ESS 6.x bug - I would wait before using this version

Discussion in 'ESET Smart Security' started by jeffshead, Jan 20, 2013.

Thread Status:
Not open for further replies.
  1. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    I don't know exactly what's different about ESS v.6.x but I encountered an issue that could only be resolved by uninstalling and going back to v.5.x.

    I went over my settings with a fine tooth comb. I tried an upgrade install and uninstalling v.5.x before installing v.6.x. I even performed a bare-metal installation from the O/S up.

    Here's what happens with v.6.x:

    I use Dreamweaver CS6 for web development on a Windows 7 x64 box. I open a file (network share) in Dreamweaver, make some edits and save. As soon as I do that, I get a few alerts from other programs that are running in the background that they cannot access the network shares that contain the files they need.

    I then try to use Windows Explorer to access any share. It's as if they do not exist. I can access the shares if I use the IP instead of the name. What's weird is I can ping both the name and the IP address of the computer that hosts the shares and I can browse the Internet normally.

    I can recreate this issue every time I edit/save a file in Dreamweaver.

    I've checked and all necessary system services are still running and I've even tried restarting many of them.

    The only way to get the system to see and/or access the network shares via name is to disable and re-enable the NIC.

    So now I'm back to using v.5.x and all is working once again.

    This seems to be a bug or some new feature that needs to be tweaked.

    Anyone have any ideas? I see no errors other than the apps that loose connection to the shares.
     
    Last edited: Jan 20, 2013
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What module (real-time, web access protection, HIPS) needs to be disabled for the issue not to occur?
     
  3. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    I disabled all modules, rebooted, disabled firewall and protection and it still does it.

    Once I disable/re-enable the NIC, it does not do it until I reboot.
     
  4. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    Did some more testing.

    I can have everything enabled except for Network->Setup->Personal Firewall. If I disable EVERYTHING except for the Personal Firewall, the problem exists.

    This was hard to find because just disabling and enabling the firewall does not recreate the problem. You have to either disable the NIC or restart the computer after you enable/disable the firewall permanently to see the results.

    Again, I see this as a bug. This does not happen with any 5.x version.

    I enabled Log all Blocked Connections under IDS advanced settings but it does not tell me anything useful:

    1/20/2013 5:11:20 PM No application listening on the port 192.168.0.9:49213 192.168.0.7:49327 TCP
     
    Last edited: Jan 20, 2013
  5. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    Further testing seams to indicate that this is happening only when using Dreamweaver CS6 to open or edit certain JavaScript files that are located on the LAN.

    I can use other applications to open and edit the same files and this does not happen. I can save the same files to the desktop, use Dreamweaver to open them and I cannot recreate the problem.

    So it seams ESS v.6.x does not like some JavaScript files that are accessed via Dreamweaver over the LAN.

    Even though this was a clean install, I reset ESS back to defaults which removed all rules and zones. This did not help. One thing I did find out is that this problem does not occur if I set the firewall to Automatic Filtering Mode. The problem exists when using any other filtering mode. This is driving me nuts because I have always used ESS in Interactive Mode so I can always see what's doing what on my computer. Again, this does not happen with ESS v.5x.

    I'm out of ideas. What should I try next?
     
    Last edited: Jan 20, 2013
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does switching the firewall integration mode to "Only scan application protocols" make a difference or it works fine only when it's set to "Personal firewall is completely disabled" ?
     
  7. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    I do not encounter the problem if I select "Only scan application protocols" under Advanced Setup->Network->Personal firewall->System integration.

    I tried all of the other options as well. The only time I encounter the problem is when it's set to "All features active".

    As a side note, you have to either disable/re-enable the NIC or reboot for the changes to take place. I also noticed IE cannot be open when disabling/re-enabling the NIC or else the changes will not take effect.

    Thanks for the help :)
     
    Last edited: Jan 21, 2013
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please create two Wireshark logs with the network communication captured, one from the state when the issue occurs and one when it doesn't. When done, compress the logs, upload them to a safe location and PM me the download link.
     
  9. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    To make sure I'm clear on what you want... Do you want me to disable the firewall, start a capture, access a file that normally causes this issue? Then enable the firewall, start a capture and access the same file?
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's right. Before attempting to access a file, start logging the network communication.
     
  11. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    Marcos: PM sent :)
     
  12. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    For the sake of keeping record, I also left the firewall fully enabled but deselected "Epfw NDIS Lightweight filter" in the NIC properties.

    This did not help.
     
    Last edited: Jan 22, 2013
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In the Control panel - Administrative tools - Windows Firewall with Advanced Security, you should see a notification that reads "These serrings are being managed by vendor application ESET Smart Security". Click the green arrow labeled "Windows Firewall Properties" and set firewall state to "off" for all profiles. Let us know if that makes a difference.
     
  14. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    Made no difference. I also rebooted the computer after the settings were changed.
     
  15. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    Marcos, I went through my website and found a few JavaScript pages that enable me to recreate this issue every time I try to open them in Dreamweaver.

    I recreated a new file for each one by copying and pasting the content from the original. I cannot recreate the issue with the new documents.

    I don't know why opening the old documents in Dreamweaver causes this problem since I can successfully open them with any other application.

    The bad news is I was not thinking and I overwrote the old files with the new ones. I sure would like to know why ESS 6 had a problem with them but ESS 5 did not.
     
  16. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    I don't know which file(s) Eset is choking on, but it's still causing the issue when I perform a site wide search and replace in DreamWeaver.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Is an antivirus program installed on the remote computer from which you attempt to open the files in Dreamweaver? Also, enable logging of all blocked connections in the IDS setup as well as logging blocked communication to pcap as per the instructions here, reproduce the problem and eventually supply me with the pcap log, firewall log (in text form, not xml) and an example of a file that we could use to reproduce the issue.
     
  18. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    There is no antivirus program or firewall on the other machine. I've also found out that this issue is not limited to the use of Dreamweaver. I've experienced this problem while performing other tasks that require access to files on other computers.

    I will PM logs to you soon.
     
  19. jeffshead

    jeffshead Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    31
    I get the following alert a couple of times a day and loose connectivity when it happens:

    2/20/2013 11:52:52 PM Detected attack against security hole fe80::640e:4000:7a03:b85e.:445 fe80::2438:2498:559a:2c7c.:54383 TCP Win32/Exploit.RDP.CVE-2012-0175 System

    http://i.imgur.com/Bjs36HM.jpg
     
    Last edited: Feb 21, 2013
Thread Status:
Not open for further replies.