Lost access to home network after installing ESET Smart Security

Discussion in 'ESET Smart Security' started by magdalena46, Apr 7, 2010.

Thread Status:
Not open for further replies.
  1. magdalena46

    magdalena46 Registered Member

    Joined:
    Apr 7, 2010
    Posts:
    1
    Please help. I installed ESET Smart Security and immediately lost access to my home network. I upgraded from ESET anti virus. Please advise. Thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume you're using the firewall in automatic mode so perhaps you could try switching it to learning mode to see if it helps.

    If disabling the firewall helps, enable logging of all blocked connections in the IDS setup, reproduce the problem and check the firewall log for details about the rule that blocked the communication. Subsequently you can adjust or disable that rule.
     
  3. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Hmmm i'm getting the same problems. All was well with the prior version (4.0.474) but ever since installing 4.2.35 my home network is blocked between computers. Disabling the firewall fixes the problem temporarily. The logs are absolutely full of network related blockages:
    Code:
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    Communication denied by rule	192.168.x.x:137	192.168.x.x:137	UDP	Block NETBIOS Name Service requests		
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP			
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP			
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP			
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP			
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP			
    No application listening on the port	192.168.x.x:1900	239.255.255.250:1900	UDP
    I've tried running in Learning Mode and that doesn't sort things out. I've also created a couple of test rules set to ask for access between the various IP addresses but no prompts appear but the blocked log entries continue. It's very frustrating to say the least.

    I can't understand why ESET haven't seemed to have learned any lessons from their release of the first build of v4?? There were no end of problems with so many builds....most companies would've perhaps gone back to the drawing board for future releases.

    Very disappointed but if anyone is able to suggest anything, i'm all ears.
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    nickster_uk,

    Make sure in the Trusted Zone that you have subnet 192.168.0.0 / 255.255.255.0

    Then go into the rule editor, right click on 'Rules with no application assigned' and create a new rule.

    Allow Netbios (137) for Trusted Zone.
    Direction : Both
    Action : Allow
    Protocol : UDP
    Local - Port : 137
    Remote - Trusted Zone - Port : 137
     
    Last edited: Apr 7, 2010
  5. 6pac

    6pac Registered Member

    Joined:
    Apr 7, 2010
    Posts:
    1
    Hello All,

    I arrived at this post in desperation to try and help others who may have this same issue, or similar to what I encountered. VERY frustratingly, I was unable, after registering, to post a reply to this thread
    https://www.wilderssecurity.com/showthread.php?t=239716
    "... thread is too old ... blah blah", and so ended finding and posting to this thread.
    I found a solution to the problem I had here.
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2141&cat=FWALL&actp=LIST
    My immediate question is, why didn't the (guru's) guys in that thread suggest this?
    YMMV, but I would be very interested to hear if it solved the "Eset blocks lan traffic in interactive mode" problem for others.

    Peace.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A newer build of ESS 4.2.40 is going to be released within today which will address this issue as well. It will be announced at Wilders when ready for download.
     
  7. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Thank you to stackz and 6pac for your suggestions. I was able to access the network after fiddling with the settings but more problems arose. For some unknown reason ESS wipes all my own custom rules every so often. I import them again and again and all works well for a few minutes then the prompts start to appear for things I have set to allow or deny access.

    I'm not even going to bother trying to fix it...just looking at a few other threads suggests that v4.2.35 isn't fit for purpose yet...perhaps someone at ESET can add a beta tag to it? ;)

    I'm going back to 4.0.474.

    Thanks again for the suggestions :)
     
  8. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Ohhhh this may just prevent me from rolling back to 474 :)

    Marcos, is there a known bug regarding the wiping of custom rules? If so, would you be able to tell me if it has it been addressed with the new build please?

    Thank you :)
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Personally I haven't heard of this here at Wilders nor come across such an issue myself. However, this was reported by our Japanese partner and we subsequently fixed it. According to the developers, this issue does not normally occur and you may exhibit it after very specific conditions when editing rules multiple times.

    I'd like to say that we are glad for reporting any issues and we'll do our best to fix them with your assistance as soon as possible. However, certain very specific issues may require replication and debugging on our side which may take longer than expected, especially if we are unable to replicate the issue.
     
    Last edited: Apr 8, 2010
  10. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    So far, so good with 4.2.40 Marco. Haven't noticed any issues. Rather than upgrade, I thought it would be better as a clean install then I imported my rules and everything has worked as it should. I'm impressed at the quick response from yourself and your colleagues.

