questions

Discussion in 'ESET Smart Security' started by plassenopdestoep, Oct 20, 2009.

Thread Status:
Not open for further replies.
  1. plassenopdestoep

    plassenopdestoep Registered Member

    Joined:
    Oct 19, 2009
    Posts:
    10
    Hi I have quite some questions about ESS (I have Vista HP SP2 32bits)

    First I'd like to know about some outbound requests for svchost.exe after computer start-up

    It wants to connect to 4 things, does anyone one exactly what for?
    1. IP:24.0.0.252
    Remote port: 5355 (llmnr)
    Local port: 52078

    2. IP:239.255.255.250
    Remote port: 3072 (3072)
    Local port: 49152

    3. IP:FF02::C
    Remote port: 3072
    Local port: 49153

    4. IP:208.111.170.97 cds833.ord.llnw.net
    Remote port: 80 (HTTP)
    Local port: 49169

    llnw.net leads to some corporation, which is weird, because if I don't allow it, windows update won't work.


    Second question:
    When checking common ports with ShieldsUP! at grc.com it replies to a Ping (ICMP Echo) request:
    "
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

    Can't find an option in firewall to turn it off, how can I stop replying to Ping (ICMP Echo) request?


    Third Question:
    When scheduling a start-up scan there are 7 scan levels to choose from:
    1. Files run before user logon
    2. Files run after user logon
    3. Only the most frequently used files
    4. Frequently used files
    5. Commonly used files
    6. Rarely used files
    7. All registered files

    Does one scan level also scan the lower levels, so if I choose Only the most frequently used files does it also scan Files run before and after user logon etc.?



    Fourth Question:
    I have four pc's with ESS installed(3 Vista, 1 XP.) At 2 of the Vista pc's sometimes Vista Security center reports that firewall or av is off, while Eset reports everything is OK,, if I then disable firewall or av trough Eset, and then enable it again trough Eset, the MS sec. center reports everything is allright. One of these pc's is using ESS 4.0.417, the other 4.0.467. What's the problem? The one with .467 had an older version before, and after installing .467 the firewall was really disabled and reported corrupt, and after uninstalling .467 properly as instructed on Eset website, then installing .467 again, and everything was ok. But this is different because Eset is fine now, windows is just acting weird.
     
  2. plassenopdestoep

    plassenopdestoep Registered Member

    Joined:
    Oct 19, 2009
    Posts:
    10
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, as for Link Local Multicast Name Resolution (llmnr), enable pre-release updates in the update setup so that a newer firewall module with Windows 7 support is downloaded and installed

    2, couldn't it be that you're behind a router which responds to ping ?

    3, if you choose to scan most frequently used files, files run before and after user logon should be scanned if you (re)start the computer frequently and thus the files are started frequently, too.
     
  4. plassenopdestoep

    plassenopdestoep Registered Member

    Joined:
    Oct 19, 2009
    Posts:
    10
    1 I have vista, not w7, so would that help?
    Do you know what the other connections are for?

    2 Yes, I'm behind a router, so that could be it.

    3 So technically a higher level doesn't automatically mean it also scans the subsequent levels? The question with frequently used files was just an example, the question was actually in general, about every level.

    4 Any idea?
     
  5. plassenopdestoep

    plassenopdestoep Registered Member

    Joined:
    Oct 19, 2009
    Posts:
    10
    another bump
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    A couple of off topic posts removed. Please use the Personal Message feature of the forums for personal conversations.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    To answer your question about LLMNR and the ESET Personal Firewall module, enabling pre-release updates will help with this issue under Microsoft Windows Vista.

    Regards,

    Aryeh Goretsky
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As for the problem reporting status through MSC, follow these instructions to reset the WMI repository.
     
Thread Status:
Not open for further replies.