Firewall errors on Windows 8 (x64) RTM

My computer can boot into either Windows 8 Pro (x64) RTM or Windows 7 (x64).

On Windows 8 I get repeated "ARP cache poisoning attack" errors (see attached screen shot) and other errors that I don't see in Windows 7.
192.168.0.19 is my computer and 192.168.0.1 is my ADSL router.

I previously had the same errors from ESS 5.2.9 on Windows 8 before I uninstalled it.

I have pre-release updates enabled for ESS on Windows 8.

 

Hello,

could you please open a ticket with ESET support and please provide them with:

1. Special .pcap log containing packets blocked by ESET firewall created according to this KB article:
http://kb.eset.com/esetkb/index?page=content&id=SOLN742

2. Exported ESET firewall log in .txt file so they could match blocked packets with time of attack detection.


P.R.

 

I tried to create the WriteBlockedToPcap DWORD value in the @MyProfile key as detailed in the article and Regedit would not create the key even though I am running it as Administrator.

Could self-defense be interfering with it?

 

Update: When I disable self-defense I was able to create the Registry key.

 

I have opened a support ticket and submitted the required information as per your instructions.

 

Following the advice from Eset Customer Support I added the address range of my local LAN into the Trusted Zone.

I’ve also added this address range to the addresses excluded from active protection (IDS).

I have also allowed UPNP in the trusted zone.

I still see “ARP cache poisoning attack” firewall error from my computer (192.168.0.22 to my ADSL Router (192.168.0.1).

The only thing that prevents these errors being reported is to disable ARP Poisoning attack detection.
This is not really solving the problem, just hiding it.

If I boot into Windows 7 (x64) I do NOT get these ARP cache poisoning attack errors.
They only occur when I am booted into Windows 8 (x64) RTM.

Therefore there must be some incompatibility between ESS 6.0 RC and Windows 8.
I also got exactly the same problem with ESS 5.2.9 on Windows 8 but not on Windows 7.

 

Please create, compress and supply the following logs to ESET Customer care (or upload the archive to a safe location and PM me the download link):
- pcap log created as per these instructions
- Wireshark pcap log
- firewall log

The logs must be from the same time, ie. start logging, reproduce the problem, stop logging, disable logging in the registry.

 

I sent the pcap log and exported firewall log to Eset via the Contact Customer Care Web page on September 3.


The case number is #922683.