nod AV connecting to internet

Discussion in 'ESET NOD32 Antivirus' started by Filter57, Jan 8, 2008.

Thread Status:
Not open for further replies.
  1. Filter57

    Filter57 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    6
    hi
    i wrote whole novel here but lost it because i had to login again so i m going to be real brief this time.

    I would like to know why nod AV v3 needs to connect to internet when i open browser. If i deny it pages do not load. It does not want to access internet when i open any other program for internet like online games, torrent client ect..
    Most important does it check only pages visited when internet access granted or can it send whatever data somewhere since it has access? How does this need to access internet it has really work? Why not for all internet programs?
    I noticed that webroot spysweeper wants to connect when i start windows but i deny it and internet connection is not limited in anyway by this.
    I have real time, email, web access protection turned on, in fact everything it offers is turned on except automatic updates since i like to do that my self but regular.
    So is there anyway to deny access, still have all protection on and be protected?
    Nod AV v2 had no need to access internet, except when updating.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    How did you learn that v3 is trying to connect to the Internet as soon as you open a brwoser? Wasn't it your firewall that warned you about ekrn.exe trying to access the Internet? If so, then it must have been your browser whose traffic was routed via ekrn.exe.
     
  3. Filter57

    Filter57 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    6
    yes it was software firewall that warned me about this. Happens with both IE and firefox. Is it normal for browsers to route traffic via ekrn.exe? Sure, there are services on that check stuff. When i turn web protection completely OFF , nod still wants to connect to internet. Is there anyway that nod would not connect to internet? Why does nod want to connect to internet if web protection is OFF?
    As matter a fact why does it still want to connect when absolutely everything possible in advance mode is turned off(real time, web, email protection,updates, OFF) ? I really don`t get that, can someone please explain! Everything is uncheked. Nod should not need any connection whatsoever because all it offers is OFF. And who`s tho say it doesn`t send data anywhere, eset, or to whomever, i don`t know, once connection is granted.

    Also when web access protection is on i usually get only page code when i open any page. How can that be solved? When everything is turned ON in web access protection i almost every time get only the pages code, page does not display. When i turn everything OFF in web access protection and only web access protection marked, still the same problem, maybe about 10% better rate to display pages.
    How can i get this working properly?

    thank you for any advice
     
    Last edited: Jan 8, 2008
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Version 3 of NOD32 is different than version 2.7 in that version 3 now uses a local proxy to filter HTTP and POP3 traffic. Version 2.7 used Windows's Winsock for it's filtering. This change is the reason for your issues.

    Here is a very lengthy thread on the subject. Hopefully, it will give you the answers you are looking for... https://www.wilderssecurity.com/showthread.php?t=192305
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you don't want to have any traffic routed via the local proxy (ekrn.exe), you can disable application content filtering or at least limit it to selected applications or HTTP/POP3 ports.
     
  6. Filter57

    Filter57 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    6
    well as i said i turned every thing off and ekrn.exe was still trying to get access to internet. i unmarked everything.
    and what is with this source code i was getting instead of web pages being displayed? Like already said i tried few combinations, at the end everything in web access protection was off, only had wap marked. Had to turn it off in order to get web pages working normal. I also had jpeg, gif, bmp, jpg excluded, but that is only for faster loading of pages as i see it, does not have any weight that pages did not display. Source code was just not translated into images, text ect..
    Well i deleted whole AV anyway, maybe i`ll try it again in future.
    I also read posts on link that HAN gave and people there are very confused :ouch:
    It is a long topic so i read like few first and last pages but think i got the picture. As i saw it people are confused or worried that applications will not even ask for permissions and just leak out through ekrn.exe. For the little amount of time i was using v3 of NOD Zone Alarm did detect stuff going in and out as before. Just need to have enabled advanced program control and application interaction control, smart defense advisor off, absolutely nothing set on allow.
    But i think their worries have some point. Nod has full access to internet all the time from the moment it asks for conncetion. Even tho it is protection program it can be a big leak in the system.
    I don`t fell comfortable with some application having full access all the time.
    It really would need close attention, checking logs , closely watching what it is doing, where it is going. Yes it is advanced program with lots of configuration options, but most of people will never understand them. Program is just to much for majority of users. And it might be a threat for them.
    Thats just the way i see it.
     
    Last edited: Jan 9, 2008
Thread Status:
Not open for further replies.