Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Discussion in 'ESET NOD32 Antivirus' started by veri, Nov 22, 2007.

Thread Status:
Not open for further replies.
  1. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Ahh... I understand. I must say that respectfully, I don't agree. IMO, the firewall should always be the primary application facing the outside world.
     
  2. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    yes, but in that case you will have packet filter, not application FW...
     
  3. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    OA Free user here! From this monumental thread (actually this page), which is accurate? 1) "Please look at my EDIT in the post above yours. Set your OA to Intercept loopback and then set rules to intercept ports 1024-4999. then use endpoint restrictions to send only to following enpoints: 127.0.0.1/32." or 2) "Well, can't imagine much more plain English instructions than "Just tick 'Intercept Loopback Interface' in OA". It doesn't work for you? Or you cannot find the option? Or... ?"
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, since 1/ and 2/ are exactly same answers, I really don't get the point of your question. o_O
     
  5. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    But they aren't the same!
    "intercept ports 1024-4999. then use endpoint restrictions to send only to following enpoints: 127.0.0.1/32." or
    "Just tick 'Intercept Loopback Interface" Or are you saying that is what will happen when you "just tick", which I doubt.
     
  6. qpSubZeroqp

    qpSubZeroqp Registered Member

    Joined:
    Apr 19, 2009
    Posts:
    1
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    EPIC POST IS EPIC!!

    solved my tears and frustrations that ive been having for the loongest time!! THANK YOU mickhardy, UR THE BEST!!
     
  7. purpler

    purpler Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    11
    concerning the Web Access Protection setting in NOD v4.. :doubt:

    i don't really think i need such module since i'm quite satisfied with scan-on-file-{creation, execution} policy thus i probably don't need Web Access Protection/HTTP Checking enabled at all..!? o_O

    also, having in mind previous question and being a Outpost Firewall 2009 user i would like to know next:
    1) what happens if Web Access Protection is disabled like in my case?
    does infamous NOD built-in proxy filters traffic instead of my firewall even then or one should enable it just for sake of excluding certain app from being proxied? o_O

    2) someone told me that i can test whether my firewall works or is bypassed via NOD's proxy by deleting all rules for browser and then try to connect HTTP to see what will ask for connection, firefox.exe or ekrn.exe.. and i did.

    what i saw is that firefox.exe, (not ekrn.exe), asked for HTTP connection and also, i never ever saw ekrn.exe asking for connection other than its update nor i ever saw it in current connections list except when i'm updating it manually.

    so once for all, answer for eternal question:
    Does My Firewall Works!? :blink:
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    I'd strongly encourage you to leave the HTTP/web scanners enabled as they use more sensitive and stronger heuristics than other modules so with them you're better protected against new threats.
     
  9. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    I don't understand. Are there several levels of heuristics? Do you mean to say that scanning on file access is less effective than checking web traffic?

    Sorry but I'm confused by this. o_O
     
  10. purpler

    purpler Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    11
    majority of my applications that needs web access are Sandboxied as added security to already installed security applications set and im not too paranoid since im using my computer to work on it and earn myself a vage and not to maniacally update/upgrade/protect OS/Applications because of boredom.

    i find my browser and HTTP quite secure for my needs since i don't use cracked software by any means and face malware threats quite rarely.

    i would like to hear answer to my questions above since Eset customer support i tried to contact via email gave me quite moronic answer on my question:
    o_O

    thanks for replies..
     
  11. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    If Outpost is giving you popups for network enabled applications then it's working and not being by-passed purpler. It means you have successfuly turned off the proxy filter in NOD. Otherwise all traffic would be going through the NOD process [ekrn.exe].

    You can also verify this by looking at Network Activity in Outpost. If your browser is listed when you are using it rather than NOD then the firewall is doing the filtering rather than going through NOD.
     
  12. purpler

    purpler Registered Member

    Joined:
    Oct 31, 2008
    Posts:
    11
    thats all i ever wanted to know about this topic!
    in exactly that form.
    thanks :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.