Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Discussion in 'ESET NOD32 Antivirus' started by veri, Nov 22, 2007.

Thread Status:
Not open for further replies.
  1. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Using the last Sygate 5.6 debug build before they stopped developing it.

    I noticed that an application that had no known setting in the firewall was automatically given access, so to test something, I removed all apps, closed Firefox, and fired it up again. Sure enough, ekrn.exe was requesting permission -- not Firefox or anything else, but ekrn.exe.

    This is echoed in other programs requesting access (email clients, etc.), meaning that actual outbound control just became rather hit-or-miss.

    So this is either:

    1. Nod32 insisting on control over net traffic, or;
    2. Some issue with that last Sygate debug build that I've never seen mentioned here on Wilders.

    Thoughts?
     
    Last edited: Nov 22, 2007
  2. Shelty

    Shelty Registered Member

    Joined:
    Oct 28, 2007
    Posts:
    41
    Nod v3 uses a proxy. If I remember correctly, Sygate does not handle proxy, therefore, allowing all of Nod traffic to go through without any alerts. You might want to consider a different firewall.
     
  3. Alaska99

    Alaska99 Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    24
    I use Outpost (the best firewall) and I have the same problem. I revert to nod2.7 because this. The worst, this ekrn.exe proxy slowdown my internet speed and use a lot of cpu.......
    Proxy is a scrap... :thumbd: and complicate compatibility with all other security software.....
     
  4. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I would recommend that if you wish to use version 3 with Sygate that you will either have to set up advanced rules for everything & then I'm not sure its safe or get another firewall.
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    Suggest an immediate revert to 2.7.

    Not only because of this FW issue but because there are just too many issues with V3 anyway. This is just my personal opinion.
     
  6. creapure

    creapure Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    13
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I had the same problem. I installed, 64 Bit Vista Home Premium on my computer and installed Nod32 V3 and Outpost (the latest 64 bit version). Had no problems accessing the net without the firewall, however, as soon as I installed the outpost firewall, could not access the net. So had to uninstall nod32 v3 and install nod32 2.70.39 and every thing's fine now.... :'(
     
  7. veri

    veri Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    138
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Thanks for the comments, all.

    Have reverted to 2.70.39.
     
  8. Shelty

    Shelty Registered Member

    Joined:
    Oct 28, 2007
    Posts:
    41
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I have used both Outpost v4 and Comodo v3 with Nod v3. The browser will prompt for access and then ekrn.exe will also ask for access. You're not really losing any security through the firewall. In my firewall, ekrn.exe asked for HTTP port 80 and Pop 3 port 110. If any other ports are needed, the firewall asks.

    I guess I've been lucky because I haven't noticed any slow downs or any of the problems that most of the others have.
     
  9. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    So this is why none of my browsers, itunes, etc. don't ask for connection access in the new Comodo Firewall Pro? If I allow ekrn to access the internet, then the firewall effectively allows all programs to access the net?

    edit: itunes asks for a connection in Comodo Firewall.
     
  10. SteveBlanchard

    SteveBlanchard Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    312
    Location:
    ENGLAND
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    Are you still in train with safe mode? Perhaps (like mine) the firewall has learnt all the programs on your PC.

    Also I think ekrn will show 100% traffic as it is monitoring all the time.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    It is a standard to use a proxy server for filtering email. It is much better than a scanner working on Winsock level like IMON did. This resulted in many problems, especially on servers.

    If you don't want a particular program communicating via HTTP/POP3 to be routed via the local proxy, set web access protection to route only marked applications through the proxy and put a cross next to the applications that you want to bypass the proxy. Applications that do not communicate through HTTP/POP3 are not routed through the proxy whatsoever.
     
  12. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    That depends on your persepective I guess. It breaks firewall setups, traffic-shaping setups and adblocking setups, so if you are using any of those, it doesn't scan better without breaking any of those.
    One of the reason I liked NOD, was because it was not acting as a proxy.

    Where is the setting for "not routing though ekrn.exe"?
     
  13. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    NOD 2.7 working fine with protowall, kerio 2.1.5 and privoxy.

    12fw
     
  14. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Sooo, EKrn.exe creates a tunnel through your firewall. How nice. So unless I have a really good Hips I don't have much control. This is not apparently a local proxy but is actually replac ing firewall control through any firewall. Understanding ESS contains a firewall & would have inherent control capabilitys because its an all in one suite. When we use EAV we replace firewall control with Ekrn which acts as a tunnel through any firewall. So how safe is this? Woulden't 2.7 be a lot safer? I don't know. I am starting to think that Sygate or any other firewall would have its security completely degraded by a this type of tunnel.
     
  15. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    It doesn't create a tunnel, it proxies all connections through ekrn.exe . You can still use a firewall, but no longer application specific (still sucks). Or you can buy the Smart Security Suite (long live the "freedom" to choose).
     
