Eset servers being blocked PeerGuardian 2's P2P

Discussion in 'ESET NOD32 Antivirus' started by Escalader, Feb 20, 2008.

Thread Status:
Not open for further replies.
  1. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    That's true.

    Perhaps Eset should ensure whatever is being 'detected' by bluetack from Esets UK servers is applied to all their servers then PG users will have a hard choice to make.
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi LowwaterMark.

    With respect I think I understand the situation but differently. No news there:D

    As a Nod32 user and a PG 2 user, I would like both applications to run on MY PC and not be dictated to by either of these vendors. With PG 2 I can stop them at will from blocking any Eset server. With Nod32 they are trying to stop the user from using PG2 by tagging it as a threat. The solution lies with the vendors not the users, who are suffering collateral damage.

    Yes I might find I can't get an update. When that happens all any PG2 users have to do is disable it for the update and then enable it when done. Or they can go to the p2P list and remove the range that is blocking these Eset servers. It's easy

    Yes there are always unintended consequences, but as before all the user has to do is disable PG2 for the update and carry on.

    Yes this is not a small issue. If I had felt that I wouldn't have started this thread! When the day comes that they add all those vendors this thread will not matter. No we should not assume that there is a good reason nor should we assume there isn't. If Bluetack has incorrectly id's these servers as P2P monitors they should correct the error. If Nod32 is wrong then they need to act as well.

    What we need is the facts of the matter as to why these ip's were added. A bad conversation between 2 vendors is not IMO enough to make the case

    For now, I have added pg2.exe and it's folder to the Eset exclusion list and I'm continuing on with both applications.

    This is a 2 vendor problem and as the messenger here I feel I'm being "killed" like the ancient story goes! :D

    Let someone else carry on. I'll wait.
     
    Last edited: Feb 21, 2008
  3. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    To my mind the burden to clarify is on BlueTact.
     
  4. Meister

    Meister Registered Member

    Joined:
    Apr 8, 2007
    Posts:
    32
    Just tested and the update servers are only blocked if you have the "Block HTTP" option activated.

    PeerGuardian also blocks Comodo for example.
     
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    TOP News
    Eset War Against PeerGuardian
    good job eset
    for detecting PeerGuardian as virus
    eset want's there server's back
     
  6. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    PG2 is not an application to keep your computer protected. It's an application to keep the person using the computer protected when using software illegally or sharing/downloading copyrighted software. Based on their reply when they say "We block all commercial software companies and all companies that produce copyrighted material" they do not deny the purpose of this application either. Some people might say they use it for privacy, but i find that hard to believe. There are other software available for that purpose that is much better and less hassle. For filesharing like Bit Torrent those might not be suitable because you have to communicate with a lot of unknown IP addresses, but still you want to block communication with sites that you don't want to find out about your activites.

    This is not the first time i heard about PG2 causing problems like this and unless you got something to hide i cannot see how using PG2 is a benefit considering these kind of issues where it cause problem for other security applications. Even if i like that eset doesn't try to include everything that might be releated to illegal filesharing as a threat i couldn't care less if PG2 is detected as a threat.
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,651
    Location:
    Throughout the USA and Canada
    ok - I don';t get it...

    List 2 blocks:
    isn't that ANY software company producing software which they sell licenses for?
     
  8. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    666
    Location:
    Wembley, London
    Eset license expires soon and i'll be rid.
    How can you class a harmless piece of software a threat.
    The beef is not with PG2 but with Bluetack so why is PG2 being targeted.
    Users of Protowall (a similar ip blocker) would use the same blocklists.
    Eset i ask you to use some common sense and remove PG2 from your detection lists immediately, i think you will lose a lot of business otherwise.
     
  9. seaephpea

    seaephpea Registered Member

    Joined:
    Sep 22, 2006
    Posts:
    8
    I would just like to add some weight to this thread by saying I am in an identical situation. I turned my computer on this morning and up popped a message saying pg2.exe was being quarantined.

    Pretty outrageous. I can just about see why you might want to automatically add the update to servers to the PG2 allow list, or pop up an annoying message telling users to either do that or uninstall PG2, but anything beyond that is crazy.

    Really disappointing behaviour on Eset's part.

    Tom
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Meister:

    Does Comodo tag PG2 as a virus?

    We have to be clear here PG 2 blocks nothing by itself without the lists the USER chooses to exploit.

    It is the lists you and other users choose to load from their menu of lists. It would be possible as just an example to load no lists of blocking sites from BlueTack via PG 2 and build our own lists over time one range at a time. Then Eset still tags Pg2 as a virus.

    Reviewing the copy of the p2p list finds many examples of major software companies being blocked.

