Firewall blocking random stuff inc/ IPv6

Discussion in 'ESET Smart Security' started by funkydude, Jun 5, 2009.

Thread Status:
Not open for further replies.
  1. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I recently found that there's a hardcoded rule for allowing all ICMPv6 communication which obviously isn't working at all.
    I get a whole lot of "no usable rule found" spam when running uTorrent 1.9 from ICMPv6, originating from system.

    Just wanted to add some IPv6 info:
    PID=4, that's system, not sure why it doesn't just say system
    The pings appear to happen on vista bootup/login.

    epflog.jpg

    In particular

    • Random blocked web data?
    • Other PC sending data to itself that I can see?
    • ..then sending it to a non existing IP?
    • ..then finally to the router, why can I see it?
    • System sending IGMP?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    bump.

    Bump.
     
    Last edited by a moderator: Jun 26, 2009
  3. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    Same as I but ESSET Support says turn off logging :)
    I dont have time I spend solving problems with v4 maybe 2 months.
    Now I am on v4 but I am waiting for good build or end of licence.
     
  4. a3_alin

    a3_alin Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    59
    Location:
    Romania
    I have the same problem... I disable IPv6...
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Personally I just keep bumping this until they fix it, it's worked in the past so. I know they're busy but they get around to it eventually.
     
  6. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    Yes that is true. But do you think that is good idea for future?

    When IPv6 comes than I think will be more other problems :) why ESET Developers should'nt fix this now?

    BUMping is not good way but for other side releasing ESET SS v4 was not good idea. For me it is not full product its still very buggy.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
  8. a3_alin

    a3_alin Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    59
    Location:
    Romania
    :) buggy...
     
  9. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello funkydude,

    There is a new firewall module avaliable now. You should have received it automatically with an update. Does the problem still persist after this update?
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A bi-directional rule for icmpv6 (port 5:cool: should help. The rule will be made default in the module build 1048.
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851

    I can tell you now:
    IPv6: Not fixed, fixed in 1048 according to Marcos
    Random blocked TCP packets: Not fixed, may be firewall performing properly? I'd rather have an ESET reply.
    Data sent to non-existant IPs/Data being sent from other IP's I can see: Still investigating with new module, will report back.
    Random IGMP: Still investigating with new module, will report back.
     
  12. falke69

    falke69 Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    45
    Same problems here. Somtetimes thunderbird didn't work, sometimes internet explorer didn't work. Vista with SP2 hang or so slow reaction to commands,.... Installation was no problem but my pc couldn't be used.
    No internet connection at all. No online update of ESS possible because no internet connection available. Problems with ESS 4.0.437 and 4.0.424 with Vista SP2. With XP and SP3 I hadn't problems.

    Now it's enough !!!

    After many spent time I removed ESS and installed NOD32 with comodo firewall. My pc is now running fast and I can use internet again.

    I am not satisfied with the new version 4.:(

    Still very buggy version like a beta version and not stable or really useful.

    ESET please do your homework.
     
    Last edited: Jun 22, 2009
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Bump.

    None of these issues are fixed in 1049. Infact I'm having another issue where ESS is blocking a TON of legitimate data from the World of Warcraft patching system, this system uses torrenting traffic, and a lot is simply being blocked for what I see as no apparent reason.

    Usually:
    Time Packet blocked by active defense (IDS) 192.168.XX.XX:RANDOM_PORT XX.XX.XX.XX:3724 TCP
    or
    Time Packet blocked by active defense (IDS) XX.XX.XX.XX:3724 192.168.XX.XX:RANDOM_PORT TCP

    Your firewall is becoming a joke to me ESET.
     
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Time Detected ICMP Flooding attack XX.XX.XX.XX 192.168.XX.XX ICMP

    Fun fact, my router is set to block incoming ICMP from externals addresses, wonder how ESET thinks I'm being attacked, eh?
     
  15. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Please enable logging mode to capture the blocked packets and forward them to support@eset.sk along with a link to this message for further analysis.

    Regards,

    Aryeh Goretsky


     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    "Logging mode"? An explanation would be nice. If you mean log blocked connections, it's already enabled, and that doesn't capture packets.
     
  17. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Even more fun in ESET land where I need to guess KB articles, those instructions are broken:

    1. The directory is actually: HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000200\Profiles\@My profile
    2. The Vista directory is: C:\ProgramData\ESET\ESET Smart Security\ which isn't even listed

    That being said, I've started creating a log. I highly doubt I can replicate the ICMP issue, but I can replicate the torrenting and IPv6 issue.
     
  19. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    Thank you for letting us know. I'll forward that information to the tech writers.

    BFG
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I've sent the file

    I really hope this helps.
     
  21. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    This gets funner by the day. I just got a brilliant reply from customer support: "Your email request does not contain a valid ticket number". Are you serious? I only just sent the email why would I have a ticket number....
     
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Maybe someone could explain to me what I'm supposed to do now?
     
  23. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    In my opinion,IGMP is normal.because,as far as I know,when each computer starts,it will send a data which is IGMP to a same target.But I don't know why.
    And that TCP packet may be a packet with some special flags set like SYN.
     
  24. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello funkydude,

    How did you try to contact support, the way they recommend via the GUI of the program? As the last way sounds like it didn't create a case you might try that.

    BFG
     
  25. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Sounds like a good explanation, but in this case, a better log entry should be created, it currently has the misleading message of "No usable rule found" as an excuse for blocking.

    That being said, I have notice it pop-up frequently whilst running uTorrent.
     
Thread Status:
Not open for further replies.