New install fails GRC

Discussion in 'ESET Smart Security' started by jasonbourne, Apr 10, 2012.

Thread Status:
Not open for further replies.
  1. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    I failed the GRC test earlier. It said that,

    "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide
    systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

    Prior to GRC posting the results I get a pop-up of Inbound Traffic from GRC. Kindly see image. I clicked "Deny". I repeated the test but all 3 failed. This is on wired connection(not behind a router --I hooked it on a dial-up connection). This is the first time I failed GRC.

    What settings can I adjust in the firewall to pass this ping fail...? What settings should be checked...? I attached the IDS and Advanced options image for your perusal.

    Please help so I can pass this test.

    Thank you.
     

    Attached Files:

    Last edited: Apr 10, 2012
  2. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    You should do a disk clean-up and ensure you delete all temporary internet files. Go to "run" and type %TEMP% to bring up a window of the temp directory and delete all the files, and folders. Go to Internet Explorer Tools and delete all browsing history to include cookies. Run a program like ccleaner and run a complete clean-up.

    Check your installed programs in control panel and delete any programs you don't recognize.

    Check your firewall setting to ensure you are secure. Set you firewall to public network for maximum security.

    Reboot and run the test again to see if you pass.

    If you're running IE9, go to safety and install internet tracking protection list. Go to internet explorer tools, internet options, Privacy tab, advanced, check override automatic cookie handling, check accept first-party cookies and check block third-party cookies.
     
    Last edited: Apr 10, 2012
  3. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Thanks for the reply tjg79

    After each internet session I clean using CCleaner. The repeat of the test came after each cleaning. The gui shows that I have Max Protection enabled for my Network. See image attached. Anyway, I will repeat it and check again.
     

    Attached Files:

    • gui.jpg
      gui.jpg
      File size:
      27.6 KB
      Views:
      245
  4. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    I've got "ICMP protocol message checking" checked under "Packet inspection."

    A good internet explorer add-in is Ghostery to block adware and spyware. Do a Google search for Ghostery.

    Make sure you add a personalized list for tracking protection.

    Check your configuration in Tools/Internet Options/Privacy Tab/Advanced.

    Make sure you don't have any undesirable software installed in control panel/programs.

    If you do everything I mentioned, you should have maximum protection from spyware and adware.

    If I mentioned anything you don't understand, ask questions.

    Regards
     
  5. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    With Ghostery or not you can still pass GRC and PCFlank test so I think that Ghostery isn't the tool here..it's the ESS firewall. The settings may need to be adjusted or something....

    The browser I am running this test is FF 11 inside Sandboxie. Without SBIE the result is the same. With Google Chrome, the same also with/without the use of SBIE.

    This "ping fail" is only when I installed Eset ESS ver5. Previously the combination was Avira IS 2012 and CIS ver5.10. There was no issue with GRC and PCFlank. Before I came to use CIS with Avira IS 2012 I was using OA Premium on this very same pc. No issues also.

    I do not understand why when I installed ESSver5 there is this "ping fail". To check with other security setup I loaded a clean system image without AV/firewall only MalwarebytesPro(I keep this image when I wanna try a new setup). Upon loading, I installed Avast IS Build 1426(default settings). Connected to the same conditions as what I try --dial-up connection/wired. It passed both GRC.

    Loaded again that same image without AV/firewall only MalwarebytesPro and installed just Outpost Firewall Pro. It "also" passed. That's out of the box and default settings.

    I reloaded an image prior the "system image without AV/firewall only Malwarebytes Pro" which had ESSver5(same setup I came to with the ping fail). Checked the "ICMP protocol message checking" and "Covet data in ICMP protocol detection". Connected to the same conditions as what I try --dial-up connection/wired. Same thing. Ping Fail. See image.

    Is "ICMP protocol message checking" and "Covet data in ICMP protocol detection" responsible for the ping fail..? I tried checking and unchecking it the result was the same.

    Anyone from the mods please I'd really appreciate the help and explanation here please...there seems to be something odd here....
     