    Microsoft
    Checkpoint Software
    IBM
    Symantec
    McAfee
    Kaspersky Labs
    ZoneLabs, Inc

    They are all there in dozens of multiple ranges of ip's yet we see zero posts on them tagging the PG 2 S/W as a "threat"? Those firms must be dealing with the matter differently. If they can do it so can Eset.

    Consider this, I can delete/ disable the p2p list from my PC and Eset still tags it as a virus, punishing their own customer base. The other major firms don't do that.

    I find today that even though I have indicated to NOD32 S/W that PG 2 is to be excluded, Eset ignores this instruction! Who owns my PC anyway?

    I wish Eset would just stop and rethink their approach just as the other majors have already done.

    I was wrong to say that if the day came that these majors were included the thread would no longer matter, they are there and NOT doing what Eset has done.

    BTW, those who say p2p list are a cover up for illegal activity do user who are serious about privacy a disservice.

    Just because you pull the shades down on your window doesn't mean you are guilty of something. That view reminds me of "big brother" is watching you so why worry you have nothing to hide do you! A WW was fought over the right like privacy from dictatorial actions.
     
  11. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    666
    Location:
    Wembley, London
    Protowall (ip blocking software) that uses the same Blutack lists is fine.
    Guess i'll install that until the people at ESET see sense.
     
  12. Magritte

    Magritte Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    19
    I'm sorry but I have to agree that there's something fundamentally wrong with tagging an application that a user is intentionally running as a virus simply because it conflicts in some way with NOD32 (as opposed to a real virus/trojan that intentionally tries to disable or limit NOD32's functionality without the user's consent).

    What about a user (unwisely) trying to run a second antivirus program, or maybe an anti-spyware program that conflicts somehow, or a misconfigured firewire that prevents updates, etc... Will NOD32 start arbitrarily deactivating other software it considers undesirable due to conflicts, without concern for the potential collateral consequences to security or privacy that this might cause?

    To me this isn't a specific issue with PeerGuardian but what I feel is an overreaching policy decision by ESET. In this particular case, for instance, PerrGuardian (which can essentially be considered a misconfigured firewall) can be configured by the user to resolve the software conflict without disabling the application entirely.

    Therefore, it seems to me it would be a much better policy decision to develop a system (if it isn't already in place) for NOD32 to deliver important messages to the user rather than take unilateral action. Or at the least there should be a special case where the user is informed of what the conflict is, provided with any instructions on how to manually resolve the conflict, then given a choice as to whether they want NOD32 to go ahead and deactivate the application or not.

    That being said, I'll concede that ESET has classified PeerGuardian as a potentially unwanted application rather than a virus or trojan, so at least they haven't gone completely overboard in their response. The problem is that, quite frankly, NOD32's setup is still somewhat confusing. I'd like a clarification on exactly what is meant by "unwanted application" as this type of action makes me think I might want to disable this type of scan. Perhaps what's needed is a new classification called "potentially conflicting application".

    In my current setup, all suspicious files are simply deleted and quarantined. Is it possible to make an exception, so that all suspicious files are deleted/quarantined, EXCEPT for "potentially unwanted application", for which I'd be asked instead if I want to delete/quarantine it or else add it to the exclusion list?

    Thanks.
     
  13. Seljuk

    Seljuk Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    1
    I quite agree with those that have said considering PG2 a threat is ridiculous, particularly when it is not even their fault. A 3rd party list that blocks Eset servers should not lead to a program being considered a threat. A popup warning about the conflict (if possible) would have been much wiser.

    While I can understand Eset's view on the issue, labelling it a threat is a bit much and in some ways resembles school playground politics.



    Please note this set up is for NOD32 Antivirus version 3

    Double click the NOD icon in your task bar > click setup (you will need to toggle to advanced mode) > Click Anti-virus and Anti-spyware (will appear under the setup button in advanced) > Real-time File System Protection: Configure

    In the popup box, click on each appropriate option in the left bar and click setup on all settings that have the setup box. A second popup will appear, click "cleaning" and set it to no cleaning.

    This will not impede NOD in anyway, it will just mean that any time it spots something suspicious it will ask you what to do with it. :)

    Also while in the NOD console, click Edit Exclusions to manually add PG2.exe to the exclusion list.
     
  14. Moore

    Moore Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    82
    Location:
    land of ?z
    Hi, well let me make some comments on the subject while it's still spiralling out of control.

    I'm sorry for the guys at Phoenixlabs that Eset have wrongly targeted their Peerguardian application for something beyond their control.


    It was not our intention to block any specific update servers belonging to Eset, the inclusion of those IP ranges came about after a p2p user discovered IP's from eset on the p2p network they were using and submitted them for inclusion on the list.

