Sudden Comcast/ESET problem

Discussion in 'ESET Smart Security' started by Jacqui D, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. Jacqui D

    Jacqui D Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    31
    I have been experiencing problems with my email pop3 with Comcast for the last 3 weeks. As of yesterday, every time I click on a link or anything in Opera/Firefox/IE7 I get this ESET dialogue pop up. I already created a rule for about 30 of these things, but they still pop up all the time with different port addresses.

    Can someone please advise how I go about setting a custom rule to avoid all this. The remote computer address is always that 68.87.71.226. I don't want to open the gateway to allowing anything else in, I just want to surf without all these pop-ups.

    Thanks,

    Jacqui

    ESET SS 3.0.669 /Win XP-64

    comcast.jpg

    Edit: Latest pop-up nuisances:

    comcast1.jpg comcast2.jpg
     
    Last edited: Sep 30, 2008
  2. ASpace

    ASpace Guest

    Helllo!

    First of all I hope you have clicked "Deny"


    It is very simple to do . There are ways I can think of to achieve that.

    FIRST way:

    When you get that pop-up again , simply click on "Show advanced options".
    The click "Custom rule" button . Then you can edit the rule so that it is very precise. Uncheck everything but Remote computer 68.87.71.226 (uncheck Application , uncheck Remote port , uncheck Local port).

    Then , check "Remember action (create rule). Press "Deny" button and you are READY ! :thumb:

    This way you have created a rule to always block ANY kind of traffic coming from that IP address 68.87.71.226.


    SECOND way:

    Open the user interface (GUI) . Enter the Advanced Setup Tree (F5)

    Navigate to Personal Firewall -> IDS and Advanced options
    Make sure all services are allowed (a.k.a 5 options) and make sure all type of ID attacks are checked

    Then, open Personal firewall > Rules and zones > Zone and rule setup
    Choose "Toggle detailed view of all riles" (if already not set to this)

    Start creating new rule (use the button called "New")


    Name : your choice
    Direction : In
    Action : Both
    Protocol : TCP & UDP

    Additional action:
    check Log


    In Local tab - do not touch here .
    In Remote choose - here click on "Add address" and enter just the IP address or the IP range of the machine(s) which you want to block , such the the Comcast one 68.87.71.226 .

    Confirm with OK . Press "Apply" . Try again.
     
  3. Jacqui D

    Jacqui D Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    31
    Thank you for your reply. I have about 80 or so new rules to "allow" this connection from Comcast which is my ISP. It appears to be a benign and legitimate connection especially since I have been experiencing some weird issues with Comcast lately. Won't blocking Comcast simply disable net access for me?

    Again, thanks for your help.

    Jacqui
     
  4. ASpace

    ASpace Guest

    I am clearly not an expert but you say it happens only when you click on a link . You use XP .

    In my opinion it is NOT normal to have such incoming connections to Microsoft's svchost.exe . I might be wrong but it looks strange to me.
     
  5. ASpace

    ASpace Guest

    I would experiment . First , create that rule to block ALL the communication from that IP and see how will the things be then . If there are major connect issues , then you can easily remove that rule.
     
  6. Jacqui D

    Jacqui D Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    31
    Thanks for your help. I have chosen to implement your SECOND option with those two IP addresses and I have amended my setting to incorporate your recommendations.

    I am going to run a manual scan now and see what turns up.

    Many thanks for your help and advice.

    Jacqui
     
  7. ASpace

    ASpace Guest

    Just for second opinion , you could also run the Microsoft Live scanner (link in my signature) - requires IE to run.
     
  8. Jacqui D

    Jacqui D Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    31
    I ran a ESET in-depth scan and nothing turned up. Upon further investigation of the log files for the new rules I have attached a screenshot and it would appear that this is happening for every event that occurs over the web. The latest additions to the log are for Outlook accessing my email and Adobe Lightroom doing its automatic updates.

    With the rate at which these events are occurring and the amount of local ports - my log is going to be huge in short order. Since this came on suddenly yesterday, do you think it could be an ESET issue? I've had rules since I installed ESET and it is funny that those rules are still there, but these events keep happening every time I do anything, multiples of times.

    Any more insight / advice? uninstall/reinstall? :doubt:

    comcast3.jpg
     
  9. ASpace

    ASpace Guest


    You can disable logging all blocked connections from Advanced Setup tree -> Personal firewall -> IDS



    I really have no idea here . But everything is possible :)


    I am sure ESET could help you more . Open ESS's user interface , goto "Help and support" and click on "Customer Care support request ... (recommended)"

    Follow the instructions to contact them
     
Thread Status:
Not open for further replies.