Jump to content

Eset Ss 7.0.317.4 And 8.0.103.0 Blocking Access To Asus Rt-Ac66U Router


Recommended Posts

Asus RT-AC66U firmware 3.0.0.4.376.1123 (latest official firmware)

 

Eset SS 7.0.317.4

Virus signature database: 10229 (20140809)
Rapid Response module: 4544 (20140809)
Update module: 1051 (20140409)
Antivirus and antispyware scanner module: 1434 (20140729)
Advanced heuristics module: 1152 (20140724)
Archive support module: 1206 (20140702)
Cleaner module: 1098 (20140801)
Anti-Stealth support module: 1060 (20140514)
Personal firewall module: 1220 (20140709)
Antispam module: 1027 (20131119)
ESET SysInspector module: 1241 (20140410)
Real-time file system protection module: 1007 (20111129)
Translation support module: 1232 (20140624)
HIPS support module: 1138 (20140709)
Internet protection module: 1138 (20140711)
Web content filter module: 1028 (20121113)
Advanced antispam module: 1807 (20140808)
Database module: 1058 (20140319)

 

Using Automatic firewall setting

 

Windows 8.1 Pro x64

 

Access is timing out to asusnetwork.net (or the router's internal IP) for router's web access.

Firefox, IE, Chrome . . . doesn't matter. Neverending cycling attempt by browser to access

router.

 

 

Eset 6 worked fine.

 

Tried adding router IP to IDS exception. Doesn't help.

 

This may be related: https://forum.eset.com/topic/569-eset-nod32-antivirus-and-eset-smart-security-70104-beta-released/#entry2888

Edited by Webslinger
Link to post
Share on other sites
Does disabling firewall via gui actually make a difference?

 

Sometimes, but it's erratic.

 

I'm erasing broswer cache each time to ensure the cache isn't affecting testing results.

Edited by Webslinger
Link to post
Share on other sites

I'm seeing this a lot in my Eset logs, but I have no clue if this is what's causing the problem:

 

2013-10-17 1:36:14 PM    Communication denied by rule    172.30.1.1:34961    239.255.255.250:1900    UDP    Block incoming SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
2013-10-17 1:35:59 PM    No application listening on the port    172.30.1.1:80    172.30.1.2:51807    TCP          

 

172.30.1.1 is the router

 

172.30.1.2 is the local computer initiating the request over the browser

Link to post
Share on other sites
  • Administrators

Make sure that the IP address 172.30.1.1 is in the Trusted zone. Then check IDS settings in the advanced firewall setup and make sure that UPnP is allowed for system services in the Trusted zone (enabled by default). If turning off the firewall doesn't resolve the issue at all times, try disabling application protocol filtering in the advanced setup.

Let us know about your findings.

Link to post
Share on other sites

The router is in the trusted zone. UPNP is not allowed for system services in the Trusted Zone by default. You can check this yourself by clicking the "default" button. The checkmark will disappear.

 

Anyway, I enabled it.

 

Doesn't really seem to help. On rare occasions I can suddenly access the router.

 

I have no clue where application protocol filtering is located in advanced setup.

Edited by Webslinger
Link to post
Share on other sites

Does disabling firewall via gui actually make a difference?

 

 

Actually, I don't think it does. I just dropped it again, and this time that didn't make a difference at all.

This issue almost appears random, so it's hard to pinpoint. But it happened right after I uninstalled 6 and installed 7.

Link to post
Share on other sites

Hello,

 

I would just like to chime in and say that I am experiencing something familiar. I am using a NETGEAR 3700 router, and after upgrading to Nod32 v7 yesterday, the router configuration page (routerlogin.net) quite often hangs at "transferring data from..." and I have to repeatedly click the option in the interface I want. I get into the interface, but it keeps stalling like described above with Nod32 v7 installed. Note that I am using Nod32, the standalone AV, not ESS, but it still happens, so it can't be the firewall. Just disabling any or all parts of the protection doesn't help. Uninstalling, however, does. Once I uninstalled v7 and reverted back to the earlier version - *poof* here too - works perfectly fine here too. I was quite convinced my router was dying until I thought of uninstalling Nod32 v7 for testing purposes. And it worked, it definitely was the culprit.

Edited by King Grub
Link to post
Share on other sites
  • Administrators

If disabling protection modules, protocol filtering and HIPS / self-defense (followed by a computer restart) doesn't make any difference, try renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, and then try to reproduce the issue. Let us know about your findings.

Link to post
Share on other sites
  • 3 weeks later...

Bottom line is default Eset SS settings on 3 different systems doesn't let me access an RT-AC66U through its web interface with Eset SS 7, whereas Eset SS 6 on default settings does.

