New V5 Problems

Discussion in 'ESET Smart Security' started by Jenee, Sep 15, 2011.

Thread Status:
Not open for further replies.
  1. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    I have installed the released version 5 and almost had to throw my computer away as many programs would not even open eg Firefox, Thunderbird.
    My Win7 machine became quite unstable and even took over 5 minutes to shut down.
    The only way I could get anything to work was to put both Hips and the Network into Learning Mode where it still is.
    I have been a fan of this program for many years but this version is almost unusable. In V4 I was easily able to use Interactive Mode but not with this one because even when I allowed the multitude of hips and network requests, I still could not get many programs to open and/or run.
     
  2. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    ESS 5 has 0 problems

    your computer is probably messed up.

    format it and start out clean
     
  3. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    No way one program would cause your pc to become almost 'unusable'. How about uninstall and put v4 back on or try something else?
     
  4. PJWilkin

    PJWilkin Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    13
    If your computer is slow I would suggest
    1) De-install ESET
    2) Download MalWareBytes and run a full scan (in case there is some malware on your PC)
    3) run C-Cleaner to clean up temporary files/cache etc
    4) review your antispyware/malware, A/V and firewall software (see below)
    5) Reinstall ESET

    I have found my system occasionally slow at points (and I can put the finger on PC Tools Spyware Doctor as disabling it makes the system responsive)

    I would suggest you review whatever Anti-Spyware / Anti-Malware you have

    It is recommended you only run one firewall application, one antivirus application and one anti-malware/spyware application ... running multiples can cause issues with performance
     
  5. get_it

    get_it Registered Member

    Joined:
    Aug 28, 2007
    Posts:
    99
    Double check to see if Windows Defender is disabled, using "services.msc" in "search box" start menu.
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Could you tell us a little bit more about your computer, such as what security software was running on it, what you did with that prior to installing ESET Smart Security v5, how you installed ESET Smart Security v5 and so forth? Perhaps with that information we will be better able to help you troubleshoot the problem.

    Regards,

    Aryeh Goretsky
     
  7. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    I have been using Eset for 7 or 8 years and had never had any problems with V4 on several different PCs. I have only upgraded 1 PC to V5 and it was the standard installation settings that caused all the computer problems. As soon as I changed Hips and the Network to Learning Mode, everything worked normally. I can only assume that a number of necessary processes were not being allowed to run and this was indicated by quite a few of my taskbar icons not appearing when the system was started and a number of programs failing to run (although in Task Manager it showed the process was running but the program window would not open). Trying to restart the system took over 10 minutes. There is no problem at all in learning mode so it is not my PC, it is V5. I have Win7 Pro.
     
  8. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    Further to the above, I still cannot access my local network. I have 4 computers in the network, 3 are Win7 Pro and one is Vista. All the other PCs with Eset V4 can see and access each other but my PC cannot access any other PC and no other PC can see it. If I can't get the network to work with this new version, I will have to go back to V4 or another Firewall that does work with networks.
    Even V4 had its problems with networks but I was able to get around it by creating a special rule to allow the network to work but even that rule does not work in V5.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please enable logging of blocked connections in the IDS setup, reproduce the problem and eventually paste the relevant records from your ESET Firewall log here.
     
  10. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Sorry to post at here,i plan to install ver 5 tomorrow but did i nid to download any exe uninstaller to uninstall my ver.4 or just do normally uninstalling?
     
  11. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    This is the log file from the PC with V5

    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:55:43 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 11:55:43 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 11:55:41 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 11:55:41 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 11:55:39 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 11:55:39 AM Address temporarily blocked by active defense (IDS) 10.1.1.3:58279 10.1.1.2:51280 UDP
    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:00:36 PM Communication denied by rule 10.1.1.2:137 65.55.114.223:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:00:48 PM Communication denied by rule 10.1.1.2:50901 10.1.1.3:5357 TCP Block outgoing Web Services Discovery (WSD Events) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE
    18/09/2011 12:00:48 PM Communication denied by rule 10.1.1.2:50901 10.1.1.3:5357 TCP Block outgoing Web Services Discovery (WSD Events) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE
    18/09/2011 12:00:47 PM No application listening on the port 10.1.1.254:80 10.1.1.2:50897 TCP
    18/09/2011 12:13:58 PM Communication denied by rule 10.1.1.2:137 65.55.227.140:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:13:58 PM No application listening on the port 65.55.7.141:443 10.1.1.2:51045 TCP
    18/09/2011 12:13:58 PM Communication denied by rule 10.1.1.2:137 65.55.227.140:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 12:13:58 PM Communication denied by rule 10.1.1.2:137 65.55.227.140:137 UDP Block NETBIOS Name Service requests System



    and this is the log file from the PC with V4 that I am trying to communicate with:

    18/09/2011 11:56:44 AM Communication denied by rule 10.1.1.3:138 10.255.255.255:138 UDP Block outgoing NETBIOS requests System
    18/09/2011 11:56:42 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:41 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:41 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:41 AM Communication denied by rule 10.1.1.3:138 10.255.255.255:138 UDP Block outgoing NETBIOS requests System
    18/09/2011 11:56:39 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:38 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:37 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:37 AM Communication denied by rule 10.1.1.3:138 10.255.255.255:138 UDP Block outgoing NETBIOS requests System
    18/09/2011 11:56:36 AM No application listening on the port 10.1.1.254:80 10.1.1.3:49319 TCP
    18/09/2011 11:56:36 AM No application listening on the port 10.1.1.254:80 10.1.1.3:49316 TCP
    18/09/2011 11:56:36 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:35 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:34 AM Communication denied by rule fe80::4c54:b270:e6df:e3d8.:49312 fe80::40f5:8546:e091:f2ce.:5357 TCP Block outgoing Web Services Discovery (WSD Events) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE
    18/09/2011 11:56:34 AM Communication denied by rule 10.1.1.3:137 10.255.255.255:137 UDP Block NETBIOS Name Service requests System
    18/09/2011 11:56:34 AM Communication denied by rule 10.1.1.3:138 10.255.255.255:138 UDP Block outgoing NETBIOS requests System
     
