v4 IDS killing internet connection

Discussion in 'ESET Smart Security' started by SEMEYE, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. SEMEYE

    SEMEYE Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    11
    I've been testing Smart Security 4 for a couple days now in preparation of a deployment on our company network. So far, I've had very strange issues with the Firewall. In order to get even a volatile internet connection (in automatic mode) I've had to tune it quite a bit as well as look at the logs to try and get an idea as to why my connection drops all of a sudden. Before any tuning, I was completely blocked from all internet access on any port/program.

    According to the logs, my last outage was:

    "Packet blocked by active defense (IDS)"
    Source: 65.175.38.194:80 (which is Wilders IP btw)
    Target: my private IP
    Protocol: TCP

    During that outage, all internet connected programs were disconnected.

    So far, I've made the following changes which have improved my connection but I still get random disconnects:

    Disabled ARP and DNS poisoning detection
    Enabled allow UPNP in trusted zone
    Enabled maintain inactive TCP connections
    Switched to "Applications marked..." for protocol filtering.

    So, any idea why the IDS drops my connection? Obviously, disabling the firewall works like a champ, but that's not an option.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Is your network configured to "allow sharing" or "strict protection"? Does changing it make a difference?
     
  3. SEMEYE

    SEMEYE Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    11
    It's configured to allow sharing. it doesn't appear that changing to strict makes a difference, other than my shares are no longer accessible.
     
  4. ingber

    ingber Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    39
    We're having the same problems, right after upgrading from v3 and installing v4 on two Thinkpads under XP Pro SP3. However, I see no entries in the logs.

    Lester
     
  5. Forellenblau

    Forellenblau Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    111
    Location:
    Germany
    Same here, i switched back to V3...

    Internet connections were down every half hour, Firefox couln't find any site anymore.

    I had to wait a couple of minutes and then Internet was back - for the next 30 minutes...

    Not good!

    Forellenblau
     
  6. ingber

    ingber Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    39
    Yes, that is the same problem we're having. The Logs are set to include all info, but nothing shows there. Clearly, this is an ESET software problem, and I hope they are faster to fix this than they have addressed some other problems last year -- or else the competition will gain customers.

    When I disable the firewall from the tray, "by magic" I can get into google.com!


    Lester
     
    Last edited: Mar 4, 2009
  7. alexkamp

    alexkamp Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    4
    Same Probleme here. I hope ESET is working in a update. After updating from 3 to 4 - only problems. It seems that ESS works *sometimes* - sometimes not.
     
  8. Uroboros

    Uroboros Registered Member

    Joined:
    Nov 9, 2003
    Posts:
    70
    Having similar problem as well. Vista Business 32.

    I installed version 4 and all was fine as it was able to update itself. But eventually I lost Internet connection. Was stuck with just a local connection. Not sure what happen but perhaps it received something it didn't like and it killed the connection. This happen the 2-3 times I installed it

    I'm behind a router. repairing the connection from Vista didn't help as it seemed not to get any data from the DNS server.

    I remember having a similar problem way back when it another Firewall where it would crash or something and suddenly I had no connection.

    Back to version 3 for now.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could someone of you having these issues create 2 Wireshark logs with the http communication captured, one with the firewall enabled when the communication is blocked and the other with the fw disabled?
     
  10. silverfox55

    silverfox55 Registered Member

    Joined:
    Apr 28, 2008
    Posts:
    97
    Location:
    The Original Washington
    V4 is crippling my internet in Vista. Firefox or Opera continually time out and when they do it is very much slower. Gone back to Ver3 until I see some positive movement on a fix. How did this not show up on testing is beyond me.
    :thumbd:
     
  11. alexkamp

    alexkamp Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    4
    I can't - sorry. Don't have a clue how to use Wireshark.
     
  12. ingber

    ingber Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    39
    Marcos:

    I have a better idea: Since enough people have demonstrated there is a problem with v4, why don't you directly contact support and have them escalate this really annoying problem with the software! I've submitted a ticket, but in the past that can take weeks for them to address. I think the moderators in this forum that know the people in support should be more active to do this ASAP.

    Lester
     
  13. SEMEYE

    SEMEYE Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    11
    i'll start a capture and post in a bit.
     
  14. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    I'm haveing the same problem and its most annoying - to put it nicely.

    This should not be happening, as posted above why was it not found in testing. ?
     
  15. pomocnik

    pomocnik Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    29
    same problem here :-(. in beta no problem of that kind. i wait today and maybe return to v3
     
    Last edited: Mar 6, 2009
  16. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Hi, does this problem happen on every site and randomly?
    Did any of you having problems enable the option to check SSL protocol?
    @SEMEYE you said "automatic mode" have you tried Learning Mode or Automatic With Rules? they are good alternatives and perhaps seeing the rules created by the firewall can give you a clue as to what is causing this problem you experience...
     
