NOD32 blocks 192.168.100.1 (cable modem status page)

Discussion in 'ESET NOD32 Antivirus' started by rotareneg, Apr 11, 2010.

Thread Status:
Not open for further replies.
  1. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    When I try to access my cable modem (Motorola SB5120) status page at 192.168.100.1 the page will begin to load and then suddenly stop with a connection error (happens in Firefox and IE.) I have to go into the HTTP/HTTPS scanner settings and uncheck Enable HTTP checking to be able to access the page, simply disabling the web access protection isn't enough.

    OS is Windows 7 Pro x64, NOD32 version is 4.2.40.0

    Virus signature database: 5022 (20100412)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1269 (2010040:cool:
    Advanced heuristics module: 1104 (20100412)
    Archive support module: 1112 (20100409)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1017 (20100204)
    SysInspector module: 1214 (20100127)
    Self-defense support module : 1016 (20100404)
     
    Last edited: Apr 12, 2010
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Your operating system please and check with your modem vendor that the web URL is, in fact the correct address to view your modem interface.

    Also post back your system information. Is this a new installation, home or business purchased or trial.

    It is a general industry standard in using http://192.168.2.1 to access your modem user interface, you may want to try that.

    *Add the IP for your modem UI under address management
     
    Last edited: Apr 12, 2010
  3. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    I'm running Windows 7 x64. I've had NOD32 for around a year under Windows XP without any issues. That's the correct address for Motorola cable modems, and, when I boot into WinXP the page is accessable with NOD32 running with the same settings as under Win7 where the page can't be accessed.

    Here's the system info for Win7 and WinXP:

    Windows 7 info:
    Virus signature database: 5019 (20100412)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1269 (2010040:cool:
    Advanced heuristics module: 1104 (20100412)
    Archive support module: 1112 (20100409)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1017 (20100204)
    SysInspector module: 1214 (20100127)
    Self-defense support module : 1016 (20100404)

    Windows XP:
    Virus signature database: 5019 (20100412)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1269 (2010040:cool:
    Advanced heuristics module: 1104 (20100412)
    Archive support module: 1112 (20100409)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1017 (20100204)
    SysInspector module: 1214 (20100127)
    Self-defense support module : 1016 (20100404)
    Real-time file system protection module: 1002 (20091207)
     
    Last edited: Apr 12, 2010
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    I'd note here that without providing exact cable "modem" type, including a firmware version, debugging similar stuff is rather troublesome. I've had a couple of modems/routers/APs where the firmware was so buggy that the web GUI refused to work anywhere but in a particular version of a browser and wouldn't work anywhere else.
     
  5. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Just for info.......

    I have an NTL 250 branded cable modem which I believe is manufactured by Ambit. This uses the same IP address (192.168.100.1) for the status/config pages and I'm running NOD32 4.2.40 32 bit version on Vista SP2.

    NOD is using the default settings for web access protection etc. and I can access the modem okay. So NOD is definitely not blocking my access.

    Can you exclude your cable modem's IP address from http scanning in NOD? This might be a work-around.
     
  6. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    Modem's a Motorola SB5120. If I add *192.168.100.1* to either the allowed addresses or excluded from filtering lists and turn the notifications NOD32 will show the pop up saying the filter is being applied, but the page still won't load properly.
     
  7. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    Strange no such problems here. Any other security software running or plugins on the browserso_O
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I can get into my Motorola Cable Modem with FF as shown and IE8 and also Opera so there has to be another reason?

    TH
     

    Attached Files:

    Last edited: Apr 12, 2010
  9. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    No other security software, no unusual plugins for FF or IE. I uninstalled NOD32 and was able to access the page, and when I reinstalled NOD32 the page goes back to being blocked. For the people not having this problem, are you running a 64 bit operating system?
     
    Last edited: Apr 12, 2010
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Lets hope an ESET MOD can help you with this problem! Just for information what Version of NOD32 are you using?

    TIA

    TH

    EDIT: No I use Win 7 32bit only ATM on my main system.
     
  11. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    4.2.40.0
     
  12. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    No, I'm running 32bit Vista SP2.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Please see my added comments here. If you unable to resolve this, I suggest you contact Motorola for further assistance as it may be an issue with your Modem.

    To the best I can determine, the cable modem is no longer supported by Motorola, contact your ISP, they may have a replacement available for you.
    If this is the case, your issue, once a new modem is connected and configured correctly, this may be all moot.

    Regards,

     
    Last edited: Apr 12, 2010
  14. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    Switching to a different AV program solved the problem and also got rid of the long pauses when downloading 7z archives.
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Out of curiosity that AV would be ? And what might be the archive files that you speak of ? If you could reference a site where you obtain these files, I could attempt at downloading them to see if they work on my ESET installation.

    Regards,

     
  16. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    There is a major pause at 99% when downloading any large 7-zip SFX (*.exe)archive as NOD expands and scans the files in the archive. This issue affects version 3, 4 and 4.2.

    I find disabling the scanning of self-extracting archives in the Threatsense engine setup for Web Access Protection results in much faster completion. My thinking is that the Real-time protection will scan the file as it is executed or saved anyway. The effects can also be reduced in V4 & 4.2 by setting file size limits in the various Threatsense engine settings.

    ESET were well aware of this issue during the beta of version 4 and I got the impression that it was a compromise between speed of unpacking & scanning versus memory used by NOD to do this.

    One file that I know shows this issue is the Google SketchUp setup. It is 37Mb in size. Download it from download.cnet.com and see what I mean. To see the pause in action you need all the Threatsense engine settings set with Self-extracting archives scanning on. On my system, it pauses at 99%for about 40 seconds. With Self-extracting archives scanning disabled in Web Access Protection the pause is down to 10 seconds which I find acceptable.

    Sorry to hijack this thread, but I keep seeing people saying that this issue does not exist when it clearly does.
     
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It's not that old, it's one of the most popular and beloved models of cable modems, held to the highest of standard by those in IT, networking, and even the cable ISP service installers. It's only recently been replaced by the newer models moving towards Docsis 3. It's most likely used in over 30% of the existing cable ISP users in the United States.

    The 192.168.100.1 is indeed the default web admin..I hit that page by the hundreds.

    I can hit mine just fine ..always have, but I'm running MSE now. I'll have to yank it and go install NOD 4.2 and test it out.
     
  18. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    For some 7zip archives that triggered the pause when downloading, try: http://www.videolan.org/vlc/download-windows.html

    I'm giving Avast a try for now. The same 7zip archive (vlc-1.0.5-win32.7z) which took NOD32 18 seconds to scan completes in 2 seconds with Avast.
     
  19. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    The question really at this point is whether the scan Avast is doing in 2 seconds is even comparable to the scan NOD32 is doing in 18 seconds. If Avast is scanning the zip, yet ignoring the files within the zip than of course it will be much quicker.
     
  20. rotareneg

    rotareneg Registered Member

    Joined:
    Apr 11, 2010
    Posts:
    8
    It is scanning the contents of the archive. I put a copy of the EICAR test string into a .7z file and then put that into the VLC .7z and it still found it in only 2 seconds.
     
Thread Status:
Not open for further replies.