Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Discussion in 'ESET NOD32 Antivirus' started by veri, Nov 22, 2007.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Marcos, so last night my wife is researching a medical issue. She attempts to open a search result and NOD successfully blocks a trojan (I submitted it by the way). She was using Firefox sandboxed in Sandboxie, so I felt reasonably secure with the whole situation. Now, if Firefox had been an application, "that did not communicate through HTTP/POP3", would NOD v3 still have blocked the trojan? If the answer is yes I see the complete resolution of this issue or perhaps I should say the whole thing is an non-issue.
    Also, if the answer is yes, can you explain (with screenshots) exactly how to do that, since there seems to now be confusion as to what a check is/does and/or what a cross is/does in the Web Access Protection set up? Thank You, ratchet
     
  2. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    It shouldn't tunnel anything if you set Protocol filtering to 'Applications marked as Internet browsers and email clients', and only tick the programs you want to use the proxy in Web Access>HTTP>Web browsers and in Email Protection>POP3>Email Clients. (At least it works that way with the Vista firewall. I tested this by locking down an exe for updating a piece of software. If the settings above are set, the file can't access the net when unticked, but connects through the proxy when ticked.)
     
  3. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I guess what we all want here is for NOD v3 to provide us with the great security that we've come to expect from NOD32 but at the same time we don't want our firewalls of choice to be limited in what security they provide us with. I'm not sure we (at least I'm not) all understand exactly how to do that.
     
  4. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Yes there is. In protocol filtering, tick "ports and applications marked as internet browsers and email clients" (default)

    Then, in web access protection, http, web browsers- you should be able to check, uncheck or cross.
     
  5. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Not that I have determined how I want this set up yet, however, guess what? You make the "cross" by clicking the desired box twice. I'm not sure everyone knew that!
     
  6. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Ahh! ;) Thanks!
     
  7. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I certainly didn't!

    Is this is 'standard' Windows feature or a NOD special?

    A lot of the confusion could have been avoided if this nugget of information had been available earlier.
     
  8. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    203
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    I can "red cross" everything else but my 2 different Operas. There isn't the possibility to do it, just empty and "ok" and back to empty. All other browsers you can.
     
  9. NodboN

    NodboN Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    139
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    You should be able to check a red cross on your Opera browser. I have not been able to try this on Opera as I'm a firefox user. Please go through the following 3 images for the relevant steps (it is possible that you're missing out on something.) Hope it helps you:-
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      86.1 KB
      Views:
      1,814
    • 2.jpg
      2.jpg
      File size:
      96.3 KB
      Views:
      1,807
    • 3.jpg
      3.jpg
      File size:
      142.1 KB
      Views:
      1,804
    Last edited: Nov 30, 2007
  10. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    203
    I've done all that. It works with everything else but the 2 Operas (9.24 and 9.50ß). I'm all ears.
     
  11. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    That's the only options in the 'active' window. I can get the red 'x' option in the 'web browsers' section.
     

    Attached Files:

  12. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    203
    I just can't.
     

    Attached Files:

  13. NodboN

    NodboN Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    139
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Swami,

    Wonder if this a bug.
     
  14. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    How did you get two Opera entries in there?

    Your GUI looks very different to mine too. Mine is V3.0.563.0
     
  15. albatross

    albatross Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    8
    Location:
    London
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Thanks Ratchet. This sums up the purpose of the thread for me too!

    Perhaps, as there are a lot of different combinations of settings for the protocol filtering / HTTP, Internet/web browser / POP3, email client configuration, (and, for me, confusing explanatory text in the GUI), someone in the know, could confirm the resulting proxy filtering and security provided using the table below, hopefully giving an overall clearer picture.

    Many thanks
     

    Attached Files:

  16. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Hi, Joliet Jake

    I think it is because the GUI from a Vista OS

    Take Care,
    TheQuest :cool:
     
  17. Vicky1

    Vicky1 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    33
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Even after purchasing NOD32, I decided to drop it .. but in the hope to fix this ekrn.exe thing, I re-installed it.

    And now I am lost again :(

    I just have disabled "Email Protection", "Web access protection" and "HTTP Checking" .. I hope ekrn.exe wont mess with me now.

    I also have disallowed internet access to ekrn.exe through my COMODO 2.7 .. lets see.
     
    Last edited: Dec 1, 2007
  18. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    203
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through


    WinXpsp2/Nod32v3.0.566.0
    I've got some kind of a theme. I've just installed 2 different Operas in 2 different locations. One for me (9.50ß) and the other (the last stable one) for the rest of the family.
     
  19. Vicky1

    Vicky1 Registered Member

    Joined:
    Nov 27, 2007
    Posts:
    33
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I think I have done it.

    Can someone kindly have a look at this?

    Watch the highlighted entry, I tried to disallow ekrn.exe from connecting to 127.0.0.1 on port 30606 .. will it prevent that file to act as server?

    Anyone can tell if I did right? What I am trying is to prevent ekrn.exe to as as server.

    Plus, how can I check now if my configuration is file and ekrn.exe is no more acting as server and tunneling my traffic?

    What best leak tests I can perform? Is there any other method to check as well?
     

    Attached Files:

    Last edited: Dec 1, 2007
  20. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Ah, my blond moment has arrived!:D
     
    Last edited by a moderator: Dec 2, 2007
  21. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,988
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    In Comodo's Network Security Policy, I applied the "Ask" rule to ekrn.exe. I then proceeded to launch Firefox and indeed, Comodo asked for permission. This was even done through Sanboxie. So does this suggest that our concerns are a moot point or don't I understand what is happening?
     
  22. Roberteyewhy

    Roberteyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    590
    Location:
    US
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    Configured Comodo v3 with NOD32.

    1) In Firewall>Advance>Network Security Policies.
    2)C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    3) Make a rule that states Ask IP In/Out Any To IP Any Where Protocol is Any

    Make sure your Firewall Behavior Settings>Alert Settings is set to High. If set to Very High you will get a pop up when you go to any different IP address along with the different ports.

    Now in both IE and Firefox a pop up will occur for any different port you go to (i.e 80, 443 ,20 etc.). Just make sure to NOT make it permanent. This also works for Outlook.

    Now have the best of all worlds with NOD32 checking through the proxy and in Active Mode along side Comodo Firewall v3.

    Robert
     
  23. rogervernon

    rogervernon Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    289
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    It's all too much hassle innit?

    Who, except a few paranoid folk with too much time on their hands want to be bothered fiddling around with AV settings as suggested?

    All I and I suspect 99% of users, want is a product which provides excellent AV protection out of the box, (OR with some kind bloke like Blackspear doing it all for you!).

    Same goes for a Firewall, too IMO. I'm interested enough in the security of my PC to research a combination of separate AV & Firewall which don't screw each other up, give superior protection, are not resource hogs, and are best in their field, but I'm not into spending hours messing around twiddling every knob there is!
     
  24. NodboN

    NodboN Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    139
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    I, too vouch for specialist standalone and independent programs for different functions like for example anti-virus, firewall, antispware, etc. instead of a 'Do-it-all' Jack. :thumb:
     
  25. iHz

    iHz Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    54
    Re: Nod32 v3: Software firewall made useless b/c all connections are running through

    not sure how these things work, but lets say you set ekrn to ask in comodo, then open firefox and comodo prompts you to allow. If you allow, then open another program that requires internet access, while firefox is still running, will comodo prompt for ekrn again?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.