ESS 4 blocking Epson Network Scanner.

Win 7 64bit, ESS 4 64bit. Epson Artisan 800 network printer/scanner.

ESS is blocking Epson Scan. Program cannot start unless ESS firewall is disabled. Using interactive mode, Epson Scan software is allowed traffic. Both the computer and the printer has IP's assigned in the Trusted Zone IP range. I can turn off firewall, then start program, with the program open, turn on the firewall again. The program will work. But once I close the program, I cannot open it again unless I turn off ESS firewall first. It would appear ESS is preventing the program from starting.

Any help would be greatly appreciated!

 

Try adding the printer's IP address to the list of addresses excluded from active protection (IDS). I've come across a case when a network printer produced port scan attacks which were correctly blocked by ESS.

 

Thank you for your reply Marcos. I will try your suggestion. Can you tell me where is the menu for customizing IDS? Thanks. I don't know if this makes a difference, the log shows when I try to start the program with ESS firewall engaged, packets from my computer were blocked.

 

You'll find the list of applications excluded from active protection in the zone setup.

 

I am sorry to say that adding the printer's IP address to the list of excluded IPs did not solve the problem. I also tried adding the PC's IP address to that list, did not work either. I did not find any way to exclude an application.

 

My log page looks exactly like the screen shot you made. It showed a few "Incorrect IP packet length..." I then enabled logging of all blocked connections. Then it started showing this screen capture. Theses blocked packets did not coincide with my trying to open the program. The source IP is my computer. Not sure about target IP, but it's not the printer/scanner.

 

Hello ianlin,

Try the procedures within the following Knowledgebase article and let us know if that resolves the issue:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2217

Thank you,
Richard

 

I'd suggest creating a pcap log with the blocked packets captured per the instructions here and conveying it along with the relevant records from the firewall log to Customer care for perusal. The firewall log must be created with the "log all blocked communication" option enabled at the same time as the pcap log being created when replicating the issue.

 

Rmuffler: Thank you. Tried the steps on the Knowledge Base, did not resolve the issue.

Marcos: Thanks. I guess it's time to contact tech support. Either that, or remember to disable firewall everytime I want to use the scanner. Which, thankfully, is not too often.

 

Hello ianlin,

Please submit a support request here:
http://www.eset.com/support/contact.php#

Thank you,
Richard

 

This is yet one more illustration of an issue I raised with some different programs...ESS absolutely must have the option of true blanket whitelisting for trusted LAN domains and/or addresses>. It is ridiculous to have to go through such gyrations for IP addresses or ranges that we have already designated as trusted, and it is one of the things which seriously hampers the utility of ESS in the corporate environment.

 

Same thing is happening with my computer. But I am lucky. My ESS license just ran out so I will make the leap to something else. Its ridiculous when you know what the problem is but you just can't make the program do what you tell it to.

 

Hello,

Have you tried setting the ESS firewall to Learning mode then performing the activity? Learning mode will create rules for your activities and behaviors. When done, set the firewall back to Automatic mode with exceptions and your rules from Learning mode will remain. For more information see the following Knowledgebase article:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2118

Thank you,
Richard

 

I have used Interactive mode all along. But I did try learning mode, the program was blocked in learning mode as well.

The issue appears to be version related. I have a XP computer with ESS 3, it does not have this problem. Just for kicks, I tried the ESS 4.2 beta. It was worse. With 4.2, the program is blocked even if firewall is disabled. I had to completely remove ESS 4.2 to get the program to work again. I would gladly downgrade to version 3 just avoid this whole mess. But ver 3 is incompatible with windows 7.

I have contacted tech support. Received two replies so far. Each one telling me to try something that I clearly said I already tried when I opened the case. Now waiting for a third reply.

 

See the instructions in my previous reply. We'll need to get the pcap log along with the firewall log created at the very same time with the log all blocked communication option enabled.

 

Has this issue been resolved?

I'm experiencing the exact same problem on Win 7 64bit, ESS 4 64bit, with an Epson WorkForce 610 network printer/scanner.

Just like ianlin, only when I fully disable the firewall, can I communicate with the scanning software. Even after creating an exception for all activity within the local subnet, I still can't communicate with the scanning software.

Any help would be greatly appreciated.

 

What is exactly logged in the firewall log when you enable logging blocked connections in the IDS setup and reproduce the issue? Could you post a couple of relevant entries from the log here?

 

Here are several entries from the log. I've created both UDP/TCP rules, and IGMP rules, which should handle these requests, but it doesn't seem to work.

8/5/2010 12:10:52 PM No usable rule found 192.168.2.4 239.255.255.250 IGMP System
8/5/2010 12:10:52 PM No usable rule found 192.168.2.4 224.0.0.252 IGMP System
8/5/2010 12:10:48 PM No usable rule found 192.168.2.4 239.255.255.253 IGMP System
8/5/2010 12:10:46 PM No usable rule found 192.168.2.4 224.0.0.253 IGMP System
8/5/2010 12:10:46 PM No usable rule found 192.168.2.4 224.0.0.251 IGMP System
8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 239.255.255.253 IGMP System
8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 239.255.255.250 IGMP System
8/5/2010 12:10:29 PM No usable rule found 192.168.2.4 224.0.0.251 IGMP System
8/5/2010 12:10:24 PM No usable rule found 192.168.2.4 224.0.0.252 IGMP System
8/5/2010 12:10:23 PM No usable rule found 192.168.2.4 224.0.0.253 IGMP System