ESET ISS 6 too aggresively blocking with "no app listening on the port" excuse

Discussion in 'ESET Smart Security' started by Grensgeval, Feb 13, 2013.

Thread Status:
Not open for further replies.
  1. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    I'm building myself a new system and after using a competitor's product for years, wanted to try ESET ISS 6 a go after hearing so many good things about it.

    The webdownload (trial) has been absolutely superb and I love the control it allows me. Except for one issue: it's unusable.

    I cannot complete downloads of a decent size, because ISS seemingly randomly blocks the traffic, which it does, according to the log file, because "no application listening on the port".

    This is most problematic, since it happens for HTTP downloads from websites, including my work webserver, as well as for Usenet downloads.

    At these event, the logfile explodes with many DOZENS 'no application listening on the port' event, showing proudly how 138.138.138.138:563 (made up IP) was blocked from its target, my machine at 192.168.222.222:50234, 192.168.222.222:50233 and 192.168.222.222:50235.

    A second later, all is back to normal. This is not a huge problem for Usenet connections or websurfing, as downloads will restart or will be resumed.
    Downloading a file from a website (say, a new ESET ISS trial... ;) ) wouldn't work, as every 30-100MB one of these blocking bonanzas happens.

    This is what it looks like:
    http://i.imgur.com/CUcd7jD.png

    Does anyone have a clue how to make this workable? I'd hate to go look for another firewall, as ISS does -essentially...- everything I want.
     

    Attached Files:

  2. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    No one?

    Is there perhaps a way to configure the firewall in a way that it completely ignores all 'application not listening on the port' events?

    Cheers
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    "No application listening on the port" message is just an informative message and is not the result of a communication block.
    Does disabling the firewall via gui actually make a difference? If not, what about changing firewall integration to "Only scan application protocols" or "Personal firewall is completely disabled" ?
     
  4. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    Disabling the firewall makes the issue go away completely.

    I tried every setting I could think of (filter-wise, so to speak) but no option I could find, or exclusion I was able to add, managed to get rid of this problem.
     
  5. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    UPDATE: I tried the current SS trial version on my wife's machine, just to see if I was going crazy or not. Now my wife is cross with me, but I know I'm certainly not crazy.

    The exact same problem crops up on her pc. Network connections are disconnected for a very short while, then resume. It's even evident on mapped network drives. As long as there hasn't been a disconnect, the mapped drive responds immediately, as if it's local. If there has been a disconnect, Windows take a while to connect (even saying so, literally, 'Connecting...') before it shows the folders' contents.
     
  6. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    This problem has proven impossible to solve. I've replicated the issue on several machines to rule out a weird Windows configuration on my part.

    With regret, the search is now on for a different firewall.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    "No application listening on the port" message is purely informative and does not cause any blocking. In your log I see that certain communication was blocked by a rule. Unfortunately, the "Rule/worm name" column was not included in your screen shot.
    I'd suggest you do the following:
    - clear the firewall log
    - enable logging of blocked communications in the IDS setup
    - reproduce the problem
    - copy & paste here the recent firewall log records
     
  8. Grensgeval

    Grensgeval Registered Member

    Joined:
    Feb 13, 2013
    Posts:
    6
    Location:
    Amsterdam
    Thank you Marcos, for your reply. I'm on a vacation with aforementioned wife this week, but next week will do as you suggested and report back! :thumb:
     
Thread Status:
Not open for further replies.