No Usable Rule Found

Discussion in 'ESET Smart Security' started by Rainwalker, Nov 30, 2007.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Log is showing No Usable Rule Found. This is for svchost and color coded blue. Does this mean svchost has gone online ? I want to have control over svchost going or not going online. Also, where is the color code key located ?
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Anyone with an explanation ?
    BTW..I have Interactive Filtering Mode enabled.
     
  3. lych

    lych Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    17
    I am experiencing this as well. As far as I can tell, this occurs on the IGMP protocol. Here is a snippet from my log when it occurs:

    Code:
    12/1/2007 11:08:27 PM	No usable rule found	192.168.2.2	224.0.0.22	IGMP
    A quick search on Google revealed that this is local subnet multicasting. This is benign. Also, svchost is a generic host server that lots of programs use. It is best to leave it alone and let ESS watch for malware infiltrations.
     
  4. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I have problems with IGMP protocol, too.. The only way how I managed to run VLC smoothly was to generally allow all IGMP traffic for any application.
     
  5. lych

    lych Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    17
    The IGMP entry in ESS's firewall log is normal. It is a multicast broadcast from Windows. Allowing this traffic will not compromise the security of your computer. In fact, blocking IGMP traffic could cause all kinds of problems on your system (especially with streaming media). Hopefully eset will update their firewall to ignore this entry.
     
  6. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    First: I am going to assume you are in either Interactive or Policy Based Mode, and that you have told the firewall to log blocked connections.....
    Now: No Usable Rule Found means that (while being in Interactive or Policy Based Modes, the firewall detected a connection (usually incoming but it can be outgoing) and there was no rule for it in the Ruleset, so, as a consecuence it drops the connection, it means that you have not set a rule for that connection and probably did not see the alert pop up for it so the firewall had to make a desition, and since there is no rule, it drops and registers the event.
    I know because it is what tech support told me when I asked them.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK Thanks MasterTB ... this, for me, is just another problem for this program. It is hard to believe i did not see the popup and as far as i am concerned the program should do what it wants to do, BUT should continue to send popups until the user takes a definitive action. I have faith that ESET will, in time, get the bugs out of ESS.
     
  8. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Well don't be so surprised about missing a pop up, If you leave your computer allways on, then it could have happened over night or at any moment you weren't on. Remember that the alerts usually have a time out, connections cannot be held hostages of an answer :) . And if the program insisted upon it, then it will appear again. I believe it was some ICMP or a Multicast of some type. Read the logs and check for the protocol, if it was an ICMP (mine allways are) then there was no pop up because there is no need for one, Eset is just keeping you Stealth.
     
  9. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Can a rule be made for this?? To allow or block?

    Ruben
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    anyone??

    Ruben
     
  11. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Hi Ruben:

    A Rule made for what, do you ask ??
    I believe it is always possible to make rules .. could you be more specific?
     
  12. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    to allow IGMP traffic for some apps

    Ruben
     
  13. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Hello,

    you can allow incoming streams from the Internet via IGMP protocol by checking appropriate checkbox in the Setup>Personal firewall>IDS and advanced options
     
  14. shansmi

    shansmi Registered Member

    Joined:
    Feb 19, 2008
    Posts:
    130
  15. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    @mayt
    I do have that enabled,but I still get that -no usable rule found error

    Ruben
     
  16. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    any idea

    Ruben
     
  17. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Anyone?

    Ruben
     
  18. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    anyone that can help us?

    Ruben
     
  19. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    still would need some help here

    Ruben
     
  20. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    still hoping for some help with IGMP

    Ruben
     
Thread Status:
Not open for further replies.