ESS 4 blocking Epson Network Scanner.

Discussion in 'ESET Smart Security' started by ianlin, Feb 23, 2010.

Thread Status:
Not open for further replies.
  1. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    Win 7 64bit, ESS 4 64bit. Epson Artisan 800 network printer/scanner.

    ESS is blocking Epson Scan. Program cannot start unless ESS firewall is disabled. Using interactive mode, Epson Scan software is allowed traffic. Both the computer and the printer has IP's assigned in the Trusted Zone IP range. I can turn off firewall, then start program, with the program open, turn on the firewall again. The program will work. But once I close the program, I cannot open it again unless I turn off ESS firewall first. It would appear ESS is preventing the program from starting.

    Any help would be greatly appreciated!
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try adding the printer's IP address to the list of addresses excluded from active protection (IDS). I've come across a case when a network printer produced port scan attacks which were correctly blocked by ESS.
     
  3. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    Thank you for your reply Marcos. I will try your suggestion. Can you tell me where is the menu for customizing IDS? Thanks. I don't know if this makes a difference, the log shows when I try to start the program with ESS firewall engaged, packets from my computer were blocked.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You'll find the list of applications excluded from active protection in the zone setup.
     
  5. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    I am sorry to say that adding the printer's IP address to the list of excluded IPs did not solve the problem. I also tried adding the PC's IP address to that list, did not work either. I did not find any way to exclude an application.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Hello ianlin,

    Does your firewall log show any information?
     

    Attached Files:

  7. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    My log page looks exactly like the screen shot you made. It showed a few "Incorrect IP packet length..." I then enabled logging of all blocked connections. Then it started showing this screen capture. Theses blocked packets did not coincide with my trying to open the program. The source IP is my computer. Not sure about target IP, but it's not the printer/scanner.
     

    Attached Files:

  8. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest creating a pcap log with the blocked packets captured per the instructions here and conveying it along with the relevant records from the firewall log to Customer care for perusal. The firewall log must be created with the "log all blocked communication" option enabled at the same time as the pcap log being created when replicating the issue.
     
  10. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    Rmuffler: Thank you. Tried the steps on the Knowledge Base, did not resolve the issue.

    Marcos: Thanks. I guess it's time to contact tech support. Either that, or remember to disable firewall everytime I want to use the scanner. Which, thankfully, is not too often.
     
  11. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
  12. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    This is yet one more illustration of an issue I raised with some different programs...ESS absolutely must have the option of true blanket whitelisting for trusted LAN domains and/or addresses>. It is ridiculous to have to go through such gyrations for IP addresses or ranges that we have already designated as trusted, and it is one of the things which seriously hampers the utility of ESS in the corporate environment. :mad:
     
  13. IAmMoen

    IAmMoen Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    1
    Same thing is happening with my computer. But I am lucky. My ESS license just ran out so I will make the leap to something else. Its ridiculous when you know what the problem is but you just can't make the program do what you tell it to.
     
  14. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello,

    Have you tried setting the ESS firewall to Learning mode then performing the activity? Learning mode will create rules for your activities and behaviors. When done, set the firewall back to Automatic mode with exceptions and your rules from Learning mode will remain. For more information see the following Knowledgebase article:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2118

    Thank you,
    Richard
     
  15. ianlin

    ianlin Registered Member

    Joined:
    Feb 23, 2010
    Posts:
    12
    I have used Interactive mode all along. But I did try learning mode, the program was blocked in learning mode as well.

    The issue appears to be version related. I have a XP computer with ESS 3, it does not have this problem. Just for kicks, I tried the ESS 4.2 beta. It was worse. With 4.2, the program is blocked even if firewall is disabled. I had to completely remove ESS 4.2 to get the program to work again. I would gladly downgrade to version 3 just avoid this whole mess. But ver 3 is incompatible with windows 7.

    I have contacted tech support. Received two replies so far. Each one telling me to try something that I clearly said I already tried when I opened the case. Now waiting for a third reply.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    See the instructions in my previous reply. We'll need to get the pcap log along with the firewall log created at the very same time with the log all blocked communication option enabled.
     
  17. igirard

    igirard Registered Member

    Joined:
    Jul 19, 2010
    Posts:
    2
    Has this issue been resolved?

    I'm experiencing the exact same problem on Win 7 64bit, ESS 4 64bit, with an Epson WorkForce 610 network printer/scanner.

    Just like ianlin, only when I fully disable the firewall, can I communicate with the scanning software. Even after creating an exception for all activity within the local subnet, I still can't communicate with the scanning software.

    Any help would be greatly appreciated.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What is exactly logged in the firewall log when you enable logging blocked connections in the IDS setup and reproduce the issue? Could you post a couple of relevant entries from the log here?
     
  19. igirard

    igirard Registered Member

    Joined:
    Jul 19, 2010
    Posts:
    2
    Here are several entries from the log. I've created both UDP/TCP rules, and IGMP rules, which should handle these requests, but it doesn't seem to work.

    8/5/2010 12:10:52 PM No usable rule found 192.168.2.4 239.255.255.250 IGMP System
    8/5/2010 12:10:52 PM No usable rule found 192.168.2.4 224.0.0.252 IGMP System
    8/5/2010 12:10:48 PM No usable rule found 192.168.2.4 239.255.255.253 IGMP System
    8/5/2010 12:10:46 PM No usable rule found 192.168.2.4 224.0.0.253 IGMP System
    8/5/2010 12:10:46 PM No usable rule found 192.168.2.4 224.0.0.251 IGMP System
    8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 239.255.255.253 IGMP System
    8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 239.255.255.250 IGMP System
    8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 224.0.0.251 IGMP System
    8/5/2010 12:10:24 PM No usable rule found 192.168.2.4 224.0.0.252 IGMP System
    8/5/2010 12:10:23 PM No usable rule found 192.168.2.4 224.0.0.253 IGMP System
     
Thread Status:
Not open for further replies.