ESS is blocking all pings to internet

Discussion in 'ESET Smart Security' started by HKPolice, Jun 23, 2009.

Thread Status:
Not open for further replies.
  1. HKPolice

    HKPolice Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    3
    I can't seem to stop it. When I disable the firewall, TJPingPro works fine, but when I enable it, nothing gets out. Only pings to LAN addresses work. The firewall never asked for a rule when TJPing tried pinging, but I created one for it manually and it still didn't work. I even tried adding to the "Rules with no application assigned" list and it still won't ping through.

    Pings done via command prompt still work, but both TJPing 1.2.1 and 2.0 don't.

    Version 4.0.437.0 on Vista64

    Any ideas?? :(
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    does it work if you enable automatic mode? did you view the rules controlling the app access?
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    What build of the ESET Personal Firewall module is installed in your copy of ESET Smart Security?

    Regards,

    Aryeh Goretsky
     
  4. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    It hasn't really been bothering me that much, But ESS's firewall had been blocking a type of ping for me too. When I get it to logged all blocked connections, it says, "Detected covert channel exploit in ICMP packet". The program in use is WC3Banlist(version 3.1.0.210), which is used when hosting multiplayer custom games for WarCraft III on Battle.net to ping other players.

    If interested you can download it at WC3banlist.de, it has a main installer file and then an update in a zip file which is extracted to it's installation directory and needs to overwrite any files already there.

    I'm using whichever firewall module came with ESS 4.0.437.0, and not the test mode.
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Can you tell me the build number of your firewall module?

    Regards,

    Aryeh Goretsky

     
  6. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    Sorry, wasn't sure how to find it till now. I checked under "About" and it says "Personal firewall module: 1047 (20090525)".

    So it's build number 1047. However since that build just came out today(according to the forum sticky), and I've been having the problem since I've bought a liscence for ESS(including the previous two released versions of v4), I don't think it's something new that's causing it.

    I'll update with test mode checked, and report back later after testing with 1049.

    Edit: Also to let you know, in the log files where it says "Detected covert channel exploit in ICMP packet", It gives my computer IP as the source(which is expected as I'm the one sending the pings).
     
    Last edited: Jun 24, 2009
  7. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    Ok so I haven't tested the pings in test mode, but deselecting ICMP protocol attack detection under IDS and advanced options allows the pings to go through. Any reason why it think's it's a threat normally?
     
  8. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    It would probably be helpful for ESET's developers to see what happens when you run a ping.

    Try enabling logging mode in the firewall per this ESET Knowledgebase article, running a ping and then emailing the resulting data to support@eset.sk along with a link to this message thread.

    Having that information should make it easier to troubleshoot the problem.

    Regards,

    Aryeh Goretsky
     
  9. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    I checked that article, but it says this.
    However I am getting entries, as I've said. Should I ignore this and go ahead? If so it looks a bit complicated so I'll wait till the weekend when I've got time to go through it.
     
  10. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Yes, a log can be helpful for troubleshooting this issue.

    Regards,

    Aryeh Goretsky
     
  11. Jager

    Jager Registered Member

    Joined:
    Apr 5, 2009
    Posts:
    26
    Hey I forgot to try that in the weeked, but started to try follow the article now. When I press F8 during startup it doesn't give me an option for safe mode(article says you have to be in safe mode for v4.0) though, so I'll have to see if there is another way. When I pressed f8 it only gave me an otpion fo what to boot from, e.g floppy, hard drive or dvd drive.

    Intersetingly after enabling and renabling self defense I had to renew my wireless connection by recconecting with the linksys wireless manager to access my router/the internet again. I couldn't just repair the connection by right clicking that in the sys tray.
     
Thread Status:
Not open for further replies.