I have been a Eset subscriber since 1.0. My current license has about a year to go and, I am fairly computer literate. I am one of the users who has issues with the HTTP proxy for our and inbound traffic. I have read all the threads and regardless of the recommended configurations to solve the problem. 3.0's Http proxy sidestepping my firewall, Jetico. Yes, I know there are ways to block the outbound port, but it isn't worth the hassle with FF. That is the operative word for me; Hassle. So, I have gone back to 2.7. It looks like eset is going the way of other who did one things well until they tried to do many things well. It doesn't work. Not if you want total control of your internet access. Yes the learning curves for firewalls such as Jetico is steep but well worth it. especially if you are doing any business access over a vpn or financial transactions. May I am getting old, and paranoid but I don't see security reasons Eset running outbound HTTP and HTTPS traffic through Nod32. Inbound maybe for a poorly configured router, firewall and browser. But outbound My router, firewall, and hips have that locked down solid. If I am venturing into areas that may pose a threat on the web. I can turn sandboxie on. Regrettably, Eset seems to feel they have a better way, and a well configured firewall and browser are superfluous with Nod32 3.0 watching over the web traffic. What I would like to see is the ability to simply turn the http proxy off and hand control back to the firewall.
I totally agree. Although there is an adjustment you can make in the antivirus it may or may not work. It appears to do something but I don't know for sure. I second your motion for a way to turn HTTP scanning off. That however would negate some of the resident protection. 2.7 might have been better at this although I always g ot the feeling that adding hooks into WinSock was a little scary. Something tells me that ESET developed the Security Suite weren't sure if they would issue a version 3 standalone AV & then when so many customers demanded a standalone pulled the firewall out of the suite & left everything else. Unfortunately now we have the EAV 3 proxy problem. I think that I will use 2.7 for the duration of my license & then reevaluate if I should stick with ESET or move on to a security suite. I currently have both Fsecure suite & Zone Alarm SS installed in snapshots. Both work wonderfully.
Hi Hillsboro, Which version of Jetico do you use? If you want to use NOD_V3 (with web AV) with Jetico 1(for example), then remove the loopback(localhost)127.0.0.1 from the trusted zone within Jetico. You will first need to ensure that "fwsetup.exe" cannot access the network (or the localhost will automatically be added). Once this is done, create a ruleset to allow localhost, then when, say firefox attempts access, simply "handle as" the loopback ruleset. This at first may appear to give less protection, but it does not,.. as this will allow NOD to filter the HTTP, plus allow Jetico to filter the packets. If you would like further info, then I will post my setup for this. Regards,
The Jetico 1 rule(set) I use?,... or the rules I would use for another firewall? If you have a firewall that NOD3 appears to give application bypass, then please name the firewall, then I can check to see if rules can be added.
Hello Stem, I am using 1.0. I tried what you suggested and removed the 127.0.0.0/8 from the configuration file. FF seems to go happily but drops out Nod32 2.7 reading the inbound http traffic... 127.0.0.1 doesn't show up in the inbound application traffic window for FF. I would like to see the setup for this... I am using Paranoids browser setup recommendations in the web browser configuration... limits FF to specific ports and outbound only. Thanks for your offer of help Best regards Barry
For OP 2008, localhost is intercepted by default, so, it is a need of understanding. Example: Nod V3 installed,.. installed OP 2008. Ran FF for first time,.. Given popup for firefox (2 alerts) This does not actually indicate was is actually going on, but this is localhost, if allowed, then OP allows all localhost for that application (to save all the popups), you then have an entry: This will then allow the localhost comms to NOD3(localproxy), so, it is not a bypass, more of a need of understanding on what as been allowed. I am seeing some slight problem, but need to look at this more
NOD 2.7(IMON) is different, as this works on LSP, not interception on localhost. Which version of NOD are we now looking at??
I have 3.0 and removed it because of the problems I outlined above. It would be easy enough to install again, if I could get Nod not to act as a web proxy. I would too, what if any gain there is to be had with 3.0 over 2.7? If you have the setup handy (I looked for it on the 1100+ Jetico post here but couldn't see any setup screens), I would like to give it a try. It is easy for me as I have it ghosted, so I can reinstall the system with 3.0 on it, and if it is a bust, I can go back to where I am now. BTW Does Jetico2.0.x intercept localhost activity? I am waiting for winxpsp3 to do a clean install and some housekeeping, but maybe I should look at it now. I only wish I could use blocklist on it but Peer Guardian does the job well enough. Thanks
Hillsboro, You are confusing me, which do you want. You first put forward the problem with Jetico and NOD3, which I have checked and can be resolved with correct interception of loopback, you then go back to NOD 2.7, then go back to NOD3 with the posibility of disable of web AV, For the later, just exclude the browser in the NOD3 settings, this will then make jetico give you popup/filtering without NOD localhost interception: Which setup do you want?
