Eset Ss 7.0.317.4 And 8.0.103.0 Blocking Access To Asus Rt-Ac66U Router

[Webslinger 2]

 

Actually adding the router as an IP exclusion doesn't help either. I've tried about 4 other AV programs including Eset 6--and only Eset 7 causes this problem.

 

That should work provided that the correct IP address was added correctly to the list of addresses excluded from protocol filtering

 

Ok, I don't know if it's a coincidence, but an Eset module was updated, and now when I add the router's IP address to be excluded from protocol filtering, I can access the router's web interface without problems.

Edited December 1, 2013 by Webslinger

[Webslinger 2]

The Asus routers do poll for active connected devices for enumeration purposes upon accessing the web interface. That might be the cause. There's no way to disable that process in the router though.

[rockshox 5]

Same problem here on an ASUS RT-N66U (latest firmware) and ESET Nod32 7.0.302.26. Problem occurs with both Internet Explorer and Chrome. Excluding the IP of the router under Web and Email > Protocol Filtering > Excluded IP Addresses corrects the problem. 

[Webslinger 2]

Same problem here on an ASUS RT-N66U (latest firmware) and ESET Nod32 7.0.302.26. Problem occurs with both Internet Explorer and Chrome. Excluding the IP of the router under Web and Email > Protocol Filtering > Excluded IP Addresses corrects the problem. 

 

Well, disabling protocol filtering for a router isn't really a correction--nor a proper solution. It's a workaround at best.

Edited December 31, 2013 by Webslinger

[zolar 0]

I 100% agree with Webslinger.

[Marcos 4,594]

Could you please confirm or deny that the issue persists after enabling pre-release updates with Internet protection module 1094 installed?

[Webslinger 2]

Could you please confirm or deny that the issue persists after enabling pre-release updates with Internet protection module 1094 installed?

 

The issue persists with internet protection module 1094.

 

Virus signature database: 9177P (20131216)

Rapid Response module: 3438 (20131216)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1417 (20131206)

Advanced heuristics module: 1145 (20131121)

Archive support module: 1187 (20131205)

Cleaner module: 1081 (20131127)

Anti-Stealth support module: 1057 (20131125)

Personal firewall module: 1162 (20131204)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1240 (20131202)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1145 (20131121)

HIPS support module: 1106B (20131210)

Internet protection module: 1094 (20131204)

Web content filter module: 1030 (20130719)

Advanced antispam module: 1560P (20131216)

Database module: 1044 (20131108)

[MMx 28]

Webslinger: Would you please try to mark your browsers for active mode at F5 -> Web and email -> Web access protection -> HTTP, HTTPS -> Active mode on ESS 6 to see if the problem comes back?

[Webslinger 2]

Webslinger: Would you please try to mark your browsers for active mode at F5 -> Web and email -> Web access protection -> HTTP, HTTPS -> Active mode on ESS 6 to see if the problem comes back?

 

 

I uninstalled Eset 7 before installing Eset 6 (64 bit edition with Windows 8.1 OS).

 

The problem does not return with active mode enabled for my browser with ESS 6.0.316.0

 

 

Virus signature database: 9235 (20131231)

Rapid Response module: 3497 (20131231)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1416 (20131203)

Advanced heuristics module: 1146 (20131213)

Archive support module: 1187 (20131205)

Cleaner module: 1080 (20131029)

Anti-Stealth support module: 1056 (20131112)

Personal firewall module: 1153 (20131028)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1239 (20131022)

Real-time file system protection module: 1006 (20110921)

Translation support module: 1131 (20131004)

HIPS support module: 1106B (20131210)

Internet protection module: 1094 (20131204)

Web content filter module: 1028 (20121113)

Advanced antispam module: 1566 (20131219)

Database module: 1044 (20131108)

Edited December 31, 2013 by Webslinger

[Webslinger 2]

Issue still persists.

[Marcos 4,594]

Since the logs didn't shed any light, we'll try to obtain the router and reproduce the issue in our environment.

[Webslinger 2]

I just installed ASUS RT-AC66U Firmware Version 3.0.0.4.374.2050

 

Doesn't help, unfortunately.

[Marcos 4,594]

You can keep router's IP address excluded from protocol filtering until a fix or workaround is distributed to users via a module update.

[Marcos 4,594]

We have obtained the router ASUS RT-AC66U and analyzed the issue. According to our findings, it's a bug in Windows Filtering Platform which causes the issue in communication with Asus' routers when accessing the administrator web interface. Therefore we have contacted Microsoft and provided them with more information about the bug we have discovered.

 

Since it will take some time until Microsoft analyzes the problem and releases a hotfix, as a workaround please keep router's IP address excluded from protocol filtering as advised above.

[SweX 871]

Great Job Marcos & ESET. Far from every vendor would actually go out and get the router to investigate further and troubleshoot the issue like this. If my memory serves me well I reckon it's not the first time ESET discovers a bug in the WFP.

 

Maybe the new MS CEO could go and hire some bug hunters...

[Arakasi 549]

I agree with Swex and his compliments

[Ondrej Lovász 0]

Just a quick question.

Did the new vulnerability firmware updates to Asus routers in any way helped with this issue or before-mentioned IP exclusion requirement is still required?

