working perfectly so this is clearly an issue with ESET. Hopefully you have some more thoughts on what to try :)
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What message is now logged when you try to print with fw enabled? I assume it must be a different one than "Packet blocked by active defense (IDS) 192.168.1.211 192.168.1.211" as that IP address is already excluded from active protection as you wrote.
     
  8. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    Nothing is logged when I try to print. The only event is when I power the printer on. My thought is that the printer tries to communicate with my PC, fails, and then never tries again until I reset it. If I power on my printer with the Firewall enabled, I get the error, then if I disable the Firewall I still can't print until I restart my printer with the Firewall disabled. To add I setup a constant ping to my printer and it will time out until I follow the procedure of disabling the Firewall and restarting my printer, this is the only way I can get the printer to communicate or respond. Below are the logs I see.

    This event occurs constantly (a few times a minute) when the Firewall is enabled. No idea what it means but figured I'd paste it.

    2/21/2012 9:53:27 AM No application listening on the port 0.0.0.0:68 255.255.255.255:67 UDP

    This is the error I see twice every time I power on my printer with the Firewall enabled.

    2/21/2012 9:33:52 AM Packet blocked by active defense (IDS) 192.168.1.211 192.168.1.211 ARP
     
  9. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    Also to be clear. I have added that IP to be excluded and I still get the same event every time. So it seems like ESET is ignoring my rules.
     
  10. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    I may be off here but have you verified that your protection mode is set to "Allow Sharing" vs "Strict Protection"?

    Steps 5 & 6 here
     
  11. ethandlowry

    ethandlowry Registered Member

    Joined:
    Feb 20, 2012
    Posts:
    7
    Location:
    USA
    Yup that's selected. Firewall is setup as automatic with exceptions, etc. Is it possible the rules are corrupt? Is there a way I can reset all the settings as if I had just installed ESET and try again?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There are several things you can try:
    1, disable ARP cache poisoning detection in the IDS setup
    2, switch the firewall to learning mode
    3, create a bi-directional rule that will allow all communication from / to 192.168.1.211
     
Thread Status:
Not open for further replies.