Nod32 v3: Software firewall made useless b/c all connections are running through v3?

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Marcos, so last night my wife is researching a medical issue. She attempts to open a search result and NOD successfully blocks a trojan (I submitted it by the way). She was using Firefox sandboxed in Sandboxie, so I felt reasonably secure with the whole situation. Now, if Firefox had been an application, "that did not communicate through HTTP/POP3", would NOD v3 still have blocked the trojan? If the answer is yes I see the complete resolution of this issue or perhaps I should say the whole thing is an non-issue.
Also, if the answer is yes, can you explain (with screenshots) exactly how to do that, since there seems to now be confusion as to what a check is/does and/or what a cross is/does in the Web Access Protection set up? Thank You, ratchet

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

It shouldn't tunnel anything if you set Protocol filtering to 'Applications marked as Internet browsers and email clients', and only tick the programs you want to use the proxy in Web Access>HTTP>Web browsers and in Email Protection>POP3>Email Clients. (At least it works that way with the Vista firewall. I tested this by locking down an exe for updating a piece of software. If the settings above are set, the file can't access the net when unticked, but connects through the proxy when ticked.)

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I guess what we all want here is for NOD v3 to provide us with the great security that we've come to expect from NOD32 but at the same time we don't want our firewalls of choice to be limited in what security they provide us with. I'm not sure we (at least I'm not) all understand exactly how to do that.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Yes there is. In protocol filtering, tick "ports and applications marked as internet browsers and email clients" (default)

Then, in web access protection, http, web browsers- you should be able to check, uncheck or cross.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Not that I have determined how I want this set up yet, however, guess what? You make the "cross" by clicking the desired box twice. I'm not sure everyone knew that!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Ahh! Thanks!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I certainly didn't!

Is this is 'standard' Windows feature or a NOD special?

A lot of the confusion could have been avoided if this nugget of information had been available earlier.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I can "red cross" everything else but my 2 different Operas. There isn't the possibility to do it, just empty and "ok" and back to empty. All other browsers you can.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

You should be able to check a red cross on your Opera browser. I have not been able to try this on Opera as I'm a firefox user. Please go through the following 3 images for the relevant steps (it is possible that you're missing out on something.) Hope it helps you:-

 

I've done all that. It works with everything else but the 2 Operas (9.24 and 9.50ß). I'm all ears.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

That's the only options in the 'active' window. I can get the red 'x' option in the 'web browsers' section.

 

I just can't.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Swami,

Wonder if this a bug.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

How did you get two Opera entries in there?

Your GUI looks very different to mine too. Mine is V3.0.563.0

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Thanks Ratchet. This sums up the purpose of the thread for me too!

Perhaps, as there are a lot of different combinations of settings for the protocol filtering / HTTP, Internet/web browser / POP3, email client configuration, (and, for me, confusing explanatory text in the GUI), someone in the know, could confirm the resulting proxy filtering and security provided using the table below, hopefully giving an overall clearer picture.

Many thanks

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Hi, Joliet Jake

I think it is because the GUI from a Vista OS

Take Care,
TheQuest

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Even after purchasing NOD32, I decided to drop it .. but in the hope to fix this ekrn.exe thing, I re-installed it.

And now I am lost again

I just have disabled "Email Protection", "Web access protection" and "HTTP Checking" .. I hope ekrn.exe wont mess with me now.

I also have disallowed internet access to ekrn.exe through my COMODO 2.7 .. lets see.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

WinXpsp2/Nod32v3.0.566.0
I've got some kind of a theme. I've just installed 2 different Operas in 2 different locations. One for me (9.50ß) and the other (the last stable one) for the rest of the family.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I think I have done it.

Can someone kindly have a look at this?

Watch the highlighted entry, I tried to disallow ekrn.exe from connecting to 127.0.0.1 on port 30606 .. will it prevent that file to act as server?

Anyone can tell if I did right? What I am trying is to prevent ekrn.exe to as as server.

Plus, how can I check now if my configuration is file and ekrn.exe is no more acting as server and tunneling my traffic?

What best leak tests I can perform? Is there any other method to check as well?

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Ah, my blond moment has arrived!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

In Comodo's Network Security Policy, I applied the "Ask" rule to ekrn.exe. I then proceeded to launch Firefox and indeed, Comodo asked for permission. This was even done through Sanboxie. So does this suggest that our concerns are a moot point or don't I understand what is happening?

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

Configured Comodo v3 with NOD32.

1) In Firewall>Advance>Network Security Policies.
2)C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
3) Make a rule that states Ask IP In/Out Any To IP Any Where Protocol is Any

Make sure your Firewall Behavior Settings>Alert Settings is set to High. If set to Very High you will get a pop up when you go to any different IP address along with the different ports.

Now in both IE and Firefox a pop up will occur for any different port you go to (i.e 80, 443 ,20 etc.). Just make sure to NOT make it permanent. This also works for Outlook.

Now have the best of all worlds with NOD32 checking through the proxy and in Active Mode along side Comodo Firewall v3.

Robert

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

It's all too much hassle innit?

Who, except a few paranoid folk with too much time on their hands want to be bothered fiddling around with AV settings as suggested?

All I and I suspect 99% of users, want is a product which provides excellent AV protection out of the box, (OR with some kind bloke like Blackspear doing it all for you!).

Same goes for a Firewall, too IMO. I'm interested enough in the security of my PC to research a combination of separate AV & Firewall which don't screw each other up, give superior protection, are not resource hogs, and are best in their field, but I'm not into spending hours messing around twiddling every knob there is!

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

I, too vouch for specialist standalone and independent programs for different functions like for example anti-virus, firewall, antispware, etc. instead of a 'Do-it-all' Jack.

 

Re: Nod32 v3: Software firewall made useless b/c all connections are running through

not sure how these things work, but lets say you set ekrn to ask in comodo, then open firefox and comodo prompts you to allow. If you allow, then open another program that requires internet access, while firefox is still running, will comodo prompt for ekrn again?