[Webslinger 2]

Just a quick question.

Did the new vulnerability firmware updates to Asus routers in any way helped with this issue or before-mentioned IP exclusion requirement is still required?

 

Firmware 3.0.0.4.374.4561 did not help at all.

 

The router IP exclusion is still required with Eset 7.0.302.06

 

Virus signature database: 9493 (20140303)

Rapid Response module: 3764 (20140303)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1421 (20140219)

Advanced heuristics module: 1147 (20140114)

Archive support module: 1191 (20140210)

Cleaner module: 1084 (20140224)

Anti-Stealth support module: 1057 (20131125)

Personal firewall module: 1182 (20140213)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1240 (20131202)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1145 (20131121)

HIPS support module: 1115 (20140206)

Internet protection module: 1108 (20140224)

Web content filter module: 1030 (20130719)

Advanced antispam module: 1642 (20140302)

Database module: 1047 (20140110)

[Webslinger 2]

This issue still persists with Asus high-end routers and Eset SS.

This is not some obscure router or product. These are well respected and often considered

amongst the best routers on the market. Look at its ranking: hxxp://www.smallnetbuilder.com/rankers/router/view

Asus routers aren't going anywhere, and they are constantly being purchased by power users.

 

While I cannot confirm whether the problem is due to a Microsoft Windows Filtering Platform bug, I do find it puzzling that major competitors to Eset's AV

products do not produce this issue.

 

Unfortunately, since my subscription is due in September, it looks like I won't be renewing my four computer license with Eset since this problem isn't resolved yet.

Oh well, Eset, it was a good run.

 

Also, the problem also persists in Eset SS 8.0.103.0 (beta) and RT-AC66U firmware 3.0.0.4.376.1123

 

Virus signature database: 10227 (20140808)
Rapid Response module: 4542 (20140808)
Update module: 1051 (20140409)
Antivirus and antispyware scanner module: 1434 (20140729)
Advanced heuristics module: 1152 (20140724)
Archive support module: 1206 (20140702)
Cleaner module: 1098 (20140801)
Anti-Stealth support module: 1060 (20140514)
Personal firewall module: 1225B (20140805)
Antispam module: 1027 (20131119)
ESET SysInspector module: 1241 (20140410)
Real-time file system protection module: 1009 (20130301)
Translation support module: 1244 (20140724)
HIPS support module: 1142 (20140731)
Internet protection module: 1141B (20140806)
Web content filter module: 1036 (20140625)
Advanced antispam module: 1807 (20140808)
Database module: 1058 (20140319)

Edited August 9, 2014 by Webslinger

[Arakasi 549]

So you are going to go down in protection, because you can't access your router's interface through http ?

Why not use other methods to interact with the interface ?

[Webslinger 2]

So you are going to go down in protection, because you can't access your router's interface through http ?

Why not use other methods to interact with the interface ?

 

 

I'm "going down in protection" by excluding my router's IP address from protocol filtering just to access it by using Eset SS.

 

And if you're referring to other products being somehow inferior, I suggest you take a look some independent testing and draw your own conclusions (shill and fanboyism aside . . . not that you are either a fanboy or a shill--but being one tends to blind people; for a long time, I was a fan of the product):

 

hxxp://www.av-comparatives.org/comparatives-reviews/

 

hxxp://www.av-test.org

 

(I am, by the way, aware of Eset's excellent track record at www.virusbtn.com)

 

 

I like Eset, and I've been using Eset SS for years, but I'm not going to continue paying to use a product and be inconvenienced, regardless of whether Microsoft is at fault. And

I know I'm the only one who is on the cusp of switching AV products over this issue.

Edited August 9, 2014 by Webslinger

[rugk 397]

By the way just because I'm interested: If it's a bug in Microsoft Windows Filtering Platform, why does it works with ESS v 6?

 

@Webslinger: Come down! It's a small bug, ESET is not able to help it¹ and you have a workaround with it it works. And it's really not a great protection lost if you exclude your routers IP. I don't think that any other program (malware or not) wants to connect directly to the router.

 

1: Attention, before translating this in your language if English isn't your first language. Use a dictionary or something like this!

In other words: ESET don't have the fault.

Edited August 9, 2014 by rugk

[rugk 397]

Hey, you both @Arakasi and @Webslinger: Calm down! We want to discuss here in a nice way and so we all should follow the discussion guidelines!

Edited August 9, 2014 by rugk

[Marcos 4,594]

Some posts removed. Please refrain from personal attacks.

Regarding the issue, it's caused by faulty http server implementation in Asus routers. To my best knowledge, our engineers contacted Microsoft to discuss a way how to circumvent or fix it in Windows Filtering Platform but there's been no success yet. The reason why other AVs may not suffer from this issue is that they don't utilize WFP or don't make modifications to data streams at WFP level as ESET does. WFP is a modern platform developed by Microsoft which allowed us to replace obsolete TDI drivers with new modern WFP drivers supported by new Windows operating systems.

As soon as we have some news with regard to this issue, we'll let you know.

Thank you for understanding.

[rugk 397]

@Marcos. Thanks great response and very informative!

 

Just a small question: Why does it work with ESS v6?