ESET SS Personal Firewall

So I've been having steady problems with the Eset Smart Security Personal Firewall 4.0 ever since I bought the program. At first, it would prevent my wireless card from accessing my home network completely. I sent in an email to ESET support and asked for help. After a week, I was told to uninstall and reinstall EST SS. I did it, didn't help. I tried to disable the firewall, but everytime I restarted my computer, I was given the message "New Hardware Detected" and asked to install or find drivers for it. I just ignored it and I could get internet, that resets itself every 5 minutes or so. I Checked around the Support page for the Firewall, and I tried to uninstall the Firewall Miniport #10 that was on my wireless card, still the same problem, internet keeps resetting. I kept submitting help queries, but they only respond every week or so, and it's usually along the same lines of "Uninstall, reinstall, uninstall, reinstall, etc..."

I have tried everything I could find on the Support page, as well as this forum for other people with the same problem. I've currently already set the Firewall to Allow Sharing, turned on all the Allowed Services, set it to Interactive Filtering, and set the rule for Allow All, as per the support website directions. I've tried to do the full uninstall, along with all the various programs to make sure the registry is cleaned, there's no unfinished uninstalling, etc. This is a brand new computer, custom built and I have no other AV or Firewalls whatsoever. It's running Windows XP 32-Bit, SP3. Intel Core2Duo, I use a Linksys WMP110 Rangeplus Wireless PCI Adapter. I have the 2Wire HG1000 modem. Is there ANYONE that can help me out with this problem? I'm a pretty big gamer and I can't stay connected to Bnet for more than 5-10 minutes at a time.




Virus signature database: 4174 (20090620)
Update module: 1028 (20090302)
Antivirus and antispyware scanner module: 1225 (2009061
Advanced heuristics module: 1092 (20090309)
Archive support module: 1096 (20090616)
Cleaner module: 1041 (20090603)
Anti-Stealth support module: 1012 (20090526)
Personal firewall module: 1046 (20090429)
Antispam module: 1011 (20090114)
SysInspector module: 1213 (20090507)
Self-defense support module : 1005 (20081105)

 

~removed un-necessary and unfounded verbage....Bubba~
They only provide upgrades to "stable" version when the major version is "obsolete" (ESS 3 get program updates to the latest, know doubt because the current is the last v3. Expect the same from v4. Says a lot about ESET's confidence in their product).

If you want stable protection "downgrade" to Nod32 (your licence covers it).
Then use the windows firewall (protection is not that different to ESS in the default automatic mode). Or if you are keen add 3rd party firewall

 

Yeah, except my problem is with a Firewall, so I don't really want to add anymore. The oddest part is, my internet is stable if I'm not doing anything, or just surfing the net or DLing off bittorrent. Only when I start playing games, does the internet die.

 

In Setup -> advanced set up -> Personal firewall -> IDS and advanced option (need to be running ESS as Admin)
Enable (so you can see how it is getting it wrong)
..log all blocked connections
..Log blocked incoming worm attacks
Disable
..Block unsafe address after attack detection - reduces repeated false positive
..DNS poison attack detection - can't handle many routers & distributed servers
..ARP Poison attack detection - significant false positive problem in past

If it is still not working disable as much Intrusion detection as can.
If still not working disable ESS firewall
Could try firewall version 1047
..In Setup -> advanced set up -> Update -> Advanced setup -> enable test mode

 

I appreciate the help, but those are all steps I've taken already and none seem to work.

 

As a non-techie I find the firewall somewhat complicated.
Would 'automatic mode' be fine for playing games ? In Eset SS version 4 'automatic mode' does not provide any outbound protection.
I use 'interactive mode'.

But maybe it has something to do with inbound traffic, the firewall interferes with time synchronization. Sometimes I get a request for inbound traffic, and if I temporarily allow it I can synchronize the time.

Btw, did you use Eset's uninstaller ? I assume they have one.

 

Probably not as it mostly allows all outbound traffic but block all inbound traffic.
Multi-player games generally receive information from other players (not all via server). This inbound traffic gets blocked.

The simplest is set it to interactive. Play the game adding rules as required. Then edit the rules to cover the minimum general set.
Then set to automatic with exceptions (ie automatic plus the rules you just made)

Happens any time ESS looses relationship between previously sent request and it's reply. But yes inbound traffic is an issue with games, and yes the ESS firewall is a pain in the but to set up properly (especially when their recommendation is a clean install between versions).

 

Well, they have a Support page that has you turn it to Interactive, and then make a new rule to Allow All, incoming and outgoing, and then have you turn everything else off. This still doesn't work, for when people try to connect to me, Eset interrupts my wireless and my internet resets. Now, I pretty much disable ESET completely when I want to play anything online, but there has got to be a much better way than that...

 

ESET have built their expertise and reputation in malware detection over several years. Nod32 is a good product.
I suspect, you like me assumed their suite would be of similar quality.
In reality they are only very new in the firewall / email spam / suite business. Their current product reflects this fact. I have no reason to doubt they will eventually have a good product however it is a mistake to believe the suite is as polished as nod32.

If you don't like that approach then helping ESS debug their software is the only alternative. I suspect this requires 2 things.
1) Adequate problem characterisation from you. Software, firmware, hardware, router details etc. They typically also want a wireshark traffic capture log.