My original post was quite clear as to what the problems was, what I had done and what I wanted. You made a reply to my post offering a work around. I accepted your offer based on what I had said in my original post (ie I had gone back to 2.7...). I also mentioned I had tried the remedies offered in earlier posts regarding the HTTP issue and it had not worked for me as it had not worked for others. I could not place a red x in the box to exclude the browser. All I could do is put a green tick mark or leave it blank. Other have complained about this too. Some can exclude the browser and some can not. Marcos/Eset have been of no real help or offered an answer as to why some people can do the exclusion and other can't. I think it is safe to say all of us with this problem are not terminally stupid nor do we lack the ability to communicate the problem clearly as I did in my first message here. A failure to understand the problem by some does not mean the problem does not exist.
I think it is safe to say you did not correctly read my first reply, that was intended to help with your problem with NOD 3 HTTP filter. Please re-read my first post on thread(#3), does this mention NOD V2.7 Follow my first post (#3), with NOD V3. Then post back your findings.
Hi, Stem did you get NOD32 v3 correct running with Jetico 2 by only excluding the browser,email client, etc. in the NOD3 settings configuration or did you further rulset configuration in Jetic 2? Does http/pop3 traffic still gets scanned by NOD32 with this configuration?
Hi Tommy, I have not looked at this yet, but will do now. Give me (maybe) 30 minutes to setup and check (currently, this will have to be on VM)
Hi Tommy, To follow up, With removing the localhost from JPF2 trusted, I am seeing the same behaviour as with Jetico 1. I am given the usual alerts for Firefox (as APP example) for its localhost loopback, then given the alert for connection to NOD3 proxy (port 30606). I will now check for exclusions with NOD3~ Looking at default within NOD3, I see that FF has been added, but it is currently with no checkmark. I am allowed (on this setup) to place a red-checkmark:- this then gives rise to popups for FF to connect:- This is actually slow with popup, I am seeing a lot of blocked packets (but not logged due to Jetico2 default installation). Let me look at what is being blocked (possibly internals) Edit (again) The blocked (I see from the red inbound indicator) is from Jetico2 inability to conform to its own rules, these are DHCP broadcasts~replies, so are not related to NOD3 Tommy: I see no problem on my setup.
Seams to work, little problem is with email clients as i have to do inbound and outbound rules for 127.0.0.1 as inbound traffic reaction time is very long and for that SPI does not work correctly. But there is one big Problem. You cant block an IP adress for one web application and allow it for an other. More you can't limit applications to IP Ranges with Jetico with this kind of Eset Proxy. This will efect also ALL other FW's i think. I see for now no efective solution to get control like Jetico in combination NOD32 2.7. That's nothing for a normal user as this kind of configurations are far to complicated for them.
I replied to you in post #8. I said I would like to see the config and thanked you for your help. In post #11 you asked for a clarification on the version I was talking about. In #11 I replied as to the options I wanted to pursue if you wanted to post the config info. In post #12 you attached the screen of FF red x'd out as the answer to my problem. Something I could not do as I alluded to in my thread start post. And as Tommy has confirmed, along with many others. For me now, as with Tommy, it is not worth trying to cobble together a fix to use Nod3.0 because it doesn't offer any advantages over 2.7. Something I wasn't sure of until reading the posts today yesterday. So again, thank you for you time...
Well, I only tried to help with config. I am sorry for trying to help. I agree that a forced proxy is not welcome, this should be an option. I leave with thought of not to post again.
@ Stem please dont be put off posting because of a misunderstanding , there are many who benefit from reading of the complexities of firewalls and appreciate the efforts you have gone to .
@Stem Keep on posting you are agreat help for 99% of FW useres here. Post are realy apriciated from me and most others As for NAV, if there is no possibility there is no, no miracles can be made not even you
I only ment posting to this thread. Let me be candid, I do not care for forced proxy, any proxy should be as option. I have looked at NOD3, in my setups I see possible options to disable the Proxy as I mentioned,.. now if this is not available on certain setups, then that is a problem. I have seen this before with Kaspersky, Now, down to actual: I am certainly no "AV" expert, but I do have a good memory, and remember well the interactions on forums. So let me say:- I remember how at one time, there was issues on what packed files where "unpacked" by an AV, the more the better it was said,.. but then it was also said that a packed(example zipped) file could not cause problems, as when unpacked, the file AV would catch this. So, from that, was there a care of what an AV could unpack? From "HTTP filtering", are we saying that without this, that files in catch can cause problems? Would/will the AV not protect from these files? For me, this is just more "", Should I think that without an HTTP filter I will become compromised, will realtime file protection from AV not protect anymore, or was it not protecting me before? Such as Proxy, IMHO, needs to be an installation option, as with IMON.
You know, you really shouldn't have to be going messing with your own setups that you may have happily been using for a long time just to accomodate the way NOD32 v3 does things now. It's not unreasonable to request ESET provide the option to have the proxy or NOT to have it (so you don't have to do all this to begin with). I bet a lot of people rolled back to 2.7 because of this. I know I did!
Hi Stem!!! Firstly, thanks for coming back - your inputs shared here are appreciated by most of us. I agree that the proxy feature could have been an option built-in the installer for Users to decide at the time of installation whether to go with proxy or not.