    The P2P list is intended primarily for use with P2P applications and not for the specific purpose of blocking anti virus updates from any one particular company.

    I understand that no one likes being blocked and that Eset's thirst for vengeance must have been high after finding out about their blocked IP ranges, and this made them temporarily corrupt at making sensible decisions.


    I'll try to explain what is happening from our point of view because I can see many people here do not fully understand or are being one sided about the situation.


    All we are doing at Bluetack is making use of publically available information, placed in text files, for the purpose of total control over who can connect to and from our own computers.

    Thats it.

    We cannot be held responsible for how someone uses the information once they download it.

    The user decides to download the information to begin with. The user makes the decision to install the software which allows that information to be used.

    We cannot be held responsible for users opening Internet Explorer or Firefox to download illegal warez or illegal porn, just as much as the makers of Peerguardian can be held responsible for any activities users may or not be engaging in.

    PG2, Protowall, Outpost/Blockpost & Online Armor etc are tools available for people to use however they wish, to block whatever they decide.

    We support the use of IP blocking to restrict any unwanted connections from accessing our computers, fullstop.

    I reserve the right to decide who or what can access my computer sytem, I decide what software stays or goes on my own computer, not microsoft, certainly not eset.

    Clearly some users are incapable of handling the high level of control which is possible with IP blocking and they should not be messing around with things above their level of expertise. It's a free world in most places however and there are no restrictions on who is able to download such software.

    If you don't like having that level of control then you don't have to use it, we don't force anyone, we don't charge any money for anything and we don't even expect people to agree with everything thats added to the lists.

    Most importantly there are functions available in many of the popular IP blockers to unblock/permanently remove anything that you don't want to be blocked. Seriously, the user has the last and final say about what they want or don't want to block.

    Unlike Eset, we support the user being able to make decisions for themselves about their own computer systems, in fact we encourage users to take more responsibility for what is happening on their own system.

    The P2P list is very comprehensive, but it is still just one of many lists we provide, each has it's own specific purpose.

    We reserve the right to block anything we feel is neccessary, not mention that the blocklist users themselves can submit ranges for inclusion. Users even have the ability to add ranges of their own that are not already on the lists.

    If anyone wanted to look they would see we also maintain lists for blocking ads, spyware, malware, spiders and bots and all kinds of other things that some people may prefer to keep out of their system.

    We are pro choice.. We dont discriminate. The lists are nothing more than suggestions of IP ranges people can either choose to use or not use. To block or not to block, that is the question.


    If you don't agree with what we block in a particular list there are a few options available, simply remove the IP range from your list or hey don't download it in the first place. People are free to question the inclusion of any IP ranges at anytime, but threats or demands will do no one any good and won't ever help to get anything removed.

    It sounds simple to me, but some people still don't quite understand they have the choice to decide, maybe they are so used to relying on other people to make their decisions for them, they miss 'that' crucial aspect of it all.

    Eset punishing PG2 users is simply ridiculous and I hope there is at least one person in that organisation who will be able to eventually come to their senses and fix the mistake..

    I fully expect Eset to either remove the flawed and incompetent misidentification by NOD32 of the IP blocker PG2 as a virus/threat or continue on with their madness and also add every other IP filtering application that our users have at their disposal.

    This means all software firewalls and all p2p applications at the very least.

    Moore
     
    Last edited: Feb 22, 2008
  15. Magritte

    Magritte Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    19
    Thanks. Unfortunately, this just highlights what I think are some serious flaws in NOD32's UI. For starters there appears to be zero granularity in the cleaning settings. The same settings affect all threat types so I can either be prompted for everything, or prompted for nothing, but there is no way to be prompted for things on the "unwanted application" and "unsafe application" lists while not being prompted for everything else. Since the above categories may or may not contain legitimate applications that I choose to run on my system, I'd like to be prompted for those while everything else, presumably, is really an unwanted threat and I just want NOD32 to take care of them...

    The other issue seems to be an inadequate exclusion system. There's no easy to exclude items. (At least for advanced users) this should be an option in the popup prompt and there should be an option in the quarantine to restore and exclude an item that I feel was deleted inappropriately. Instead the only way to exclude is through the exclude dialog. Even then, NOD32 seems to only exclude based on pathnames, not on any measure of file content. This means that if I exclude a file, and that file later gets modified by a virus, it will continue to be excluded. There should be some mechanism to exclude the current version of a file, but note if that file gets modified, then prompt about the modification and ask if I want to continue to exclude the file or not. Maybe that doesn't matter, but it seems, at least on principle, a much more secure way to deal with exclusions.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    ESET users are able to exclude PG2 from being scanned.
     