2) ESET priority to look into your problem. And to be fair to ESET, there are some potential complications with your problem. Games are often written using non-standard interfaces, generating traffic to / from multiple external locations, so could appear similar to malicious software. Further if the games are not from well recognised sources, they could contain malicious software. So while I assume ESET would like to address your problem, they may have higher priorities.
(BTW my guess is no better than yours)

 

Hello JerryhShen,

Have you tried the steps in the Knowledgebase located here:
http://kb.eset.com/esetkb/index?page=content&id=SOLN969

 

Wayne, the link you posted will not load for me, but I have gone through their support page and tried everything listed on there for the Firewall 4.0

Yes patch, I am currently emailing them, and doing what they ask of me. I have already used Sysinspector and sent in the results. Today, they had me copy/paste my firewall logs and I actually had a lot of problems with that.

The first time I tried to copy/paste the log, Eset would keep loading the log over and over. I finally had to turn off the firewall to be able to copy everything. The second time, ESET crashed and turned off. The third time, Firefox froze as I tried to Copyall and paste it into the email. I finally had to copy/paste it in small chunks, but pretty much every entry in the log is what I posted below.

It's pretty much a LOT of this:
6/22/2009 10:45:35 PM Packet blocked by active defense (IDS) 91.117.240.77:36992 192.168.1.74:2811 TCP
6/22/2009 10:45:33 PM Packet blocked by active defense (IDS) 189.102.235.38:51000 192.168.1.74:1458 TCP
6/22/2009 10:45:33 PM Packet blocked by active defense (IDS) 65.55.179.31:443 192.168.1.74:1843 TCP
6/22/2009 10:45:33 PM Packet blocked by active defense (IDS) 65.55.179.26:443 192.168.1.74:1841 TCP


That stuff goes on forever and ever. I tried highlighting a big chuck, and then scroll up and down to get a idea of exactly how much there is, couldn't see anything at all, scrolls right pass when I manually scroll with the mouse.

The games I play are actually pretty well known in the computer world, Warcraft 3 and Left4Dead being the two games I play the most online.

 

It sounds like the link I sent should be to solution to your problem. Here are the steps from that article:

1. Open the main program window by clicking the ESET icon next to the system clock or by clicking Start → All Programs → ESET → ESET Smart Security.
   
   
2. Press the F5 key to display the Advanced Setup window.
   
   
3. From the Advanced Setup tree on the left, click Personal firewall → IDS and advanced options.
   
   
4. In the Intrusion detection section, deselect the following options:

• ARP Poisoning attack detection
• DNS Poisoning attack detection
• TCP Desynchronization attack detection
• Reverse TCP Desynchronization attack detection

 

Yes I actually already did that. The email from Eset wants me to uninstall and downgrade to Nod32. Seems a bit backwards that I paid for SS and I have to downgrade to something else....

 

have you tried version 3? i just foolishly tried v4 again. clean install, manually removed v3. to start 'undocumented error x3) rebooted windows lost my roaming profile? rebooted again steam couldnt connect firefox could nothing else could except smart which updated itself. rebooted again lost roaming profile (im guessing this is because i use non signed drivers for everything)
anyway it was all over the place.
back with v3 stable fast and everything's connected, and took 25 minutes to clean v4 from my system.

 

Hello,

A new version of the ESET Personal Firewall module, Build 1049, is now avialable which contains fixes for some issues with DNS servers. I am not absolutely certain if this applies to your situation, but if it does, then installing the module could get you up and running with ESET Smart Security.

If you would like to test the module, , please follow the steps in ESET Knowledgebase article #2277, "Slow or no Internet connection: Personal firewall module 1047" to install it on your computer.

Regards,

Aryeh Goretsky

 

Thanks for the tip Aryeh, I've just installed 1049 and am about to take it for a test spin on Bnet. Hopefully it works, but I'm still having the problem with The Firewall Logs, it won't stop loading. It'll load, then refresh the page, then the load bar comes up again. It doesn't stop unless I turn off the firewall, or click Cancel and move to a different page in the AV menu.

 

Please make sure that you don't have logging all blocked connections enabled in the IDS section of the firewall setup.

 

No offence Marcos, but wouldn't it be better to get that fixed?

I have a problem with the refreshes too, i dont see the point of a window you cant see the information in because it constantly refreshes.

Perhaps a refresh button as opposed to an automatic refresh would be better option?

 

I agree, it's very confusing as well as frustrating for people that aren't intimately familiar with the software.

 

~removed un-necessary spillage~

Glad to here you are getting some support from ESET, even if it is not the answer you wanted to here.

When the firewall log gets long it is slow to update.

Solution:
1) Temporarily switch off firewall logging
2) Copy all the log and paste it into a text file.
3) Delete the log in ESS
4) Re-enable logging

If you are still getting frequent additions to the fire wall log, then chances are your internet connection is not going to be working that well, limiting the value of detailed further testing.

 

Yeah, I ended up just copying a small chunk of the logs and emailing in to them. I am in contact with them, but they just tell me to uninstall Eset SS, and install Nod32 as well. Currently tho, following the advice of agoretsky, I updated to ver 1409 and it's working well. I havn't been kicked off the niternet yet, and I havn't had to turn off SS. My logs are still being flooded tho... but the connection is stable.

 

I spoke too soon... the disconnects are happening again, unless i turn off ESET completely...

 

Hello,

If you enable Test Mode, you should now be able to download ESET Personal Firewall module build 1050. Can you please do so and report the results back?

Regards,

Aryeh Goretsky

 

Well, I upgraded to 1050, and still the same problem. I have high speeds, but every 5-10 minutes, my internet connection dies completely for about 10-15 seconds, then it becomes fast again.

 

Thank you Bubba for closing my other thread without trasnferring what I wrote over. Now I get to retype all that all over again. Oh wait, I can't because I'd be violating the TOS. I'm just trying to show the redundancy of ESET support and to back up my claims that in the SAME email and SAME case number, they ask me for my contact information and to run diagnostics that I have already completed and submitted, and that I'm being run around in circles.