ESS stopping HTTP traffic

Hi,

I'm hoping someone can point me in the direction of an obvious problem with a setup I encountered yesterday. I should perhaps point out, that I have installed dozens of NOD's in the past (mainly AV) on various OS's and never had any problems whatsoever...until now

I installed ESS 3 on a friends home PC running XP media center edition. It had previously been running Norton, which was now fully uninstalled and I know other AV programs have also worked in the past as well. XP's built in firewall was disabled as the setup was sitting behind a good quality NetGear router.

The install all went very smoothly as did the sig DB update and even a full system AV scan etc. However, it became immediately obvious that the browser could no longer reach any sites at all. Whilst I say it was failing to connect, it did appear to be making a connection of some sort and would even sometimes manage to get the title bar updated into the browser, for instance, but would never manage to render any real bits of page and would just generally 'hang'. I tried IE and Firefox, both of which demonstrated the same symptoms.

Two other machines (one XP, one Vista) sitting behind the same router all worked without a hitch in case anyone suspects another external factor.

I then tried disabling all features of ESS, thinking that one of these may be causing the problem. Still no joy! Only when I uninstalled ESS completely (leaving the machine without any protection) did the browser kick back in correctly.

I should also point out that during the time when ESS was present, I could successfully ftp using Windows explorer, so it would appear the problem was unique to http traffic only.

One thing I did find slightly strange and which may be a complete red herring, or maybe not, was that trying to start a cmd window from Start->Run came up with an hourglass but would never return a DOS window. To do so, I had to right mouse click and "run as..." the current user (who was an Administrator already), but also I had to have the tick box that says "Protect my computer and data from unauthorized program activity" ticked otherwise the DOS window still wouldn't appear. It was almost as if the Administrator user wasn't really, if that makes sense?

Anyway, any thoughts would be gratefully received

Regards

DC

 

Did you use the uninstaller provided by Symantec on their website to wipe out all leftovers?

 

Wasn't aware there was one!?! I don't suppose you have a link?

Now you mention it, I do seem to remember a minor grumble, although it all disappearred from Control Panel. I simply put it down to do the sequence of removing the various elements.

Is this a known issue?

 

Ignore me...the link wasn't hard to find

 

Sadly, that doesn't appear to have made much difference, at least to the "run as" problem. I've asked my friend to go back around the loop and re-install EAV (rather than the full ESS) by way of a further test, but i'm not hugely optimistic.

Ths situation is further complicated by the fact that he has installed an alternative AV package by way of short term protection (from Virgin Media) and this is quite slow to install/uninstall.

Any other suggestions anyone?

I should also point out that I have his output from SysInspector if that would help, although it didn't appear to show up anything too controversial

 

That isn't going to help. What you need to do is remove all traces of all AV's then install ESS.

 

I for one can't think of a reason how installing ESS could cause the "Run as" problem.

 

We too are having similar problems.

One PC was working fine until this morning's update and now suddenly HTTP traffic is blocked. It has been running smart security for some months now.

We are also having issues today running cmd from start run.

Disabling the HTTP checking on the eset webfilter seems the only way to allow web traffic. Disabling the eset firewall doesn't help.


Other PC's with apparently the same settings, on the same network work fine.


We haven't ever installed Norton on any PC's so this can't be an influencing factor in our case.

No windows updates have been applied since it was working correctly and no settings have been altered on the PC as far as we are aware - just a Nod update.

Does anyone have any ideas as to why this may be happening?

 

I'd suggest that you contact customer care and providing them with a Wireshark log with the http communication on port 80 captured.

 

Not sure the two problems are necessarily connected as I couldn't turn off web protection to get things to kick back in.

However, as a slight update (although we haven't had any joy yet), I have had a couple of chats with ESET support and they recommended running a full scan after booting into Safe Mode. The logic being that there may be some residual bit of malware still resident that is causing problems

It wasn't apparent that anything was removed and it didn't resolve the problem in non-Safe mode, but it did highlight to us that browsing works perfectly in Safe Mode, which in some ways supports the malware theory.

Our next plan is to run some spy and/or malware scans in Safe mode to see if we can solve the problem. I may also try something like ProcessExplorer to see what is different between the Safe/non Safe mode situations.

 

Another useful tool to bear in mind - thanks!

 

Just to draw a line under this post, unfortunately I wasn't able to find any malware or other issues that could be easily resolved.

In the end we bit the bullet and re-installed the O/S from scratch. Not ideal, but didn't actually take too long and now everything is working sweetly again.