Firewall fails to block Acrobat X from going online

Discussion in 'ESET Smart Security' started by Emeth, Feb 11, 2011.

Thread Status:
Not open for further replies.
  1. Emeth

    Emeth Registered Member

    Joined:
    Feb 11, 2011
    Posts:
    4
    Hi.

    I have reported this issue but received no solution so far. I cannot understand how customer support shows no interest in sorting out flaws in their products. I suppose they expect me to settle with the fact that whatever their assumption maybe I should accept that ESET firewall protection is flawed and continue paying them yearly subscription fee for the product that fails to block an unauthorised Internet access for Adobe Acrobat X. Maybe someone in this forum can explain why this is so.

    As I've explain to support already the firewall does not detect Acrobat's access. In interactive mode I should see a pop-up authorisation window appear. But here is nothing. It bypasses it completely. I've created rules manually for every component that goes online. All but Acrobat X trigger the permission pop-up window. How would you feel watching it downloading updates while in Rules and Zones it is blocked on every port, in both directions.

    Internet Security 4.2.71.2, OS Windows 7 Pro (latest updates installed)
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In order for us to tell why Adobe is allowed to connect to the Internet, we'd need to get your ESS configuration exported to an xml file, ideally along with a Wireshark log with the communication during an update captured.
     
  3. Emeth

    Emeth Registered Member

    Joined:
    Feb 11, 2011
    Posts:
    4
    Problem solved. I used network connections window to identify through which connection Acrobat X accesses the net. It was svhost. Blocked it and the thingy can go there no more. Thanks to me for helping myself
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    That might not be a smart move actually. You've just denied internet access for all your computers services.
     
  5. Emeth

    Emeth Registered Member

    Joined:
    Feb 11, 2011
    Posts:
    4
    Actually no. My mistake before was to allow blanket access to everything that uses svchost to go online. Now when I've deleted that rule. Firewall presents me svchost as the thing going on line but the address is Adobe's. I don't know but for some reason I can still get online via Firefox. What I don't like is the idea that Acrobat can pose as Windows system service in sneak out that way. That's just sucks. While other companies doing it properly these guys think themselves too clever for the game. I almost dropped ESET over this. Sad they would not even bother to help.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    A lot of Windows services use svchost to connect to the internet, incl. windows update. Firefox connects through it's own process so it's not affected by your block rule.

    ESET responded within 30 minutes to your problem and asked for your ESS configuration file and ideally a Wireshark log, but you never responded to that o_O
     
  7. Emeth

    Emeth Registered Member

    Joined:
    Feb 11, 2011
    Posts:
    4
    I actually did respond by PM with config file. The Wireshark log I'm not sure how.
     
Thread Status:
Not open for further replies.