    Thank you :)
     
    Last edited: Apr 8, 2010
  11. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Spoke too soon regarding the rules bug. All my rules just disappeared again. It's kinda frustrating as I do have quite a few of them.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please check the PM I sent you yesterday.
     
  13. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Thanks Marcos...think i'll pass on the 'beta' build for now. I think I may have identified what was causing the problem though?

    My rules were getting wiped after importing my backed up settings from v4.0.474. After a clean install of v4.2.40, I changed some settings from the gui then backed up the settings. I then extracted just the rules section from the 4.0.474 backup xml and placed it into the new backup. I then imported that and since then the problem hasn't reoccured. It may just be coincidental..I don't know but could it be possible that due to the differences between the builds, the rules become affected when importing from the old build?
     
  14. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Grrrrrr it just happened again!

    I added a new rule...everything seems to be ok. I checked the settings and the rules were still in place but with a minute of me coming out of the gui, I get a prompt for a program that I have already set access for! I got back into the settings and there's only 3 rules left?!

    Have imported once again...but feeling a little frustrated now.

    Is there a limit on the number of rules I can set?

    All was running well until I added a new one and checked the rules in the gui.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps the rules you've imported are screwed up somehow. I'd suggest removing all custom rules and switching the firewall to learning mode so that all necessary rules are created automatically. Subsequently you can adjust these rules if you need to. It's very likely this will resolve all problems you're having with rules.
     
  16. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    I've definitely found a bug...not sure whether i'm the only person affected but it's certainly consistent.

    I was reluctant to reset the rules due to the amount I had but my other attempts of finding a workaround haven't resulted in anything so I thought I may as well try it. So, the first step I took was to delete all my current rules...no problems so far. The expected prompts appeared when using certain applications and network resources. I then chose the advanced options of the prompt and created a fresh rule. I followed this procedure with about 30+ prompts as I thought that would be a decent amount to test.

    I then went into the rules setting of the gui and my new rules were present...still no problems. I then clicked OK -> OK and then went back into the rules and they were all gone!!! So, I thought I would try a different angle. I create a new lot of rules went back into the settings and they were all present. This time I clicked Cancel -> Cancel and then went back into the rules....they were all still there. I repeated the process again a few times making sure to click the Cancel button after viewing the rules. Everything was fine. Then I checked the rules one more time but this time I clicked OK -> OK and when I checked again, they were gone!!!

    This cannot be down to corrupt rules as they are freshly created and not imported. The bug only occurs when I come out of the rules setting by clicking OK. If I reboot my 'puter, the rules stick until I go into the settings and click OK to come out.

    It cannot be down to the amount of rules either as the fresh sets I created only had about 30 rules or so....my usual rules probably consist of 80.

    Is there any chance ESET can try this scenario on your test beds please Marcos?

    Thanks :)
     
  17. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    This problem is affecting all systems on my network. As a test, I have just performed a fresh installation of Windows XP on one computer. I then installed ESS v4.2.40..the only other program installed was WinRAR. I did not import any rules or settings at all. After installing, I created a few rules and the bug happened again after some testing coming out of the GUI.

    Is anyone else having this problem? Are other people able to test this please?
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please enable logging of blocked connections in the IDS setup, reproduce the problem and post here the relevant records from the firewall log.
     
  19. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Apologies for not replying sooner..have been busy. I'm not quite sure how the logged blocked connections will identify why my rules are getting nuked but I will post the log asap.

    The problem still happens after adding a new rule or sometimes just clicking ok-ok when exiting the rules section in settings. I've checked and double checked my rules and there doesn't appear to be a problem with them. They're all listed correctly 1-9, A-F, 10-19, 1A-1F, 20-29 etc etc. All the paths are correct..there's no duplicates. I'm puzzled by this and i've tested it on a couple of computers running different OS's and it still happens.

    As a workaround, whenever I check my rules, I click cancel and they stick..the only downside is that if I add a new rule, I have to edit the xml file and import it and that is becoming a bit of a pain.
     
  20. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Really could not see how the blocked connections log would help identify the problem with this Marcos so I decided to use the 'Contact customer care' option instead. It has all the hallmarks of a bug...especially considering how easy it is to replicate and the fact that it has happened on every machine I have tested it on.....most of those machines were not even mine!

    Thank you very much for your help on the issue though :)
     
Thread Status:
Not open for further replies.