ESS Firewall False Positives...

Discussion in 'ESET Smart Security' started by glitch82, Apr 24, 2008.

Thread Status:
Not open for further replies.
  1. glitch82

    glitch82 Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    7
    Even though this subnet is trusted, ESS is blocking packets from my Server 2008 AD DC at 172.17.0.5. It's also blocking information from my ISP's DNS servers, at 68.238.x.x.

    Why is this happening? I wish I could turn it off and switch back to Windows Firewall with Advanced Security, at least it doesn't block client/server packets critical to the correct operation of a Windows Active Directory network, except I CAN'T turn it off because you can only temporarily disable it. Eset also gives no option to not install the firewall component when installing ESS, and additionally, disabling the NT service would probably turn the ESS tray icon to red to indicate a problem when there really isn't one.

    Please review the following text file for more information. I apologize for the XML format, I accidentally deleted the TXT version and my log has been cleared since.
     

    Attached Files:

  2. glitch82

    glitch82 Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    7
    Well, I solved my problem. If you purchased a license for ESS, you can use it with EAV. Back to the Windows Firewall for me. Outbound notification was nice but if the pre-defined rules aren't compliant with Windows Active Directory networks then the product is no good. I was even getting domain authentication errors in Vista, and what alerted me to this is an undocumented feature of Vista that places a warning sign for the network icon in the Network and Sharing Center. The domain I am connected to has "(Unauthenticated)" as a suffix to its name. While the system is in this state, a lot of network resources were inaccessible and group policy processing was stalled.This error persisted even after I had disabled IDS for a lot of different attacks and disabled some pre-defined rules for blocking incoming connections. The Windows Firewall doesn't interfere with domain operations since its designed to accomodate for that, as I thought ESS's firewall was.

    An unrelated issue with the firewall was even though I had added a VMWare rule to allow all communications, and my virtual machine was bridged with mine, I could not access the virtual machine from another system on my network. Disabling ESS firewall allowed me to do that, and the same rule I created for Windows Firewall works just fine.

    Finally, I noticed that my system is much more responsive with the standard Windows Firewall. I didn't realize the degradation in performance immediately when I installed ESS firewall, but right now running EAV alone my system's network processing has increased substantially. Pages load faster in Firefox, for example, and my terminal services connection to my server seems quicker.

    I hope we can get this sorted out. I'm looking forward to being able to use ESS Firewall again, after all, I paid for it, and I had tested both EAV and ESS before I went with ESS because I initially liked the firewall but I didn't do enough testing it seems. I'm hoping someone more experienced might be able to help. :)


    Edit: It may help to list my specs.

    Vista Ultimate 64-bit Edition
    Intel D975XBX rev. 304
    Intel Core 2 Quad Q6600
    4GB DDR2 800 PC26400 memory
     
    Last edited: Apr 24, 2008
Thread Status:
Not open for further replies.