  12. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    It would seem that the Rules relating to Web Services Discovery are part of the problem. These rules can't be changed but I did untick all of them and the network worked immediately. While these rules exist, the local network will never work.
    There are 6 rules relating to Web Services Discovery and none allow operation in the local network or trusted zone.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There is an option called "Allow automatic Web Services Discovery (WSD) for system services in the Trusted zone" in the IDS setup. It should be enabled by default. I wonder how you have Trused zone configured, it looks like the IP addresses above are not within TZ.
     
  14. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    The option to allow Web Services Discovery is ticked. I have not modified anything from the standard installation other than to change to learning mode to get the system to allow my programs to run. When it was first installed, I got the notification to allow sharing or strict protection for the network and I selected allow sharing.
    I don't know if this is standard but under Zone Authentication, all boxes are greyed out and the first check box is not ticked so I can't change it. As many programs could not run when I first installed V5, I can only assume the necessary processes to set up the network could not run either.
     
  15. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    Any ideas on how I can fix this problem?
     
  16. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Have a look at how Eset has defined the trusted zone. I have found it does not automatically add your local computers.

    See Setup -> personal firewall -> Configure rules and zones -> Zones -> Trusted Zone
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Choosing Allow sharing when a new network is detected will create an automatically generated authenticated zone which is treated as Trusted zone. Maybe some of the zone authentication parameters have changed in the mean time and thus the network is no longer deemed trusted. One can add your network subnet to the Trusted zone explicitly to make sure it's always treated as trusted regardless of the network parameters.
     
  18. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    Could you advise how I do this and what settings should be in the Trusted Zone as the ones I currently have seem to be the same as described in the online documentation.
     
  19. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    Could you please advise what the settings in the Trusted Zone should say. It has this stupid address of 127.0.0.1 which is nothing like my 10.1.1.1 and in other rules it refers to a subnet of 224.0.0.0 which I don't have.
    I am at my wits end with this version of Eset and am seriously considering switching to something else. For the time that Eset Smart Security has been out, it should have the network automatically working by now. This software is really going backwards.
    I have a set of 6 rules relating to Web Discovery which when unticked, allow the network to operate correctly. These are system rules which I cannot delete or modify. How could Eset get it so wrong.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It would be a big security hole if a firewall allowed communication intended for the Trusted zone outside of TZ. Basically any firewall should behave like this as long as TZ is not configured properly. If you don't want to disable firewall completely, I'll drop you a PM with a list of stuff that I'd need to get in order to help you configure TZ.
     
  21. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Thanks for the clarification on how it should work.
    I did this but sharing was still often blocked and requested many rules be added in interactive mode.

    That was basically what I was suggesting as when I did this in ESS v4.2 it made it work a lot better.

    127.0.0.1 I think is a generic address of the computer running the software. http://en.wikipedia.org/wiki/127.0.0.1
    224.0.0.0 I think is a generic broadcast address. http://en.wikipedia.org/wiki/Reserved_IP_addresses
    So these rules are constant for all users so added by default.

    Apparently your specific local network address is added but not shown in the trusted domain listing.
    I added it manually which helped my system. It is easy to do so worth a try. Go to
    Setup -> personal firewall -> Configure rules and zones -> Zones -> Trusted Zone
    Then choose add address, chose an address range and enter something which covers the IP address range of your network eg
    10.1.1.1 to 10.1.1.50
     
  22. JimboH

    JimboH Registered Member

    Joined:
    Sep 20, 2011
    Posts:
    3
    I am a long-time fan of the ESET product and I have 11 customers at 4 companies, all of which I have upgraded from Smart Security 4 to 5 this last week. My phone has been ringing off the hook since the "upgrade" [sic]. All seven have complained with computer problems. We are seeing CPU utilization through the roof. Machines are slow-to-nonfunctional. My remaining customers still on SS4 are not seeing this problem, and have been extremely happy with the Eset product. I need to roll the SS5 customers back to version 4 ASAP but cannot find it on the web site. If I cannot get a copy of SS4 shortly, I will have to move them to another product at my expense... :<( Can anyone post or send me a link to the SS4 download?
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's weird because home version v5 should not be installed on business machines. Instead, they should be running the latest Business Edition which is currently version 4.2.71.
     
  24. JimboH

    JimboH Registered Member

    Joined:
    Sep 20, 2011
    Posts:
    3
    It is not weird for very small companies/home businesses, which your sales rep recommended against as well. We tried a trial of your business release, but it lacked some features available in the home version and provided others not needed in small environments. All copies were paid for and are legitimate licenses.

    I recommend you read your forum and Google the problem as well. I am certainly one of many with the same complaint.

    Let's focus on the point here. There is a problem with this product... period. And it has caused me no end of grief and expense lately. So, what will ESET do to help me (and my customers) out of this mess?
     
  25. JimboH

    JimboH Registered Member

    Joined:
    Sep 20, 2011
    Posts:
    3
    Kudos to ESET's customer support!!!!!! Within 30 minutes, ESET Customer support provided the location of the previous releases. I have installed it (ESS4.2) on one of the computers in question and all is back to normal. I recommend the ESET team review the high CPU usage issue with ESS5 or you will continue to have issues. Again, a hearty "Thanks" for the quick response. Great service! :)
     
Thread Status:
Not open for further replies.