Firewall Log scrolling problem

Discussion in 'ESET Smart Security v3 Beta Forum' started by Chappy, Jun 29, 2007.

Thread Status:
Not open for further replies.
  1. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    I noticed this once before but thought it may be an issue with my graphics, which I was having a small problem with at the time.
    Now it's back and it's definately an ESS issue, not major but a problem none the less. If anyone else can reproduce this, please post.

    In the Firewall logs, click on the top bar of the log itself to have the list close up, and then click it again to have the log reopen, and see if your's also looks like this..


    EsetLog.jpg

    Notice the large empty areas and the overlapping entries. If you highlight one and then arrow down (or up) thru the list, it will bring everything back to a normal view, like this..


    EsetLog1.jpg


    Can anyone else reproduce this?
    Thx

    Dave
     
    Last edited: Jun 29, 2007
  2. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    Ok, for some reason, I cannot get my attachments to work properly. They are well under the size limit and .jpg format, so I don't know what's happening but it links to an error and "Contact Admin" window.
    My attachments are turned on, so I'll get back to this as soon as I find out what's going on.

    Sorry for the delay, Thx.
    Dave

    EDIT - FIXED
     
  3. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    I can't reproduce this behavior, sorry.

    But there is another problem with FW logging introduced by v. 1b:
    Although I have unchecked the log option for some rules, their activity now appears in the log file. With v. 1a this worked OK.
    (Hmm, I'd beter make a new topic for this...)
     
  4. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    Hi Alf

    It may be machine specific behavior on mine, that's why I'm trying to see if others can reproduce this also, to see if it's my machine or an ESS thing...thx for trying.

    Which rules are you seeing this with?
    I'll try it also and see if I can see the same on mine, I suppose I should look for your post eh.

    If others could try to reproduce my GUI graphics problem I'd appreciate it! I want to either eliminate it as being ESS problem or not. I do not have other graphics issues similar to this on anything else BTW.

    Dave
     
  5. Najmi

    Najmi Registered Member

    Joined:
    Mar 24, 2007
    Posts:
    36
    i have reproduced this error and i confir that it hapens
     
  6. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    Thx Najmi!!
    Appreciate your help and fast response! I have also found that sometimes the log will not expand all the way once it's been collapsed. It seems to stop about half way down and offers a vertical scroll bar instead of fully expanding to the window size again. This is with the Log window Maximized, so it has lot's of room to fully expand, it just won't sometimes.

    Dave
     
  7. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    I can confirm this.
     
  8. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    The log entries are caused by the program FlashGet. It's a download manager from Chinese origin. Since the last couple of updates, the program is calling home and tries to reach some other servers on ports: 8899, 8911 and 28221 TCP and local port 28744 UDP. Maybe this has to do with new features to act as a BitTorrent client and support to eMule, although I switched that off in the program options.
    I've written some rules to block this traffic, without setting the log options. But then the traffic is still shown in the ESS firewall logs. The strange thing is that the remote address in the log is '0.0.0.0', but my internal IP-address is 10.10.10.12.

    Here are some log entries:
    Code:
    1-7-2007 12:52:14	Communication denied by rule	0.0.0.0:28744	80.239.200.103:3004	UDP	Deny UDP Out (28744)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:13	Communication denied by rule	0.0.0.0:28744	80.239.200.107:3004	UDP	Deny UDP Out (28744)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:12	Communication denied by rule	0.0.0.0:3089	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:11	Communication denied by rule	0.0.0.0:3087	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:09	Communication denied by rule	0.0.0.0:28744	62.241.53.2:4246	UDP	Deny UDP Out (28744)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:08	Communication denied by rule	0.0.0.0:28744	80.239.200.99:3004	UDP	Deny UDP Out (28744)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:07	Communication denied by rule	0.0.0.0:3085	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:05	Communication denied by rule	0.0.0.0:3082	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:52:01	Communication denied by rule	0.0.0.0:3064	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:59	Communication denied by rule	0.0.0.0:3060	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:55	Communication denied by rule	0.0.0.0:3055	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:53	Communication denied by rule	0.0.0.0:3052	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:50	Communication denied by rule	0.0.0.0:3047	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:48	Communication denied by rule	0.0.0.0:3044	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:44	Communication denied by rule	0.0.0.0:3040	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:42	Communication denied by rule	0.0.0.0:3037	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:38	Communication denied by rule	0.0.0.0:3033	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:36	Communication denied by rule	0.0.0.0:3025	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:32	Communication denied by rule	0.0.0.0:3021	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:30	Communication denied by rule	0.0.0.0:3010	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:26	Communication denied by rule	0.0.0.0:3006	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:24	Communication denied by rule	0.0.0.0:2996	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:20	Communication denied by rule	0.0.0.0:2983	72.51.37.237:8899	TCP	Deny TCP Out (8899)	c:\progra~1\flashget\flashget.exe	
    1-7-2007 12:51:19	Communication denied by rule	0.0.0.0:2980	219.239.90.172:28221	TCP	Deny TCP Out (28221)	c:\progra~1\flashget\flashget.exe	
    Can I conclude that although the logging option is switched off for this rules, they appears in the firewall log because of the IP-address 0.0.0.0 ?
    Is this a bug or is there something else going on?
     
  9. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    Thx for the confirmations Najmi and Alf, it's helped immensely.

    As for those log entries Alf, I dunno why it would show 0.0.0.0 IP's...I'll see what I can do on my copy as a similar test.
    It's pretty constant for you isn't it, I mean it's every couple seconds that it's logging that attempt. Is it like that all the time you have FlashGet running?
     
  10. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    Yes, it is. FlashGet is running in the background always to pick up and manage downloads.
     
Thread Status:
Not open for further replies.