Local only connection in Vista SP2

Hi,

I have the following system setup:

Vista Ultimate SP2 (newly installed OS was previously XP SP3)
2GB RAM
ESS 4.0.437.0 (Home User)

Module Info
Virus signature database: 4132 (20090604)
Update module: 1028 (20090302)
Antivirus and antispyware scanner module: 1219 (20090604)
Advanced heuristics module: 1092 (20090309)
Archive support module: 1095 (20090525)
Cleaner module: 1041 (20090603)
Anti-Stealth support module: 1012 (20090526)
Personal firewall module: 1040 (20080924)
Antispam module: 1011 (20090114)
SysInspector module: 1212 (20090414)
Self-defense support module : 1005 (20081105)

The problem I appear to be having is that when the Personal Firewall is enabled in any mode the PC can connect to the wireless network but cannot access the Internet.

When the firewall is disabled however all is fine.

I have tried disabling "Anti-Stealth" and "Self-defense" as I know this was causing issues. These have now been enabled again and the updates downloaded.

Everything worked fine under XP with SP3.

Is there any further investigations I can do or any help that anyone can give?

 

https://www.wilderssecurity.com/showpost.php?p=1480406&postcount=17

Notice the fact you have FW module 1040 not 1046.

 

Thanks elapsed.

After turning test mode off I could no longer update to revert back to previous modules. I uninstalled ESS and reinstalled it, allowed it to update but still had issues.

I reset the firewall to default settings and all started to work. I then recreated all of the rules. Which also worked correctly.

Now after several reboots I am seeing the same problem again.

Think I'll leave the firewall disabled for now and then keep the Windows one turned on. Unless anyone has any further suggestions.

 

I would recommend installing Revo Uninstaller, using it in advanced mode to completely remove ESS, reboot, install the latest .437, reboot update, reboot.

 

I also got this behavoiur after sleep or restart after deselecting test mode. A reinstall of ESET seems to have fixed it.

 

Please enable logging blocked connections in the IDS section of the firewall setup and reproduce the Internet connectivity problem. Let us know what kind of blocked connection attempts you see in the firewall log then. Just out of curiosity, does enabling test mode and switching the firewall to learning mode make a difference?

 

Thanks Marcos.

I have previously logged blocked connections but nothing was being displayed.

It is an intermittent problem mind you as the next reboot it started working and then several reboots after it failed again.

However, I have now allowed LLMNR (which I don't think should make a difference as it is for local name resolution) but all seems stable now.

I don't have access to the laptop that ESS is installed on until later tonight so I'll reboot again and see what happens.

 

I can now confirm that nothing is being logged.
The issue has occurred again as well. After a restart it was fine. I was then connected for about 20 minutes and then poof! no more connection although Vista reports there is one. I'll reboot again and see what happens.

I may try creating a rule to allow all traffic. Keep the firewall in policy-based mode and turn the Windows Firewall on.

I am a little reluctant to enable Test Mode as last time I was unable to go back to normal mode and get updates.

 

I have some further testing to do but it appears that when I deny for the first time (in interactive mode) the Internet connection becomes blocked. I'll carry on testing tonight. I have screenshots of what is being blocked as well.

 

What about automatic mode? You didn't mention if you had tried it. Does it work fine or it doesn't make any difference?

 

I'll also try that tonight when I get in.

 

I also had this problem.

Having a look at CMD / ipconfig it seems that Vista is allocating a 169.xx.xx.x IP address that is incorrect.

The only way to rectify this problem without altering ESET was to force the TCP/IP settings on the notebook and the DCHP / wireless router config to allocate my laptop a fixed 192.xx.xx.x address.

It's annoying as changing the TCP/IP settings result in ESET not working again.

 

Sod's Law as they say. I've got home and all is working fine even after deny some of the communication that was being requested. I'll carry on testing when it occurs again.

 

Right been working fine now for a while and all of a sudden I can't get a connection. I've tried switching the firewall to all different options and none work. I currently have the firewall turned off and the Windows one on.

If I restart I think the problem will disappear as before. Should I switch to test mode? Should I put it in Learning mode and restart?

 

I switched into test mode and the firewall module went to version 1047. I restarted to safe mode and cleared the firewall config. Then I restarted again. The firewall module now appears to be version 1040 and I have imported my current config and all seems stable at the moment. I'll try again tonight and see how I get on.

I am also no longer in test mode and things seem to be working well.

 

Using Personal Firewall module 1040 I could not get a DHCP address. So, I have enabled test mode and cleared the update cache. Versions are now as below:

Modules
Virus signature database: 4145 (20090610)
Update module: 1028 (20090302)
Antivirus and antispyware scanner module: 1221 (20090609)
Advanced heuristics module: 1092 (20090309)
Archive support module: 1095 (20090525)
Cleaner module: 1041 (20090603)
Anti-Stealth support module: 1012 (20090526)
Personal firewall module: 1047 (20090525)
Antispam module: 1011 (20090114)
SysInspector module: 1212 (20090414)
Self-defense support module : 1006 (20090513)

Test mode is still enabled.

I have ensured that the firewall is in policy mode and that my filters and zones are imported.

After a reboot I can now get a DHCP address and a connection to the Internet that appears stable.

I have now also disabled the SSDP service, IPv6 and set the IGMPLevel to 0. I have also disabled LLMNR using group policy. I have installed all Microsoft updates and set blocked connections to be logged.

After about an hour I am still working in a stable manner and no blocked connections are being logged.

I'll keep an eye on it and let you know how I get on.