nickster_uk

First off, really not happy at spending the last few hours of my life battling a BSOD situation by trying to update EIS to the latest version using the official method. I've clicked 'not now' to update for a few weeks now as everything was running just fine with the version of EIS that I had installed, but tonight I thought, 'why not? The lovely people at ESET have no doubt put a lot of time and energy into their latest version, so what's the worst that can happen?'. A wise question in hindsight, and one, judging by other forum posts in recent history, has been asked by others in the forum. I clicked on the option to update and everything seemed to go without a fuss, then I was prompted to reboot to complete the procedure. No probs. So, I rebooted and swiftly got a 0x7B INACCESSIBLE_BOOT_DEVICE BSOD. Lovely stuff. It must be one of those erroneous BSODs where a perfectly functioning system has a brainfart, so I reboot again and same thing happened again...and again. Marvellous. I tried Safe Mode and still got the 0x7B error. Praise be. I run a dual boot system, so then decided to boot into XP (I know, but I only use it for diagnostics and stuff). I then tried loading the system registry hive from the Windows 7 installation and manually cleaned out any leftover service entries and driver files, which there seemed to be a few. And yes I backed up any I deleted. Downloaded the ESET uninstaller tool just in case too. Reboot again, still no joy. As I didn't have any recent back images which I could restore from (rookie error), the only option left was last known good config which thankfully worked. I then had to spent a considerable time reinstalling drivers and getting programs to work again, but at least I could get pornhub, I mean my desktop up again! Boom. Drops mic. Come on ESET...what was that all about? A cursory Google search finds quite a few other users who had the same issue when trying to update their ESET products. I'm sure there's a lesson in here about taking regular backups, but still....it's still a bit lame ESET. Thanks

I have noticed a weird problem with EIS that has happened about 3 times since I installed it. Sometimes after booting and loading Windows, I launch Firefox, but nothing happens. It appears in the Task Manager but no firewall notification appears and it doesn't load. I close the process in TM, try again and the same happens. I even try to launch IE and same again...no notification and no gui of the browser. If I disable the firewall module and launch FF or IE, it starts up without a problem and I can browse without a problem. When this has happened, I have tried logging off and back on but that doesn't fix it. The only way around it is to restart the computer and then things go back to normal. I've checked the firewall log when it happens and there doesn't appear to be anything in there that relates to it. Has anyone else noticed this? It's rather annoying, but thankfully doesn't seem to happen very often.

Thanks Marcos. I may uninstall, reinstall v8 and then upgrade again as the rules configuration is doing my head in.

Not long upgraded from ESS v8.0.312.0...old version I know, but it worked really well for me. I updated as I've had a couple of BSODs which identified an ESET driver as the most likely cause. Anyway, I clean installed EIS v10.1.204.0. The program itself runs well enough but I've noticed a few annoyances with it. First off the GUI. It looks ok at first glance but when going through the options, it becomes a little messy. In Tools, why not just show all the options instead of getting users to click on 'More tools'? Then in the advanced setup, why the need to show the number of items changed from default? It looks . Also, after importing my carefully saved list of rules, they now appear in a random order and it takes ages to find the rule I'm looking for in order to edit. Finally, why is it no longer possible to pause live protection from the right click menu of the notification try icon? It's still possible to pause the firewall, but not anti-virus protection. Just seems a little daft.

Thanks for the reply and advice itman. There was nothing relevant in the audit failure section. There is frequent logged entries in the ESET log, but it doesn't really show any more information than I already know. Here's a typical entry: Communication denied by rule [fe80::52c7:bfff:fe06:9982]:56278 [fe80::a19a:b3ef:xxxx:xxxx]:546 UDP IPv6 Test Rule C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE The address in bold is the one I'm trying to identify. The other address is the network adapter. The mac address of my router's LAN port is: 50:C7:BF:06:99:82 The bolded parts are present in the IPv6 address. Is there a link there or am I clutching at straws? There is no IPv6 address in the LAN settings of the router so that's another puzzling aspect.

For the past few days, I've been getting regular incoming traffic firewall notifications/prompts. The address is IPv6 and has a FE80 local-link prefix but I can't work out what device it is coming from. I've checked all the devices on the network and none use the address. I'm thinking that perhaps the router may be the source but again, I can't find the address anywhere in the router, although there is similarities with some of the address and the router MAC address. Is there any way I can find out where the traffic is originating from? Thanks for any help

Hi.. I've experienced 3 0xa BSODs in the last few days. All of them reference ESS drivers/processes as well as netio.sys. I was using v6.0.316.0 but have updated to the latest version (8.0.312.0) and the BSODs have continued. I've attached some dump files. If you need any more information, please let me know. Thanks. Minidump.rar

I've been having some issues charging devices via USB so as part of the troubleshooting process, I decided to uninstall the USB controllers and root hubs in the device manager. After restarting Windows, I was hit with loads of firewall prompts which I thought was a bit weird. After checking the firewall settings I was shocking to discover all my rules and zones had disappeared, leaving only the default rules present. All other advanced setup settings which I had configured were ok. Is there any way I can get these rules back please? I spent many hours configuring application and home network access and I'm a little peeved at the prospect of doing much of it again. I had a backup of the rules but that backup was exported about a year ago and I have made quite a few changes since then. I suppose I could use that as a base to work from but ideally, I'd like the lost rules back. Thanks for any help. Windows 7 x64 Ultimate SP1 - ESS v6.0.316.0 (I know it's an old version but I kinda prefer it to newer builds).

