NOD 3.0667 and ISA 2004 FWC

Discussion in 'ESET NOD32 Antivirus' started by vanja, Jul 2, 2008.

Thread Status:
Not open for further replies.
  1. vanja

    vanja Registered Member

    Joined:
    Nov 16, 2005
    Posts:
    14
    NOD v3.0667 installed on the clients in SBS 2003 network, along with ISA 2004 firewall clients. The problem is that users do not have internet access randomly. Obiously , the nod is somehow in conflict with ISA client.
    Is there any solution?

    regards,
     
  2. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46
    i'm having the same problem... asked eset support in my country and first answer was "Eset is aware" while the last one was giberish... like modify nod32 settings on ISA Server although i did specify in previous emails that i do not have NOD32 installed on ISA Server.

    In my case, the users lost internet access if they had internet access based on Isa Server user access rules. The solution was to drop user based access rules in Isa Server and use only IP based rules (annoying!) and in some cases to uninstall ISA Server Firewall Client from users' computers.


    PS Last time when i had an answer from local ESET Support regarding this issue was on March, 12th.
     
  3. vanja

    vanja Registered Member

    Joined:
    Nov 16, 2005
    Posts:
    14
    You just have descrbed my problem. I had contacted my local ESET support and got answer that " most sure , the ISA is problem" , but this is upgrade from version 2.7 which worked perfectly with same ISA server FW clients and ISA server rules.
    So, there is some collision between NOD 3.0 and ISA 2004.
    I hope that ESET will try to solve this problem.
     
  4. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46
    indeed, NOD v2.7 used winsock to scan the traffic which worked with ISA FWC since the last one works at the same level.
    NOD v3 and his proxy method of scanning internet traffic isn't compatible with ISA Server Firewall Client :thumbd:
     
  5. vanja

    vanja Registered Member

    Joined:
    Nov 16, 2005
    Posts:
    14
    I think that I will go back to version 2.7 until the problem is solved by ESET.
    thanks
     
  6. ASpace

    ASpace Guest

  7. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46
    only modification that worked was to disable web access protection which was unacceptable.
     
  8. ASpace

    ASpace Guest

    Simply disabling the web-access protection will make the program still pass the web traffic through ekrn.exe but simply won't scan it or if it scan it , will pass what it finds . My suggestion is to disable the local proxy for any program except for 2 applications - your web browser and your email client . Scanning their traffic is improtant nowadays but still not crucial (IMO) . This is different from disabling the web-scan from the setup menu. Please , try it .
     
  9. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46
    what i meant to say, and somehow failed, in my previous post was they had internet access and a working messenger only if i unticked the respective programs in the Web access protection -> HTTP -> Web browsers (aka no web access protection) or by modifying ISA Server access rules from user-based to ip-based.
     
  10. ASpace

    ASpace Guest

    Ok , ok :thumb:
     
  11. vanja

    vanja Registered Member

    Joined:
    Nov 16, 2005
    Posts:
    14
    After all of tricks I have tried to get it work together, I have returned to ver 2.7. for now which is working good.
     
  12. JChoi

    JChoi Registered Member

    Joined:
    Feb 25, 2008
    Posts:
    4
    Does anyone have any updates on this issue.

    Thanks in advance.
     
  13. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
  14. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    The KB articles you reference are for installing V3.0 on a Server. V3.0 cannot be installed on SBS 2003 or any Exchange Server as XMON still isn't supported - after more than a year but I won't go there. :rolleyes:

    I would never personally install ESS on an ISA Server.

    The problem in this thread - that no one at ESET seems to be officially responding to - is that ESS simply doesn't work with Microsoft Firewall Client. It almost works but there are far too many weird and wonderful issues. In my experience, ESS cannot currently be deployed across clients on an SBS 2003 Network utilising the FWC.
     
  15. vanja

    vanja Registered Member

    Joined:
    Nov 16, 2005
    Posts:
    14
    I agree with you 100%.
    The main issue is that version 3.0 is NOT working with firewall client ( as you said it right). There is no problem that you can configure nod to work on SBS 2003 ( with ISA 2004 oot of box) but , the workstaions in SBS network are experiencing lots of problem, as example, randomly cutting of the internet connection.
    There is a link with some configuration ( on personal experience) of NOD on SBS 2003 server
    http://blogs.mcbsys.com/mark/?tag=/nod32

    I am still using version 2.7 on SBS 2003 networks and maybe NOD officials should give us some solutions for that. I am talking it from my position of authorised NOD reseller.
     
  16. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    We currently use EAV V3.0 with FWC on Vista and XP clients without any issues. ESS V3.0 caused many problems but EAV V3.0 is fine.

    I'm not entirely sure the problems were caused by FWC but many issues disappeared after reverting from ESS back to EAV on all clients. I perservered with ESS for many months and we're licensed to 2011 so it would be nice to see a solid release. I'm currently trialing both Online Armour free or Comodo to be used with EAV V3.0 and FWC on our Notebooks. They both behave as expected.

    I have no issues with ESS V3.0 at home where there is no SBS 2003 Network.

    We use EAV V2.7 and XMON V2.7 on our SBS 2003 Servers because XMON hasn't yet been upgraded. This has worked fine for many years.
     
  17. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46
    As I already mentioned in my july post, EAV V3.0 do works with FWC without issues as long you use only ip based access rules, which is far from acceptable since most of the time you want to limit/allow internet access for certain users not for ip addresses.
    If you set an access rule for a certain active directory user/group... you guessed it already, the user/group will lose connectivity through FWC.
     
  18. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Is the Firewall Client for ISA Server installed on the workstations? If so, it should be excluded from being scanned locally as well as under the Web Access Protection settings.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.