Problem with firewall

Discussion in 'ESET Smart Security' started by Player12, Oct 29, 2011.

Thread Status:
Not open for further replies.
  1. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    Firewall is blocking battlog website and saying 29.10.2011. 11:36:58 Detected covert channel exploit in ICMP packet 192.168.1.26 209.222.31.24 ICMP i cant play the game to i need to disable everytime firewall when i go play battlefield 3 or what becouse when i disable firewall game works fine but with firewall i cant is there somehow i can add the adress so firewall ignore that website ?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    Can you just tell me what i have to do where i have to go i dont know where is trused zone and how to add that ip to trused list :'(
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  5. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    i got 5 not 4 version :(
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  7. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    every time when i click refresh list a new ip adress is blocked its not a computer its a website ! how can i add a website battlog.com to my firewall so he stop blocking new connections from that website :doubt:
     
  8. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  10. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
  11. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 46.249.40.152 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 85.236.100.83 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 85.14.233.65 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 85.236.100.73 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 85.114.155.173 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 173.199.64.160 ICMP
    29.10.2011. 22:38:57 Detected covert channel exploit in ICMP packet 192.168.1.26 91.121.46.22 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 46.253.195.75 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 194.153.116.145 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 85.14.233.83 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 88.198.22.44 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 91.198.152.3 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 81.19.216.19 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 188.126.64.15 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 194.153.116.166 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 95.141.41.143 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 85.114.156.116 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 31.193.138.132 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 85.14.233.140 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 46.249.40.64 ICMP
    29.10.2011. 22:38:56 Detected covert channel exploit in ICMP packet 192.168.1.26 85.236.100.33 ICMP
    29.10.2011. 22:36:47 Detected covert channel exploit in ICMP packet 192.168.1.26 31.204.132.61 ICMP
    29.10.2011. 22:36:47 Detected covert channel exploit in ICMP packet 192.168.1.26 85.14.234.192 ICMP
    29.10.2011. 22:36:47 Detected covert channel exploit in ICMP packet 192.168.1.26 62.21.98.155 ICMP
    29.10.2011. 22:36:46 Detected covert channel exploit in ICMP packet 192.168.1.26 85.236.100.67 ICMP
    29.10.2011. 22:36:46 Detected covert channel exploit in ICMP packet 192.168.1.26 85.114.155.173 ICMP
    29.10.2011. 22:36:46 Detected covert channel exploit in ICMP packet 192.168.1.26 91.121.46.22 ICMP
    29.10.2011. 22:36:46 Detected covert channel exploit in ICMP packet 192.168.1.26 194.153.116.145 ICMP
     
  12. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    thats the log what hapens it keeps blocking some packets :thumbd: :thumbd:
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    try
    Setup->Personal Firewall->IDS and Advanced Options->uncheck Covert data in ICMP protocol detection

    try enabling pre-release update too in case the issue is fixed as disabling the above is classed as not "safe"
     
    Last edited: Oct 29, 2011
  14. Player12

    Player12 Registered Member

    Joined:
    Feb 24, 2011
    Posts:
    13
    Well its safe website it should no block it i need that website to run the game now it works i did what u told me but my protection is not maximum when i disabled that thing :/
     
  15. ViRuS2k

    ViRuS2k Registered Member

    Joined:
    Oct 31, 2011
    Posts:
    1
    I registed on these forums to provide a fix for the issue you are having.

    -----------------------------------------------
    This will also fix your battle log ping viewer aswell.
    -----------------------------------------------

    Instructions :

    Thanks for the help guys, Managed to fix the problem though for anyone else that needs the fix for ESET v5.0

    SETUP
    ENTER ADVANCED SETUP
    NETWORK/PERSONAL FIREWALL
    IDS & ADVANCED OPTIONS/
    PACKET INSPECTION/

    Untick : Convert data in icmp protocall detection.

    Press ok then ok again and close ESET ....

    Close your IE or what ever you use for battle log and reopen and log back in and you should noticed your pings are viewable now and not greyed out.


    :argh: :argh:
     
  16. Marc05

    Marc05 Registered Member

    Joined:
    Oct 31, 2011
    Posts:
    8
    I never knew about ICMP packets until now, and after a bit of research on it, I wish I didn't have to disable this feature in ESET. Unfortunately, I don't think there is any practical alternative.
     
  17. DuncanIdahoTPF

    DuncanIdahoTPF Registered Member

    Joined:
    Nov 8, 2011
    Posts:
    2
    Location:
    Phoenix, AZ
    A more simple solution / less detrimental to security is to just uncheck the ICMP Packet sub-checkmark.

    Can we get an actual fix for the firewall, especially since they added a "Gaming Mode" feature to Eset 5.0 which seems to be useless so far? Your solution contains a great deal of reductive logic (you may as well just disable your firewall if you are going to uncheck that full set of stuff). The IP blocked is totally dynamic (its pinging the server directly), so this requires a direct fix from Eset.
     
  18. VidKo

    VidKo Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    41
    Location:
    Slovenia
    I would also like a real solution!
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The problem is in the game itself as it exploits ICMP to transmit some hidden data which is subsequently detected correctly by ESS firewall. We'll exclude BatlleField from detection of the covert channel exploit in the next build of the firewall module (probably 1074). In the mean time, you can disable the detection of covert data in IMCP or add the appropriate IP addresses to the list of addresses excluded from active protection (IDS) in the zone setup.
     
Thread Status:
Not open for further replies.