    Attached Files:

    • grc.jpg
      grc.jpg
      File size:
      66.7 KB
      Views:
      226
    • ids.jpg
      ids.jpg
      File size:
      85.5 KB
      Views:
      226
  6. tjg79

    tjg79 Registered Member

    Joined:
    Jan 11, 2010
    Posts:
    55
    Location:
    Virginia, USA
    Are you in "Strict Protection" in Computer protection mode in network?

    Do you know how to check in ESET setup?

    Regards
     
  7. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    When you receive the ping requests, you can choose 'Remember Action (Create Rule)' and then DENY. The firewall should then deny ping requests from that connection. Also, as suggested, setting your protection mode to "Strict Protection" can also help.

    From the Advanced Settings window, under Personal Firewall, click 'Rules and Zones', click the Setup button under 'Trusted Zone' and then select 'Strict Protection'. Try the test again and let us know whether you were able to pass the test.
     
  8. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Thank you tjg79 and dwomack for the reply.

    "When you receive the ping requests, you can choose 'Remember Action (Create Rule)' and then DENY. The firewall should then deny ping requests from that connection. Also, as suggested, setting your protection mode to "Strict Protection" can also help. From the Advanced Settings window, under Personal Firewall, click 'Rules and Zones', click the Setup button under 'Trusted Zone' and then select 'Strict Protection'. Try the test again
    and let us know whether you were able to pass the test."

    -- I did click DENY and ticked the "Remember Action" button. CIS and OA has that and if you don't tick that it'll go on forever. On Eset it appeared I think twice even if I did tick that button. After that second appearance no pop-up surfaced again.

    I am not permanently a part of a network and a pop-up appears when I click Advanced Settings>Rules and Zones>Setup. So I can't set it up there. See image.

    Now to be able to access that I inserted a bluetooth stick and there appeared a pop-up "Computer protection mode in the network" there I chose "Strict protection". See image.

    Does the Trusted Zone>setup I did with the bluetooth stays when I unplug the stick..?

    When I unplug it and go back the same pop-up appears "No active authentication zone detected...". Even when I connect via dial-up the same pop-up appears. As of this writing I have updated ESS and I still cannot get to the setup again.

    What can I do further...? Still got a ping fail there. See image. Any ideas/workaround..

    Thank you.
     

    Attached Files:

  9. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    I was reading the manual of ESSv5 and I saw there was a lot of rules for Trusted Zone. Fiddling on the settings I saw a lot also.

    So given the situation that I have "No active authentication zone detected...", what happens to the rules in the advanced setup that says, Allow communication / requests / incoming / outgoing /etc etc in Trusted Zone...?

    If not applicable what rules does Eset firewall use...? What is the default rule applied if the pc is identified as "No active authentication zone detected..."...?

    Is it different for Automatic mode and Interactive Mode? I am in interactive mode now because I wanna see those pop-ups. Is it different per mode if the pc is identified as "No active authentication zone detected..."...?

    Also in the manual I see Computer Scan>Selected Profiles Scan I see there: (a) In-depth Scan (b) Smart Scan (c) Context Menu Scan. I do not see explanation to (a) and (c). Only the Smart Scan. Where is it..? If "No Selection" is in Computer Scan>Scan Targets, targets will Eset scan when I scan say, C:\ in Windows explorer..?

    Earlier I had a pop-up of svchost.exe trying to communicate to an IP address, I clicked DENY and I forgot to check the "Remember Action" button.

    I forgot to take a snapshot of it so I can post it so I looked for it in the logs. I can't find it.

    Where can I find that event in ESSv5...?

    Does Eset log those alerts? If I want to modify and make a rule for that, what must I do..?

    I am getting confused here, so sorry for that but I wanna make this work for me. Don't wanna throw away the license as it is activated now. I should have used trial first but I trusted Eset. My former employer used Eset previously and we were safe. Thus the consideration.

    Any ideas/explanations...?
     
    Last edited: Apr 13, 2012
Thread Status:
Not open for further replies.