Jump to content

Eset Ss 7.0.317.4 And 8.0.103.0 Blocking Access To Asus Rt-Ac66U Router


Recommended Posts

 

Actually adding the router as an IP exclusion doesn't help either. I've tried about 4 other AV programs including Eset 6--and only Eset 7 causes this problem.

 

That should work provided that the correct IP address was added correctly to the list of addresses excluded from protocol filtering

 

Ok, I don't know if it's a coincidence, but an Eset module was updated, and now when I add the router's IP address to be excluded from protocol filtering, I can access the router's web interface without problems.

Edited by Webslinger
Link to post
Share on other sites

The Asus routers do poll for active connected devices for enumeration purposes upon accessing the web interface. That might be the cause. There's no way to disable that process in the router though.

Link to post
Share on other sites

Same problem here on an ASUS RT-N66U (latest firmware) and ESET Nod32 7.0.302.26. Problem occurs with both Internet Explorer and Chrome. Excluding the IP of the router under Web and Email > Protocol Filtering > Excluded IP Addresses corrects the problem. 

Link to post
Share on other sites

Same problem here on an ASUS RT-N66U (latest firmware) and ESET Nod32 7.0.302.26. Problem occurs with both Internet Explorer and Chrome. Excluding the IP of the router under Web and Email > Protocol Filtering > Excluded IP Addresses corrects the problem. 

 

Well, disabling protocol filtering for a router isn't really a correction--nor a proper solution. It's a workaround at best.

Edited by Webslinger
Link to post
Share on other sites

Could you please confirm or deny that the issue persists after enabling pre-release updates with Internet protection module 1094 installed?

 

The issue persists with internet protection module 1094.

 

Virus signature database: 9177P (20131216)

Rapid Response module: 3438 (20131216)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1417 (20131206)

Advanced heuristics module: 1145 (20131121)

Archive support module: 1187 (20131205)

Cleaner module: 1081 (20131127)

Anti-Stealth support module: 1057 (20131125)

Personal firewall module: 1162 (20131204)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1240 (20131202)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1145 (20131121)

HIPS support module: 1106B (20131210)

Internet protection module: 1094 (20131204)

Web content filter module: 1030 (20130719)

Advanced antispam module: 1560P (20131216)

Database module: 1044 (20131108)

Link to post
Share on other sites
  • 2 weeks later...
  • ESET Staff

Webslinger: Would you please try to mark your browsers for active mode at F5 -> Web and email -> Web access protection -> HTTP, HTTPS -> Active mode on ESS 6 to see if the problem comes back?

Link to post
Share on other sites

Webslinger: Would you please try to mark your browsers for active mode at F5 -> Web and email -> Web access protection -> HTTP, HTTPS -> Active mode on ESS 6 to see if the problem comes back?

 

 

I uninstalled Eset 7 before installing Eset 6 (64 bit edition with Windows 8.1 OS).

 

The problem does not return with active mode enabled for my browser with ESS 6.0.316.0

 

 

Virus signature database: 9235 (20131231)

Rapid Response module: 3497 (20131231)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1416 (20131203)

Advanced heuristics module: 1146 (20131213)

Archive support module: 1187 (20131205)

Cleaner module: 1080 (20131029)

Anti-Stealth support module: 1056 (20131112)

Personal firewall module: 1153 (20131028)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1239 (20131022)

Real-time file system protection module: 1006 (20110921)

Translation support module: 1131 (20131004)

HIPS support module: 1106B (20131210)

Internet protection module: 1094 (20131204)

Web content filter module: 1028 (20121113)

Advanced antispam module: 1566 (20131219)

Database module: 1044 (20131108)

Edited by Webslinger
Link to post
Share on other sites
  • 2 weeks later...
  • 4 weeks later...
  • Administrators

We have obtained the router ASUS RT-AC66U and analyzed the issue. According to our findings, it's a bug in Windows Filtering Platform which causes the issue in communication with Asus' routers when accessing the administrator web interface. Therefore we have contacted Microsoft and provided them with more information about the bug we have discovered.

 

Since it will take some time until Microsoft analyzes the problem and releases a hotfix, as a workaround please keep router's IP address excluded from protocol filtering as advised above.

Link to post
Share on other sites

Great Job Marcos & ESET. Far from every vendor would actually go out and get the router to investigate further and troubleshoot the issue like this. If my memory serves me well I reckon it's not the first time ESET discovers a bug in the WFP. :unsure:

 

Maybe the new MS CEO could go and hire some bug hunters... :rolleyes:

Link to post
Share on other sites
  • 4 weeks later...

Just a quick question.

Did the new vulnerability firmware updates to Asus routers in any way helped with this issue or before-mentioned IP exclusion requirement is still required?