I don't negotiate with terrorists...cyber or otherwise. Stand firm and unite against them. If we change our passwords, they win

Thanks for the reply Aryeh. I appreciate that things like OneDrive will generate traffic back to MS and that is to be expected. Also, after linking a MS account with your profile, that will no doubt generate more for other processes such as User Account Control Panel Host (UserAccountBroker.exe) and WSHost.exe. This doesn't particularly bother me too much although I am slightly concerned with any privacy issues with the data being sent to MS. Then there's the very regular connections back to my ISP through most of the processes listed in my first post. After some tracking with Wireshark, the svchost connections seem to be crl related but it doesn't explain the other processes connections. At the end of the day, I'm aware where this traffic is going, or attempting to go which is good. They're all legitimate businesses of which I use services through so the traffic itself isn't a surprise, it's just the amount of it and the number of processes making the connections which is somewhat surprising.

Thanks for the reply CaJazzman. I think your view about those who are worried about such traffic have something to hide is a little blinkered. There are serious privacy issues involved in using the internet and companies regularly sell on personal and private data for advertising or marketing purposes. There's also ongoing issues with Heartbleed which has affected CDNs such as Akamai, EdgeCast and Verizon, all of whom are used by Microsoft. I'm just asking for a little clarity or advice on safer browsing. I also tend to let most, if not all MS traffic go through. I did restrict a few apps and services originally but I found that Metro apps failed to update. I am a little curious as to why a few processes seem to want to connect to my ISP. Perhaps, some of that is location related services which is fine if you're using apps that require that kind of access. However, most of the processes I listed in my first post will initiate connections to my ISP as well as Edgecast and Akamai. Also, as asked in my first post; If the firewall was in automatic mode, how much of this traffic would it be letting through?

Just went for 1 year renewal in the end.

I've also been getting quite a few 'block incoming/outgoing multicast dns requests' in the log too even though I have added the addresses to the trusted zone and the option to allow multicast translation in the trusted zone is enabled. It got me thinking... Would it be safe to disable block incoming/outgoing multicast dns requests in rules? I connect from behind a router so externally port 5355 is hidden. If the firewall is in interactive mode, this should surely just generate a prompt anyway?

I'm not sure why but when I first read your post, I didn't read it correctly. I thought you were jokingly suggesting 2 years for the price of 3, hence my saracastic response. Apologies. Are you an official ESET reseller? I qualify for a decent enough discount to renew. £27.94 for one year, £50.33 for 2 years and £67.90 for 3. The one year renewal discount is great but the other two aren't quite as attractive which is why I'm wondering if there's a 2 for 1 deal available anywhere online.

Can someone please explain why I'm seeing the following entry logged in ESS please? 26/04/2014 00:42:14 Communication denied by rule 192.168.0.5:137 192.168.0.255:137 UDP Block NETBIOS Name Service requests C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE I see multiple entries after every reboot. I have added my local subnet to the TZ but that hasn't helped. Thanks for any advice.

Sounds tempting. Throw in a couple of dead batteries and I'll forward my card details

My license expires in 7 days and I was wondering if the good folk at ESET have any '2 years for the price of 1' deals going at the moment please?

Bump... I really thought this question would prompt some replies.

Since installing Windows 8.1, I have been absolutely stunned with the amount of outgoing traffic to Microsoft. It really is astonishing. I was wondering if ESET or any other users on here have any advice on what to block and whether it has any consequences in the day to day running of the system please? So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) I appreciate that some traffic will be related to updating background apps and live tiles etc but I have opted out of the ceip and disabled checking for updates for Windows and drivers so I'm a little unsure on what a lot of this traffic is all about. There's also a lot of connections to Akamai, CloudFlare and Edgecast CDNs. In light of the ongoing heartbleed attacks, I'm a little uneasy about the traffic so any advice or suggestions would be good. Plus many of the processes above will call home to my ISP too. If the firewall was in automatic mode, how much of this traffic would it be letting through? Thanks.

I got excited for a second. I added the rule and Google popped up on the child account..... Then I remembered that I left the firewall in automatic mode with rules! I switched it back to interactive and it's still the same as before So to confirm, IE works on the child accounts when ESS is set to automatic mode with exceptions, automatic or disabled but fails to work in other modes when Family Safety is enabled on the account...with or without the rule you suggested. Gonna call it a night now but I really appreciate the help so far.

I'm using Windows 8.1 Professional. Have attached the logs required by Marcos in previous post.

Same problem on v7. As soon as monitoring is disabled, IE access is returned as normal. I'm sure this would be very easy to reproduce. Is anyone else able to confirm whether they have been able to get the same results please? Attached firewall log. FirewallLog.zip

Thanks Marcos...that brings me to another point. Most ESET logs are empty. Only the Events log has any entries.

Thanks. Was just about to give v7.0.302.26 a try. I have been using v6.0.316.0 until now so perhaps v7 will help.

IE on the other child account started getting blocked so as a test I decided to change the child accounts to standard accounts which also removes them from Family Safety filtering and things start to work straight away! It's just incredibly strange that ESET is involved in the blocking process for Family Safety/child accounts. Any ideas please?