ESS 4.2 & foo_upnp

Discussion in 'ESET Smart Security' started by vassie, Aug 3, 2010.

Thread Status:
Not open for further replies.
  1. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Hello

    Ever since installing ESS 4.2 on my Windows 7 laptop I can no longer stream music via UPnP

    I have enabled UPnP in the IDS section (as discribed here http://kb.eset.com/esetkb/index?pag...arch&viewlocale=en_US&searchid=1280847951202), but still no joy

    I installed ESS 4.2 with the default settings

    This issue is really annoying and if I can't resolve it, I will be forced to look for another product

    Thanks

    Ben
     
    Last edited: Aug 3, 2010
  2. STRYDER

    STRYDER Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    99
    try disabling HTTP, HTTPS protection (at your own risk)
    When you're done streaming make sure you turn it back on.
     
  3. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    That didn't work
     
  4. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    I have set the firewall to learning move, and while it add rules for foobar2000.exe, the uPnP element still does not work
     
  5. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
  6. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Last edited: Aug 3, 2010
  7. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Setting the firewall on interactive, running foobar2000 and creating a custom rule for foobar2000.exe (allowing every port and address) works

    I can then set the firewall to Automatic mode with exceptions still works

    Can anyone tell me why Automatic mode does not work?
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Automatic mode allows all outbound communication and blocks any uninitiated incoming communication.

    In case the communication of a certain application is blocked, enable logging blocked connections in the IDS setup, reproduce the problem and then check the firewall log for details about the blocked communication. This will give you a clue as to which rule needs to be modified in order to allow the communication.
     
  9. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Here's my log file

    It is quite clearly blocking foobar2000.exe's UPnP requests, which I don't understand as UPnP is enabled for the trusted zone

    Code:
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55699	255.255.255.255:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55699	255.255.255.255:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	127.0.0.1:11607	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	127.0.0.1:11607	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55698	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:55698	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:2789	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    03/08/2010 20:49:48	Communication denied by rule	192.168.0.105:2789	239.255.255.250:1900	UDP	Block outgoing SSDP (UPNP) requests	C:\Program Files\foobar2000\foobar2000.exe	Ben-Laptop\Ben
    Ben
     
  10. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    I want to leave my firewall in automatic mode, can this be fixed? I have enabled UPnP for the trusted zone but it clearly does not work
     
  11. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Allow UPNP in the Trusted zone

    Enables UpnP (Universal Plug and Play), which allows for automatic configuration of network devices​

    I can only assume that this is broken, I have enabled it, but UPnP does not work for me, my laptop is in the trusted zone but I cannot see my UPnP media server
     
  12. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    I give up!

    Looks like I'll have to ask for a refund and find myself another security suite
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume the firewall is just doing its job. If UPnP is blocked in the TZ in spite of having it allowed in the IDS setup, continue as follows and provide the necessary stuff for perusal:
    1, leave logging blocked connections enabled in the IDS setup
    2, configure the firewall to create pcap logs with blocked packets captured per the instrucions here
    3, reproduce the problem

    Compress the following stuff to an archive, upload it somewhere and PM me a link to it:
    - pcap log
    - Eset firewall log
    - configuration of your ESS exported to an xml file (Setup -> Export/import settings)
     
  14. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Thanks Marcos

    I am at work at the moment, I'll try this later when I am home and I'll be in touch

    Ben
     
  15. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    PM sent
     
  16. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Port 1900 is a standard UPnP port

    http://www.grc.com/port_1900.htm

    So why is ESS blocking it in Automatic mode? I can only assume the FW is broken, what else is it blocking?

    I now have no faith in ESS
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It'd be a security gap if every application was allowed to communicate via UPnP by default. See this.
     
  18. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Why does enabling UPnP under IDS still not work then?

    Why should I have to create a rule to allow foobar2000.exe through?

    I would not expect ESS to block UPnP traffic on my home network!
     
  19. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    bump

    Why does ESS block UPnP traffic on my home network, even though it is enabled under IDS?
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    For security reasons, UPnP is enabled within TZ for system services. To allow UPnP for other applications, an appropriate rule needs to be created for the application. The developers will have a look at this though.
     
  21. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Thanks, can you let me know their response

    I feel ESS needs another mode, Automatic blocks things I need, Interactive mode is overkill, I don't want to have to review everything trying to get out, we need a new Automatic mode that asks us to review anything not taken care of automatically
    Thanks
     
  22. vassie

    vassie Registered Member

    Joined:
    Dec 4, 2007
    Posts:
    19
    Location:
    Hertfordshire
    Any news from the developers?
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This will be improved in future versions. In interactive mode, you'll be offered an option to create a rule for other applications and then switch back to automatic rule with exceptions. Outgoing UPnP communications within TZ will be enabled for all applications. Maybe a new option to allow UPnP communication for all applications within TZ will be added in the IDS setup.
     
    Last edited: Aug 18, 2010
Thread Status:
Not open for further replies.