Local only connection in Vista SP2

Discussion in 'ESET Smart Security' started by cojms1, Jun 5, 2009.

Thread Status:
Not open for further replies.
  1. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Hi,

    I have the following system setup:

    Vista Ultimate SP2 (newly installed OS was previously XP SP3)
    2GB RAM
    ESS 4.0.437.0 (Home User)

    Module Info
    Virus signature database: 4132 (20090604)
    Update module: 1028 (20090302)
    Antivirus and antispyware scanner module: 1219 (20090604)
    Advanced heuristics module: 1092 (20090309)
    Archive support module: 1095 (20090525)
    Cleaner module: 1041 (20090603)
    Anti-Stealth support module: 1012 (20090526)
    Personal firewall module: 1040 (20080924)
    Antispam module: 1011 (20090114)
    SysInspector module: 1212 (20090414)
    Self-defense support module : 1005 (20081105)

    The problem I appear to be having is that when the Personal Firewall is enabled in any mode the PC can connect to the wireless network but cannot access the Internet.

    When the firewall is disabled however all is fine.

    I have tried disabling "Anti-Stealth" and "Self-defense" as I know this was causing issues. These have now been enabled again and the updates downloaded.

    Everything worked fine under XP with SP3.

    Is there any further investigations I can do or any help that anyone can give?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
  3. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Thanks funkydude.

    After turning test mode off I could no longer update to revert back to previous modules. I uninstalled ESS and reinstalled it, allowed it to update but still had issues.

    I reset the firewall to default settings and all started to work. I then recreated all of the rules. Which also worked correctly.

    Now after several reboots I am seeing the same problem again.

    Think I'll leave the firewall disabled for now and then keep the Windows one turned on. Unless anyone has any further suggestions.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I would recommend installing Revo Uninstaller, using it in advanced mode to completely remove ESS, reboot, install the latest .437, reboot update, reboot.
     
  5. elyoh

    elyoh Registered Member

    Joined:
    May 26, 2009
    Posts:
    20
    I also got this behavoiur after sleep or restart after deselecting test mode. A reinstall of ESET seems to have fixed it.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please enable logging blocked connections in the IDS section of the firewall setup and reproduce the Internet connectivity problem. Let us know what kind of blocked connection attempts you see in the firewall log then. Just out of curiosity, does enabling test mode and switching the firewall to learning mode make a difference?
     
  7. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Thanks Marcos.

    I have previously logged blocked connections but nothing was being displayed.

    It is an intermittent problem mind you as the next reboot it started working and then several reboots after it failed again.

    However, I have now allowed LLMNR (which I don't think should make a difference as it is for local name resolution) but all seems stable now.

    I don't have access to the laptop that ESS is installed on until later tonight so I'll reboot again and see what happens.
     
  8. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    I can now confirm that nothing is being logged.
    The issue has occurred again as well. After a restart it was fine. I was then connected for about 20 minutes and then poof! no more connection although Vista reports there is one. I'll reboot again and see what happens.

    I may try creating a rule to allow all traffic. Keep the firewall in policy-based mode and turn the Windows Firewall on.

    I am a little reluctant to enable Test Mode as last time I was unable to go back to normal mode and get updates.
     
  9. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    I have some further testing to do but it appears that when I deny for the first time (in interactive mode) the Internet connection becomes blocked. I'll carry on testing tonight. I have screenshots of what is being blocked as well.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What about automatic mode? You didn't mention if you had tried it. Does it work fine or it doesn't make any difference?
     
  11. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    I'll also try that tonight when I get in.
     
  12. tanalasta

    tanalasta Registered Member

    Joined:
    Jun 9, 2009
    Posts:
    1
    I also had this problem.

    Having a look at CMD / ipconfig it seems that Vista is allocating a 169.xx.xx.x IP address that is incorrect.

    The only way to rectify this problem without altering ESET was to force the TCP/IP settings on the notebook and the DCHP / wireless router config to allocate my laptop a fixed 192.xx.xx.x address.

    It's annoying as changing the TCP/IP settings result in ESET not working again.
     
  13. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Sod's Law as they say. I've got home and all is working fine even after deny some of the communication that was being requested. I'll carry on testing when it occurs again.
     
  14. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Right been working fine now for a while and all of a sudden I can't get a connection. I've tried switching the firewall to all different options and none work. I currently have the firewall turned off and the Windows one on.

    If I restart I think the problem will disappear as before. Should I switch to test mode? Should I put it in Learning mode and restart?
     
  15. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    I switched into test mode and the firewall module went to version 1047. I restarted to safe mode and cleared the firewall config. Then I restarted again. The firewall module now appears to be version 1040 and I have imported my current config and all seems stable at the moment. I'll try again tonight and see how I get on.

    I am also no longer in test mode and things seem to be working well.
     
  16. cojms1

    cojms1 Registered Member

    Joined:
    Jun 5, 2009
    Posts:
    12
    Using Personal Firewall module 1040 I could not get a DHCP address. So, I have enabled test mode and cleared the update cache. Versions are now as below:

    Modules
    Virus signature database: 4145 (20090610)
    Update module: 1028 (20090302)
    Antivirus and antispyware scanner module: 1221 (20090609)
    Advanced heuristics module: 1092 (20090309)
    Archive support module: 1095 (20090525)
    Cleaner module: 1041 (20090603)
    Anti-Stealth support module: 1012 (20090526)
    Personal firewall module: 1047 (20090525)
    Antispam module: 1011 (20090114)
    SysInspector module: 1212 (20090414)
    Self-defense support module : 1006 (20090513)

    Test mode is still enabled.

    I have ensured that the firewall is in policy mode and that my filters and zones are imported.

    After a reboot I can now get a DHCP address and a connection to the Internet that appears stable.

    I have now also disabled the SSDP service, IPv6 and set the IGMPLevel to 0. I have also disabled LLMNR using group policy. I have installed all Microsoft updates and set blocked connections to be logged.

    After about an hour I am still working in a stable manner and no blocked connections are being logged.

    I'll keep an eye on it and let you know how I get on.
     
Thread Status:
Not open for further replies.