  16. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I like NOD32 a lot and have been using it for years now, but if it comes to forcing me to get the ESS, rather than a firewall of my choosing I may very well drop my subscription. I hope Eset corrects the problem with a v 3 update, if it's at all possible.
     
  17. ASpace

    ASpace Guest

    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    But how can this happen ?! This is not a bug , this is software design . Moreover it proxies only HTTP/POP3 traffic

     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      25.7 KB
      Views:
      21,051
    • 2.PNG
      2.PNG
      File size:
      32.4 KB
      Views:
      22,758
  18. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I've started this reply several times and each time, they went bad because this is perhaps THE issue about version 3 for me. :'(

    I guess the best way to say this is that moving the HTTP filtering to a proxy is NOT a good idea and IMO, could very well be a source for outbound HTTP security problems. Affected users may never know that things are passing through their software firewall unfettered because they don't understand how NOD32 could be facilitating it.

    As for the server filtering/IMON problem, to me, that seems to be an easy fix. Have a client version and a server version. Optimize each one for it's intended purpose...
     
    Last edited: Nov 24, 2007
  19. Shelty

    Shelty Registered Member

    Joined:
    Oct 28, 2007
    Posts:
    41
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I use Nod v3 and Comodo v3. I have the firewall set to ask me every time something accesses the internet. If Firefox wants to access the internet, Comodo will ask for DNS for Firefox which I allow and then ekrn.exe asks for HTTP filtering and then I can set it to so HTTP only uses port 80. That way when HTTP is using another port then ekrn.exe will ask. Any program that needs to access the internet through HTTP has to ask for DNS first so how can you have a security problem?

    I fail to see the big deal about the proxy.
     
  20. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    What EKrn does from what I can surmise is exactly what Sygate does since it does not control proxies very well. So you can either go back to 2.7 which is now under limited development or use ESS . Correct me if I'm wrong but you would have to make up specific rules for every app in your firewall to completely control what is happening. There is also a third possibility which I might consider which is find another AV which does not use a Proxy server. Unfortunately not many don't . However but I believe suites do control application traffic since they have an integrated firewall. I really hope I'm wrong about this since I really like NOD32's EAV which otherwise works flawlessly.
     
  21. BerserkerPup

    BerserkerPup Registered Member

    Joined:
    Dec 2, 2003
    Posts:
    61
    Location:
    New Jersey USA
    Just from reading this thread, I can tell that a lot of NOD32 users (myself included) are going to get confused about how 3.0 actually works, why they may have problems, and what the best settings for it should be. :doubt:
     
  22. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    They should allow the option of either a proxy or a winsock driver. The problem with disabling IE/Firefox proxy scanning is that it effectively stops the webscanner. I had to disable web scanning in firefox because comodo blocked an ftp download for ekrn.exe (since it can't detect Firefox because of the proxy).

    IMHO, the firewall in ESS isn't robust enough, but the proxy certainly makes the suite more convenient :cautious:

    edit: this is the first gripe I have had so far with the new AV version.
     
    Last edited: Nov 25, 2007
  23. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    If I have NOD32 web scanning on for firefox, only ekrn.exe asks for a connection, not firefox. How'd you get that to work?
     
  24. Moirai

    Moirai Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    7
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    NOD32 v3 will only act as a HTTP/POP3 proxy for applications you want it to. If you don't want it to do so, and want all individual application traffic to continue to be monitored by your firewall, then tell NOD32 not to proxy those applications by configuring it appropriately.

    You could alternatively just turn off the proxy behaviour as well.

    There seems to be a lot of running around with hair on fire/knee jerk reactions going on here that could be easily avoided by just taking a few moments to learn how to configure the program to suit your needs.

    Mark
     
  25. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I think this question is legitimate. But you have to decide if you want control of your system or do you want to let NOD do it for you. If you accept that NOD will take care of all malware with no intervention ok its for you. what is disturbing to me is that any time you give an app permission to use the internet from that moment on it can by simply going through ekrn. I think that if you are willing to let ekrn take over your system communications you have to control this. Therefor HIPs no longer becomes optional but becomes essential, you also need a firewall with a great log viewer. You need to be able to set ports. at least I do. I once bought a computer with Macafe on it. It worked fine but you never knew what was going on. I truly understand why some of the people who posted on this issue are concerned. I really have to think about what I will do now. Do I really want to go back to my Sygate days when I tried to control all these variables with a firewall. Event
    ualy it just became too much & I switched to Zone Alarm. Now ekrn apparently happily charges through Zone Alarm I may get one warning from the firewall & thats it. Now the issue of which firewall to use becomes paramount & lets face it there are not many Sygates around anymore. I suppose if you were to use version 3 to maintain control you would need something Comodo 3 Eqsecure or SSM maybe even WinSonar. A note of interest is that when I installed ZASS in a snapshot to see what it did ZA completely controlled Traffic & access. I am inclined to believe that ESS or a suite is essential for complete system control. It may be just too hard to "roll your own" using Version 3.
     
Thread Status:
Not open for further replies.