Firewall errors on Windows 8 (x64) RTM

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by EnGenie, Sep 2, 2012.

Thread Status:
Not open for further replies.
  1. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    My computer can boot into either Windows 8 Pro (x64) RTM or Windows 7 (x64).

    On Windows 8 I get repeated "ARP cache poisoning attack" errors (see attached screen shot) and other errors that I don't see in Windows 7.
    192.168.0.19 is my computer and 192.168.0.1 is my ADSL router.

    I previously had the same errors from ESS 5.2.9 on Windows 8 before I uninstalled it.

    I have pre-release updates enabled for ESS on Windows 8.
     

    Attached Files:

  2. P_R_

    P_R_ Eset Staff Account

    Joined:
    Jul 25, 2012
    Posts:
    62
    Location:
    Slovakia
    Hello,

    could you please open a ticket with ESET support and please provide them with:

    1. Special .pcap log containing packets blocked by ESET firewall created according to this KB article:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN742

    2. Exported ESET firewall log in .txt file so they could match blocked packets with time of attack detection.


    P.R.
     
  3. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    I tried to create the WriteBlockedToPcap DWORD value in the @MyProfile key as detailed in the article and Regedit would not create the key even though I am running it as Administrator.

    Could self-defense be interfering with it?
     

    Attached Files:

  4. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    Update: When I disable self-defense I was able to create the Registry key.
     
  5. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    I have opened a support ticket and submitted the required information as per your instructions.
     
  6. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    Following the advice from Eset Customer Support I added the address range of my local LAN into the Trusted Zone.

    I’ve also added this address range to the addresses excluded from active protection (IDS).

    I have also allowed UPNP in the trusted zone.

    I still see “ARP cache poisoning attack” firewall error from my computer (192.168.0.22 to my ADSL Router (192.168.0.1).

    The only thing that prevents these errors being reported is to disable ARP Poisoning attack detection.
    This is not really solving the problem, just hiding it.

    If I boot into Windows 7 (x64) I do NOT get these ARP cache poisoning attack errors.
    They only occur when I am booted into Windows 8 (x64) RTM.

    Therefore there must be some incompatibility between ESS 6.0 RC and Windows 8.
    I also got exactly the same problem with ESS 5.2.9 on Windows 8 but not on Windows 7.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please create, compress and supply the following logs to ESET Customer care (or upload the archive to a safe location and PM me the download link):
    - pcap log created as per these instructions
    - Wireshark pcap log
    - firewall log

    The logs must be from the same time, ie. start logging, reproduce the problem, stop logging, disable logging in the registry.
     
  8. EnGenie

    EnGenie Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    182
    Location:
    Hampshire, England
    I sent the pcap log and exported firewall log to Eset via the Contact Customer Care Web page on September 3.


    The case number is #922683.
     
Thread Status:
Not open for further replies.