Protocol filtering interferes with Firewall

Discussion in 'ESET Smart Security v3 Beta Forum' started by MasterTB, Oct 5, 2007.

Thread Status:
Not open for further replies.
  1. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I've been seeing that the protocol filtering in the new V3 of the NOD32 antivirus intercepts the TCP calls for web browsers and mail clients redirecting them thru the loopback interface and doing the browsing by itself. What is bothering me is that it interferes with my firewall.
    Currently I'm using Kerio which has a web filtering capability to remove cookies and adverts, among other things, but since I swithced to V3, it hasn't been doing it's job, seems like the proxy in NOD is routing traffic in a non transparent way...
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,

    Yes, on a quick check I am seeing this problem, as from the point of Kerio filtering of cookies.

    I see from both NOD (RC) and Kerio 4.3, that both are making use of localhost for filtering. NOD on local 30606, Kerio on local 44334 (with many other redirects).
    Redirecting NOD to localhost proxy 44334, will cause (with default rules) kerio to be bypassed on its application filtering, but still, filtering of "cookies" is not done.
     
  3. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Yes, that's exactly what I thought was going on, only I'm no expert so I couldn't give that much detail:)

    On another note, the problem is being reflected on Comodo Firewall as well, the current Beta3 of the upcoming comodo V3 Firewall is conflicting with nod as well, so, from my side, I think installing ESS could be the best choice because if Kerio's filters are being bypassed I think I better have the firewall integrated in ESS and some third party HIPS in case I need it, does this make sense??
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We have implemented an option to the firewall that enables you to exclude certain applications from being routed via the local proxy when another firewall is used. Go to the Advanced setup -> Antivirus and antispyware protection -> Web access protection -> HTTP -> Web browsers and put a cross next to the desired application. In the Protocol filtering section, you can choose what traffic will be routed through the local proxy.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Option to the firewall? With respect, We are looking at the NOD AV (not ESS), with added 3rd party firewall.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I was talking about the web protection as such. You should have these options in EAV as well.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    So a need, basically, to disable web filtering with 3rd party firewalls is needed, for correct filtering of 3rd party firewalls?

    I know from my own preferance of firewalls, I do not need this interception of re-direct, as the drivers are below/intercept before NOD AV.
    Would this infer that web filtering is not in fact made by NOD with my setups on this?

    I know from the last implimentation (IMON~ installation) that NOD caused problems with 3rd party firewalls, it now looks like we will see problems due to this implimentation?
     
  8. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    So, in order to use my favourite firewall properly I have to criple the Webfilterint in the Upcoming NOD32?? is that what you are saying?? or will NOD still analize web traffic before the realtime filters??

    edit: I really don't like the AV acting like a proxi, IMHO the web filter in NOD32 shold scan traffic only after it has properly been allowed by a firewall, of course this is only if you are using the standalone version and not ESS, in which case the filtering is correct.
     
    Last edited: Oct 6, 2007
  9. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Hi Stern: how would you redirect the traffic in Kerio to ensure the web filtering?? if posible of course ... Thanks.
     
Thread Status:
Not open for further replies.