ESET Firewall blocking all traffic in interactive mode

Discussion in 'ESET Smart Security' started by MindTwisted, Apr 19, 2009.

Thread Status:
Not open for further replies.
  1. MindTwisted

    MindTwisted Registered Member

    Joined:
    Apr 12, 2009
    Posts:
    15
    Under XP SP3, version 3.0.684.0 of ESET smart security is blocking ALL internet traffic when in interactive mode. In automatic mode, it works fine. V4 has also done this to me, and it has happened several times now. Putting the settings to default and removing all my rules doesn't help. A full uninstall/reinstall is needed to make the firewall work again...for a day or two anyway. With the firewall disabled, everything works great. No entries are found in my log files, and no error or message boxes ever pop up...the firewall simply blocks everything in interactive mode. What causes this?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you enabled logging all blocked connection attempts in the IDS section? Subsequently you should see details about the blocked connections in the firewall log.
     
  3. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6
    How about a revival of this old topic?

    I'm experiencing this exact problem. I just enabled logging of blocked connections, but I really don't see how viewing what's been blocked is going to solve anything.

    I can give specific examples of things being blocked when they don't yet have rules in the firewall: Games. Let's say I reinstall Everquest 2 and want to play it. Well, I have ESET in Interactive mode, which is SUPPOSED to ASK what to do with a new program that's trying to connect. Instead, what it will do is automatically deny the connection as if it were something I told it to block.

    It literally does this with EVERY new program trying to connect since the update to Service Pack 3 in XP. I realize it's not that big a deal to go in and manually create the rules, but it is rather irritating to HAVE to.

    Is there any way at all to make ESET default to ASK instead of deny while in Interactive Mode?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's the way it works. However, it sounds you might have blocked communication for svchost.exe after upgrading to SP3. If a change in it was detected and you blocked the communication for the new svchost.exe, it will affect other network-aware applications, too. That's why I suggested to enable logging of blocked connections so that you can see what rule is blocking it. If it's actually a rule for svchost.exe you can subsequently edit it and allow all communications for it.
     
  5. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6
    isn't allowing all communication for svchost.exe dangerous, though? i thought there were viruses or trojans out there that disguise themselves as such...

    Edit: I just removed the rules for one of the programs I use, and it created this log: 10/3/2009 11:16:03 PM Communication denied by rule 0.0.0.0:2749 82.96.62.202:80 TCP block this ~Snip~ C:\Downloads\MortalCache0578\Mortal Beta Launcher.exe KYLE\Kyle Evans

    There's no reason for that because I DON'T have a rule telling it to block that file. There's NO rule at all. It's not asking, just automatically blocking.
     
    Last edited by a moderator: Oct 4, 2009
  6. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6
    ok, wait a sec, you took the time to edit my post to remove the language that's already in YOUR application, but you don't respond to try to help me solve the problem?...

    Yeah, that makes sense....
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,732
    Location:
    Texas
  8. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6
    I was referring to the fact that I responded to Macros, and then some random moderator edited my post but didn't say anything helpful.

    Excuse me for the langage in that post, but all I did was copy the log from ESET and paste it in here.

    Anyways, back to the issue. I showed an example of what ESET is doing, and there are no examples of svchost.exe in any of the logs. Is there ANY way to make ESET default to ASK instead of DENY when in Interactive Mode OTHER than the svchost.exe being blocked?

    I mean, really, you'd think there should be a configuration to customize that....
     
  9. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Go into zone and rule editor and click the plus sign and delete whatever it allowes you to delete, and then set the firewall to interactive mode and start over again.then nothing should get denied or blocked, unless you set it so when asked.Your rules must have got screwed up, just delete them and let it learn them again.... simple.


    Also, if you allready have it set to interactive mode, that means you clicked the wrong button and then remembered the setting to block that app.So it's user error, if something goes wrong in interactive mode.

    Service pack 3 for XP has changed some things, but nothing that would cause this problem your describing.

    All this being said, I am testing ESS and I don't like it.It won't even let me run http://www.pcflank.com/index.htm tests, instead of blocking all the attacks, by default it just seems to block communication completely, and thats not what a firewall should do, nor do I want it to do that and don't feel like fiddling with settings to make it work the way I think it's supposed to work.I'm gonna stick with what I was using B4, lets me run any firewall check from any site and it simply blocks all the simulated attacks, while still allowing communication so the test can finish.

    Also, when my previous firewall was set to learning mode IE automatic, it still let me see the rules and edit them completely, which ESS doesn't do, I don't like that either, so i'm dumping it.

    I understand that the way I want it to work the log files would fill up from the attacks, but thats still the way I prefer it to work, instead of blocking the first attack from an address and then all subsequent communication from the same address for that session.The way ESS works would be good for torrent programs though I guess, because after you close your torrent program, people are still trying to connect to your computer for hours or even days after you shut off the program, in that case I would want it to " temporarily " block communication.
    Untitled.gif
     
    Last edited: Oct 5, 2009
  10. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6

    No offense, but can you not read? I said that it's automatically blocking programs that do not have rules yet. It's NOT ASKING like it's supposed to in Interactive mode, it's just denying communication entirely. Deleting all my rules will do NOTHING to help me and just make it so I will have to manually add them all back in again. No thanks.
     
  11. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Whatever.... your on your own then.There must be a rule set that you can't see, or else it WOULD ASK YOU.Thats why you go in and delete everything and start over.......... don't want to do that ? then it's your problem now and your on your own, I doubt anyone here can help you further than.
     
    Last edited: Oct 5, 2009
  12. piccolo113

    piccolo113 Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    6
    Seems to me that's the exact problem I'm having. Thanks for repeating it for me, though :)
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There must be a blocking rule created that prevents the communication. You can back up your current configuration, remove all rules and enable learning mode for a short period of time so that all necesasary rules are created automatically.
     
Thread Status:
Not open for further replies.