is NOD fit for IPv6?

Discussion in 'ESET NOD32 Antivirus' started by vtol, Sep 5, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    wondering - why? because got an application which connects through IPv6, however it does not show in the list of application to be opted for exclusion from protocol filtering. hence the question is the NOD protection limited to IPv4 only?
     
  2. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I see that if I add an application in either the web browsers section or in the POP3, POP3S section, that same application will automatically appear in the Protocol Filtering list, where it could be excluded if desired. If an application is added to the other two sections, it's also automatically checked, but it could then be unchecked there, and would still be in the Protocol Filtering list.

    So, I guess you could manually add your IPv6 application, but that doesn't answer the question of whether protocol filtering works with IPv6.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    There's no difference between applications utilizing IPv6 and IPv4. I'd suggest creating a Wireshark log with all communication captured and providing it to ESET along with the name of the application for perusal.
     
  4. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    good to know.

    the application is ftpzilla and I wish to exclude it from NOD's protocol filtering due TLS root certificate incompatibility with NOD when running ftpzilla update check. just the application does not show in the protocol filtering list.

    06-09-2010 18-10-54.png
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    This is the same problem with certificates Mozilla trusts that we discussed in the past. Apparently the problem occurs with any other AV for the very same reason, just tried it with KAV Pure.
     
  6. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    Aware of that and did not want to open the subject of certificates again, just want to exclude it from protocol filtering.

    there is this list in NOD, showing any application which ever connected to the inet and by check mark can be excluded. just ftpzilla does not show in that list, as if nod does not recognise it as an application connecting to the inet. hence my question whether NOD would not detect applications connecting via IPv6?

    Hope that makes the subject more clear
     
  7. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    This raises a question for me: Is FTP (File Transfer Protocol) considered to be subject to protocol filtering? An FTP client isn't really a web browser or an e-mail client. It does support a protocol, but are all protocols subject to protocol filtering? This does not seem to be explained in the help or documentation. Add to this, does NOD32 use protocol filtering on FTP servers, for those who run them? Now, I do understand that in general there can be filtering for any port, and especially in routers, but I am wondering about what this means within NOD32's context.
     
    Last edited: Sep 7, 2010
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    It turned out that the application doesn't appear in the list because no active communication was made due to the ESET root certificate refused by the application. We're planning to add an option that will allow you to add custom applications to the list in the near future.
     
    Last edited: Sep 7, 2010
  9. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    thanks for investigating and shedding some light into it. appreciate the development of such option
     
  10. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Thanks from me, too. That's good information. I was curious because I was able to manually add two non-internet applications (Process Explorer and Process Monitor) to the protocol filtering list by manually including them as web browsers in the list found in the setup under web access protection. There doesn't seem to be a way to easily delete anything that is added that way, but the fact that any program added there is automatically included in the protocol filtering list is logical but raised the question in my mind. FTP clients are not included automatically, which was the other question that came to my mind, though file downloading is covered separately.
     
Thread Status:
Not open for further replies.