  17. alexkamp

    alexkamp Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    4
    I made a clean,fresh installation of Win XP Pro with SP3 and Eset Smart Security 4. Still the same problems. I thought that it would only happen after an update from version 3 to 4. And to be honest i'm very pissed because there's no statement from Eset. Many users have this problem and the software -in this state- is unusable. I work in my home office and i'm rely on the software.

    alex
     
  18. silverfox55

    silverfox55 Registered Member

    Joined:
    Apr 28, 2008
    Posts:
    97
    Location:
    The Original Washington
    On my setup it is set to automatic mode. I am not into firewalls and have not seen any decent/well written and easy documentation on setting up rules. I expect a firewall to work out of the packet. Also it happened on every site I visited. Ver3 works, Ver4 does not. I am at a loss to understand why ESET is asking for field information from users and they are unable to recreate this on there test equipment. There testing methodology is in dire need of rewriting if they cannot pick these problems up. Continually denying that the problem exists is going to force a lot of customers away and ESET loose it's fame as an excellent product. Burying one's head in the sand will not make the problem go away and never has or will do.
    o_O
     
  19. KOKOtm

    KOKOtm Registered Member

    Joined:
    Oct 15, 2007
    Posts:
    25
    Same for me. After some time the firewall blocks all internect access. Was a fresh installation. If i disable IDS(all options), the connection is back again. I think one of the IDS options have a bug...hope it will be found soon.
     
  20. pomocnik

    pomocnik Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    29
    hmmm today at 11:21:25 were updated some program modules. after that i enabed again firewall and actually firewall is on and my internet connection is up and running.

    i saw info about update in pop-up menu and after that i found it in logs too.
    updated modules with today date:
    system diagnostic module
    antivirus and antispyware module

    edit: 13:59 lost connection again :-(
     
    Last edited: Mar 6, 2009
  21. SEMEYE

    SEMEYE Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    11
    Yes, im actually running Auto w/ Rules now and its a lot better then a couple days ago. i ran capture after capture with wireshark yesterday in an attempt to catch a failure, but it never happened. so my question is, when you make a settings change to the firewall, whether it be a rule or zone entry, IDS change, or anything like that, does SS have to be restarted in order to reflect that change? it's possible that all of my changes throughout the day would have worked but they weren't applied until yesterday when i booted up.

    at this point, i'm going to export my config, add it to my base package, and test it out on a few more machines. i'll let you know how it goes.
     
  22. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Well SEMEYE, to my knowledge, changes are immediate but if you're having troubles, rebooting after making considerable changes to the Firewall Rules may be a good move.
    Glad to see things are improving.
     
  23. RonZ

    RonZ Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    13
    I have ESET Smart Security installed on 3 computers, 2 are laptops that connect to my DSL router via wireless and the other is a desktop connected via ethernet to the router. I upgraded the 2 laptops to version 4 and experienced no problems at all. They are working very well actually. When I upgraded the desktop it had all of the problems mentioned in this thread. The 2 laptops continue to work properly. My installations are all custom, and I use the settings described elsewhere. I use the "interactive" setting. All of the computers are running Windows XP SP3. I finally returned to version 3 on the desktop and it is working fine again. Those of you who are having problems, are you using a wireless or wired connection?
     
  24. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    Damn.. whats that for a crap....?

    This bug with the firewall was already in the first beta.. and in the RC as well.

    And now in the final version its still the same ??

    :ouch: I wont extend my license if this BIG error is not gonna be fixed very soon.

    Only work with deinstalling and new installing version 3.

    Thanks alot !!!

    Edit:
    i am using wire connection!

    But thats not really important.
    Firewall HAS to work when it is a final version.
    The firewall is a essential function in a security suite and thats what I am paying money for too !!!!
     
  25. SEMEYE

    SEMEYE Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    11
    Well, I exported my configuration, pushed it out to another machine and I get the same result- dead internet connection every 20 minutes or so.

    I had the user run a wireshark capture during the time he lost and then tried to reestablish a connection, but I don't see anything out of the ordinary in the capture file.

    I have a question about the item installed under the network card properties labeled "ESET Personal Firewall." It seems when I disable, or uncheck this item, my problems disappear, yet the SS dashboard reports that the firewall is still on and enabled. I also still receive firewall warnings in the admin console so it's seemingly still doing its job, so what is that network card component actually doing? Is it required for the firewall to function properly? And I say properly very loosely in this case because it seems that this component is causing a lot of connectivity issues. Can someone else with similar issues confirm that unchecking this component works for them ?
     
Thread Status:
Not open for further replies.