 

Firmware 3.0.0.4.374.4561 did not help at all.

 

The router IP exclusion is still required with Eset 7.0.302.06

 

Virus signature database: 9493 (20140303)

Rapid Response module: 3764 (20140303)

Update module: 1047 (20131023)

Antivirus and antispyware scanner module: 1421 (20140219)

Advanced heuristics module: 1147 (20140114)

Archive support module: 1191 (20140210)

Cleaner module: 1084 (20140224)

Anti-Stealth support module: 1057 (20131125)

Personal firewall module: 1182 (20140213)

Antispam module: 1027 (20131119)

ESET SysInspector module: 1240 (20131202)

Real-time file system protection module: 1009 (20130301)

Translation support module: 1145 (20131121)

HIPS support module: 1115 (20140206)

Internet protection module: 1108 (20140224)

Web content filter module: 1030 (20130719)

Advanced antispam module: 1642 (20140302)

Database module: 1047 (20140110)

Link to post
Share on other sites
  • 5 months later...

This issue still persists with Asus high-end routers and Eset SS.

This is not some obscure router or product. These are well respected and often considered

amongst the best routers on the market. Look at its ranking: hxxp://www.smallnetbuilder.com/rankers/router/view

Asus routers aren't going anywhere, and they are constantly being purchased by power users.

 

While I cannot confirm whether the problem is due to a Microsoft Windows Filtering Platform bug, I do find it puzzling that major competitors to Eset's AV

products do not produce this issue.

 

Unfortunately, since my subscription is due in September, it looks like I won't be renewing my four computer license with Eset since this problem isn't resolved yet.

Oh well, Eset, it was a good run.

 

Also, the problem also persists in Eset SS 8.0.103.0 (beta) and RT-AC66U firmware 3.0.0.4.376.1123

 

Virus signature database: 10227 (20140808)
Rapid Response module: 4542 (20140808)
Update module: 1051 (20140409)
Antivirus and antispyware scanner module: 1434 (20140729)
Advanced heuristics module: 1152 (20140724)
Archive support module: 1206 (20140702)
Cleaner module: 1098 (20140801)
Anti-Stealth support module: 1060 (20140514)
Personal firewall module: 1225B (20140805)
Antispam module: 1027 (20131119)
ESET SysInspector module: 1241 (20140410)
Real-time file system protection module: 1009 (20130301)
Translation support module: 1244 (20140724)
HIPS support module: 1142 (20140731)
Internet protection module: 1141B (20140806)
Web content filter module: 1036 (20140625)
Advanced antispam module: 1807 (20140808)
Database module: 1058 (20140319)

Edited by Webslinger
Link to post
Share on other sites

So you are going to go down in protection, because you can't access your router's interface through http ?

Why not use other methods to interact with the interface ?

 

 

I'm "going down in protection" by excluding my router's IP address from protocol filtering just to access it by using Eset SS.

 

And if you're referring to other products being somehow inferior, I suggest you take a look some independent testing and draw your own conclusions (shill and fanboyism aside . . . not that you are either a fanboy or a shill--but being one tends to blind people; for a long time, I was a fan of the product):

 

hxxp://www.av-comparatives.org/comparatives-reviews/

 

hxxp://www.av-test.org

 

(I am, by the way, aware of Eset's excellent track record at www.virusbtn.com)

 

 

I like Eset, and I've been using Eset SS for years, but I'm not going to continue paying to use a product and be inconvenienced, regardless of whether Microsoft is at fault. And

I know I'm the only one who is on the cusp of switching AV products over this issue.

Edited by Webslinger
Link to post
Share on other sites

By the way just because I'm interested: If it's a bug in Microsoft Windows Filtering Platform, why does it works with ESS v 6?

 

@Webslinger: Come down! It's a small bug, ESET is not able to help it1 and you have a workaround with it it works. And it's really not a great protection lost if you exclude your routers IP. I don't think that any other program (malware or not) wants to connect directly to the router.

 

1: Attention, before translating this in your language if English isn't your first language. Use a dictionary or something like this!

In other words: ESET don't have the fault.

Edited by rugk
Link to post
Share on other sites
  • Administrators

Some posts removed. Please refrain from personal attacks.

Regarding the issue, it's caused by faulty http server implementation in Asus routers. To my best knowledge, our engineers contacted Microsoft to discuss a way how to circumvent or fix it in Windows Filtering Platform but there's been no success yet. The reason why other AVs may not suffer from this issue is that they don't utilize WFP or don't make modifications to data streams at WFP level as ESET does. WFP is a modern platform developed by Microsoft which allowed us to replace obsolete TDI drivers with new modern WFP drivers supported by new Windows operating systems.

As soon as we have some news with regard to this issue, we'll let you know.

Thank you for understanding.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...