Having problems with the latest firewall module 1047?

Discussion in 'ESET Smart Security' started by Marcos, Jun 23, 2009.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    a problem has been found in the latest version of the firewall module 1047 in certain system configurations in spite of intensive pre-release testing when the module had been distributed to several dozens thousands users with test mode enabled and subsequent staggered update to other users.

    Known symptoms are the loss of Internet connectivity or inability to obtain an IP address from the DHCP server.

    If you're experiencing these problems after the recent update of the firewall module, please provide us the following information:

    1, version of ESS (e.g. ESS 32-bit, 4.0.437)
    2, version and platform of the operating system, including installed service packs (e.g. Vista 32-bit, SP1)

    Get a list of blocked connections by enabling the "Log all blocked connections" option in Setup -> Personal firewall -> IDS and advanced options. With this option enabled, reproduce the problem and disable logging.

    If you see "No usable rule found" for port 53, create a bi-directional rule for all applications with remote port 53 allowed. If you're having this problem, check if you have the "DNS Poisoning attack detection" enabled in the IDS section (should be enabled) and let us know if it's actually enabled if you're having problems with Internet connectivity.

    If the computer cannot obtain an IP address, you should see the communication between x.x.x.x:67 and 0.0.0.0:68 blocked in the firewall log. Creating a rule for inbound communication with local port 68 and remote port 67 should work.

    Enclosed find an xml file with predefined rules that should work as an interim solution. If you have the firewall set to automatic mode, switch it to automatic mode with exceptions so that the rules are actually applied.
     

    Attached Files:

    Last edited: Jun 23, 2009
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Not had any issues, but it's nice to see you guys on top of this so fast, :thumb:
     
  3. dirkivs3

    dirkivs3 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    6
    ok , huge problem here ,
    every computer with windows vista that has ESETSS on it ,
    is not getting an ip adress,
    if i turn off ESET firewall and internet protection it all works fine ,
    i can update ESET if i turn off the security so i hope they find a fix for it soon,
    i work at a computer store and now have like 15 computers here that i cant repair, (all with ESET an windows vista)
    kind of an urgent update needed over here...
    help plz!
     
  4. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12
    Add me to the list of those affected by the 1047 release. Two laptops running Vista.


    First noticed the problem on a machine running ESET 32bit SS 4 / Vista SP1 (not currently in front of this machine for the specific build). Would not connect to home wireless nw.

    The other laptop is the following and will not connect to either Wi-Fi or Mobile Broadband (ATT):

    Vista 32bit Home SP1
    ESET SS 3.0.657.0

    I tried to upload the temprule you posted to no avail. ESET 3 does not seem to have a Automatic mode with exceptions. Any support would be appreciated.

    Mike
     
  5. dirkivs3

    dirkivs3 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    6
    new update! i think it is fixed now, turn of firewall and internet protection then do the update and then turn it on again, it should be fixd, small mistake probally by ESET programmers, but they fixd it really fast
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    and it does work, before the rule was applied the only way i could reconnect was to disable the FW, connect and then reenable it. Any other mode, other than with automatic in their name, caused a block.
     
  7. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12

    I am not sure you are correct. I tried that procedure and nothing updated. The only way I can connect is to disable the firewall.
     
  8. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12

    I wonder if this fix is only applicable the v4. I have not been able to get it to work on v3 although I will be the first to admit that I don't entirely understand how to apply the temprule.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    is there an option to import/export settings somewhere in the menu bar, under setup in 4.x ?
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    There is a new firewall module available if you have the test mode enabled.
     
  11. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12
    correct, however this laptop is on v3 of ESET. V3 also has a import/export, but this rule does not seem to take effect under this version.
     
  12. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12
    Silly question, how do I enable test mode?
     
  13. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Good job.Thank you.
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Click the tray icon, press f5 for advanced mode, and set it as in the screen shot.
     

    Attached Files:

  15. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12
    I guess this is not an option for version 3?

    EDIT: PS thank you for the answering of NOOB questions... I should have been clear that I was on V3 and had already gone to the advanced settings of the udate tab.
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Not an option for Version3 as far as I know.
     
  17. mbonus

    mbonus Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    12
    oh well, fiddlesticks
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A KB article with instructions has been created for both v3 and v4 users. It's available here.
     
  19. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Good move to introduce an ask rule, among few others, for unknown traffic in the Personal firewall module: 1048 (20090623) - test mode for now
     
  20. Jarth

    Jarth Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    3
    I had the problem as mentioned, where you couldent obtain the propper IP.
    Thx for the fix mentioned above. (Though, when i import, i also adds: Remote port DNS(53) ).

    That aside, i got a worse problem, i cannot get the "interactive mode" to work. In the sence, that the firewall blocks applications, but dont ask to add rules.
    (I cleared the list a while back, so all empty now, except for the standard-rules).
    When useing the "automatic mode" however, the applications are still blocked, so i cant realy use the firewall till thats all fixed.
    Thx in advance.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Do you try the learning mode?
     
  22. dirkivs3

    dirkivs3 Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    6
    in you reinstall it , all works fine again ,
    but how long is the question :p
     
  23. stratoc

    stratoc Guest

  24. stratoc

    stratoc Guest

    and you change server back to automatically choose after update to 1048 im guessing?
     
  25. HealingStargate

    HealingStargate Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    160
    Location:
    USA
    OK Marcos and thank you.

    I have SS3 and followed the instructions. I had to reboot and then did the update with firewall disabled and it did give me 1048.

    Do you suggest to place the update BACK to 'choose automatically' or leave it on the new server?

    Thank you.

    KOR-
     
Thread Status:
Not open for further replies.