oh dear v4 firewall 1045 under the weather

Discussion in 'ESET Smart Security' started by bodgy, Mar 23, 2009.

Thread Status:
Not open for further replies.
  1. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    Last night v4 started to play up. Nowhere near as bad as previous posts, but intermittent large lags accessing websites, with no entry showing in the log.

    Today it is more frequent and I'm now getting log entries.

    The outgoing problem is still showing up in the log as well as incoming - all are Packet Blocked by active defense on TCP apart from one which had the interesting incoming error of No application listening on the port UDP. The port was very high up the list 55931

    I have unticked:
    Block unsafe address
    TCP protocol overload
    ARP and DNS poisoning attack.

    What happens is the webpage will start to load and then it will stop as will all incoming packets, then, if the page suddenly becomes available it will load. About 2 minutes later the log will burst into a flurry of activity and all the IDS entries will be listed. CPU usage (dual core) rises to a steady 6% whilst this is happening.

    Looking in SysInternals tools from Microsoft, I notice that there are a few entries of buffer overflows from Tcpip\Linkage\Bind, which is from explorer, and when ekrn.exe queries some Windows drivers such as rapti.sys, usbstor.sys, mrxsmb.sys.

    Colin
     
  2. psychopomp1

    psychopomp1 Registered Member

    Joined:
    Aug 26, 2007
    Posts:
    34
    Location:
    Kent, UK
    Can i ask how/why you get v1045 of firewall, whereas i get v1044 and have no issues whatsoever with ESS v4?
     

    Attached Files:

    • eset.jpg
      eset.jpg
      File size:
      50.4 KB
      Views:
      403
  3. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    https://www.wilderssecurity.com/showthread.php?t=236335

    Until a better answer arrives: Verbiage below is Post 12 in above Thread from Miki69 as to how 1044 was achieved (ie)

     
  4. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    There are a whole caboodle of posts here by others having difficulty with v4. As an example I have no problem with v4 on my laptop running Vista SP1, but problems with the desktop machine running XPpro SP3.

    Module 1045 is an experimental module that Eset are trying out with some of us who have been having problems with 1044 etc.

    This morning even though there are many entries in the log file purporting to have blocked my outgoing (me: 192.168.5.101:1081,1083,1089 to 203.206.129.17/18:80 that might be an IP of some autoupdate address), the firewall had not been playing up so far.

    Interesting - I've just looked up that IP address - and it is an Internet Provider here in Australia - except it isn't mine!

    Colin
     
    Last edited: Mar 23, 2009
  5. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    I have just noticed a difference between my laptop and desktop installation. This might be a red herring but in Advanced Setup under Web Access Protection on my desktop I have:

    HTTP,HTTPS
    -> Address Management
    -> Web Browsers
    -> Active Mode

    On my laptop - I don't have the Web Browsers option, just the Address and Active mode.

    Now under Web Brosers Opera and IE7 are marked as Internet Browsers - so I'll try unticking them and see what happens.

    Colin
     
Thread Status:
Not open for further replies.