 

I suggest this is a serious problem

 

 

 

If disabling protection modules, protocol filtering and HIPS / self-defense (followed by a computer restart) doesn't make any difference

 

This doesn't make any difference.

Edited by Webslinger
Link to post
Share on other sites

try renaming C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys in safe mode, one at a time, and then try to reproduce the issue. Let us know about your findings.

 

This also doesn't make any difference.

 

Renaming the first file kills real-time system file protection. Renaming the other file kills HIPS.

 

No change.

 

You may be able to access the router briefly for 10 seconds, if you're extremely lucky, but afterwards, you get constant timeouts.

 

I think it's time for Eset to get one of these routers in and do some testing.

Edited by Webslinger
Link to post
Share on other sites

I noticed some reports similar that after installing ESET their drivers for network adapters are broken or corrupted.

My suggest for testing would be to go to device manager after install, and unable to access router, and delete the network adapters and drivers/software, then reboot your machine.

Let windows reinstall, or install your drivers from latest off vendor site and see if it corrects the issue ?

 

Just a suggestion :)

Link to post
Share on other sites

I noticed some reports similar that after installing ESET their drivers for network adapters are broken or corrupted.

My suggest for testing would be to go to device manager after install, and unable to access router, and delete the network adapters and drivers/software, then reboot your machine.

Let windows reinstall, or install your drivers from latest off vendor site and see if it corrects the issue ?

 

Just a suggestion :)

 

 

Uninstalling and reinstalling network drivers makes no difference.

 

More importantly, this issue is occurring across every single computer I've tested on. Uninstalling Eset 7 and downgrading to Eset 6 fixes the problem. Every single time

 

Also, I should note all systems are using Windows 8.1 Pro x64.

 

Also using an Asus USB-AC53 wireless adapter (but I've used other wireless adapters).

 

Lastly, I've asked a network admin (somewhere else) if he can reproduce the issue. He has (with another Asus RT-AC66U).

Edited by Webslinger
Link to post
Share on other sites
  • Administrators

Before reproducing the issue, please enable "Advanced pcap logging" in the IDS setup -> Troubleshooting. When you reproduce the issue, compress the log C:\ProgramData\ESET\ESET Smart Security\Diagnostics\EpfwLog.pcapng and send it to me for analysis.

Link to post
Share on other sites

Before reproducing the issue, please enable "Advanced pcap logging" in the IDS setup -> Troubleshooting. When you reproduce the issue, compress the log C:\ProgramData\ESET\ESET Smart Security\Diagnostics\EpfwLog.pcapng and send it to me for analysis.

 

Done.

Link to post
Share on other sites

I also encountered the same problem which unable to access the Asus' router admin page. I also own both Asus RT-AC66u and USB-AC53, running Windows 7 64bit with Eset SS version 7. I can access the Asus router admin page using iPad without any problem.

Link to post
Share on other sites

I also encountered the same problem which unable to access the Asus' router admin page. I also own both Asus RT-AC66u and USB-AC53, running Windows 7 64bit with Eset SS version 7. I can access the Asus router admin page using iPad without any problem.

 

Yeah, this is a pretty serious problem that Eset needs to address. And actually, the model of the wireless adapter doesn't matter (appears to timeout using anything).

Link to post
Share on other sites
  • 2 weeks later...

My license is going to expire very soon, I will change my anti-virus software to Avast if there is no resolution before that. Seriously, very disappointed if ESET unable to fix this problem.

Link to post
Share on other sites
  • Administrators

It seems to be the same issues as discussed here. Please continue in that thread so that the discussion is kept at one place. I assume that the problem is with Asus routers not adhering to rfc standards for http communication which may cause issues in conjunction with ESET's http scanner. Providing us with special logs for troubleshooting should help us pinpoint the issue, As a workaround, you may want to exclude the IP address of your router from content filtering.

Link to post
Share on other sites
  • Administrators

Actually adding the router as an IP exclusion doesn't help either. I've tried about 4 other AV programs including Eset 6--and only Eset 7 causes this problem.

 

That should work provided that the correct IP address was added correctly to the list of addresses excluded from protocol filtering and disabling web protection or protocol filtering solved the issue. Perhaps you could post a screen shot of your list of addresses excluded from protocol filtering as well as a screen shot of the router's setup page with the address bar included.

Link to post
Share on other sites
  • Administrators

I added my router's IP address to Excluded IP addresses under protocol filtering in Web and Email.  That solved the prob for me.  I had something similar like this happen with Eset and slingbox in version 6.

 

Please check your pm. I've sent you instructions for generating logs that will help us pinpoint the issue.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...