  17. Shalimar

    Shalimar Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    1
    Ultimately it comes down to PG is NOT a virus etc... and therefore it should never be added to the NOD32 database.

    Therefore I am refusing to install/sell/support NOD32 on any of my clients systems until Eset comes back to reality.

    After reading through this thread and seeing the response from Eset about this issue I will speak with $. Perhaps thats what they will respond to.
     
  18. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    To make it clear for everyone, the fact are as follows:

    - we have tried to discuss the block of IP ranges vital for our software function. We have sent cease and desist request. We have tried to discuss the block via IRC. The other party refused our arguments and we received kick/ban. Apparently they didn’t want to discuss the problem at that time.

    - I would not say that requesting to solve the issue by removing our IP range could be labeled as overreaction.

    - we have to protect the functionality of our software

    - an aplication disrupting the functionality of our software is from the point of view of our users a potentially unwanted application.

    But we do not flag it a virus nor a trojan or alike!

    Code:
    From our FAQ:
    Q10: What are Potentially Unwanted Applications?
    A10: Potentially Unwanted Applications are programs that are not necessarily malicious, but may affect the performance, reliability or behavior of your computer. Such applications usually require consent for installation. Often computers will function differently after Potentially Unwanted Applications have been installed. 
    
    User decides whether to detect or not to detect potentially unwanted applications.

    Labeling our request to remove our vital IP range off the list as "frivolous legal threat" is their right.

    Serving a kick/ban to someone asking to clear the issue isn’t an overreaction? It‘s something I'd expect from a young teenager but not from a person who is involved in IT security.

    As for the list of IP’s, maintained by the large gathering of users under the Bluetack label – is it ADD ONLY? If anybody decides he wants to block something then it’s blocked? Has there ever been a call for unblocking some IP‘s?
     
  19. cyberdyne

    cyberdyne Registered Member

    Joined:
    Mar 4, 2006
    Posts:
    4
    I am in agreement.
    PG2 has started showing up as a virus on the machines I maintain, therefore, I will be a) uninstalling, b) not renewing subscriptions of, and c) replacing NOD32 with alternatives, this week from all of my clients' machines also.

    It's a shame, but this situation is ridiculous.

    Oh, and for the record, I have NEVER had ANY issue with using PG2 and Nod32 along side each other. All updates work perfectly and PG2 doesn't block anything necessary for NOD32's performance.

    Only today and yesterday has NOD32 starting reporting PG2 as being a memory infection, which is ludicrous.
     
    Last edited: Feb 22, 2008
  20. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    666
    Location:
    Wembley, London
    To mrtwolman:

    Your argument is with Bluetack YET you tag PG2 as the culprit, there is no connection are you not hearing us?
    All PG2 does is accept the .txt blocklists, as do many other ip filters/blockers as Moore already pointed out.

    Please remove PG2 from your definitions, You are damaging your reputation by tagging this at all irrespective of how you label it.
    When the 10 million PG2 users many i'm sure who use Nod32 realise, this will seriously damage your client base for sure, your bosses need to get a grip on this pronto!
     
  21. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Exactly. With that option it blocks pretty much anything. Mcafee, norton, kaspersky - everything. They didn't add detection for this completely harmless application however and I can't see why they should. Enabling http in pg2 and you are just asking for trouble anyway.
     
  22. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    What a mess> I can't believe the 2 parties can't work out some acommadation on this. Since they cannot I am now left to decide if I want one or the other. A gain I do not know which one to AXE but I do need Peer Guardian & there are many other antivirus' available.. How about AVAST Online Armor? Both are free.
     
  23. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    So I now know its close to impossible for the 2 apps to reside on the same disc. I guess that I will now need to move to a different AV. Just so ESET Knows I will remember their childish behavior as long as I use a computer. So be it.
     
  24. Magritte

    Magritte Registered Member

    Joined:
    Dec 19, 2007
    Posts:
    19
    Actually, it's not that hard to have them co-exist:
    1. Go to setup/exclusions: add "C:\Program Files\PeerGuardian2\pg2.exe" (you must do this before restoring PeerGuardian or it will be re-detected and deleted again)
    2. Go to the quarantine, click on pg2.exe and then restore
    3. reboot or use the recover PeerGuardian tool if you aren't able to load PeerGuardian
    4. In PeerGuardian disable block HTTP (this causes all sorts of trouble with many applications, including Windows Update...) or add the ESET domain or the appropriate IP addresses to an allow list in PeerGuardian (I've never done this so can't give specifics.)

    Voila...
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,391
    We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected. We expected that we would resolve this problem on a professional level instead of the communication attempts of our attorney with Bluetack ISS being refused and their childish unproffesional action of banning access to their forum from ESET's IP.
     
Thread Status:
Not open for further replies.