ESET AV Blocking my router web admin page

[Wolfy2020 0]

I've just got a new Asus RT-AC56U router and ESET is restricting access to my web admin page.

 

I can load up into it but can't go any further pages will either fail to load or just load partially. 

 

If i uninstall ESET everything is fine.

 

Any ideas?

 

Thanks.

[Phil_S 3]

You need to enter the router address as an excluded address under Protocol Filtering in EAV setup. 

[Wolfy2020 0]

Thanks Phil, that worked.

 

Much appreciated.

[rlcronin 3]

You need to enter the router address as an excluded address under Protocol Filtering in EAV setup. 

I found the same, but the question is, WHY? What is the router doing, exactly,  that is causing ESET to behave this way? I submitted some wireshark traces of this in response to a request from Marcos during the beta period and never heard anything back.

--

bc

[DrTeeth 5]

No probs with the Asus RT-N66U router FWIW - using the Merlin firmware.

 

DrT

Edited November 24, 2013 by DrTeeth

[SweX 871]

FWIW, though I don't use an Asus router, I am able to access my router without adding anything to the exclusions as well.

[Phil_S 3]

Dr Teeth,

 

Do you mean that you haven't had to add the router IP to the exclusion list? I'm using an RT-N66U with Merlin 3.0.0.4.372.31 and unless I exclude it the web interface hangs with partially loaded pages, corrupts those that do load and often fails to execute tabs or links to other settings pages. Once I exclude it, everything works fine..

[Peter Randziak 1,130]

Hello,

 

if somebody is willing to debug this please drop me private message with reference to this thread.

[rlcronin 3]

No probs with the Asus RT-N66U router FWIW - using the Merlin firmware.

 

DrT

I do have problems with mt RT-N66U using Merlin. I use Chrome. What browser do you use?

--

bc

[rlcronin 3]

Dr Teeth,

 

Do you mean that you haven't had to add the router IP to the exclusion list? I'm using an RT-N66U with Merlin 3.0.0.4.372.31 and unless I exclude it the web interface hangs with partially loaded pages, corrupts those that do load and often fails to execute tabs or links to other settings pages. Once I exclude it, everything works fine..

Ditto (except that I am on Merlin's latest, 3.0.0.4.374.35_2). I am happy to help debug this (at least today, I won't have time the rest of the week).

--

bc

Edited November 27, 2013 by rlcronin

[Peter Randziak 1,130]

Private message to rlcronin sent.

[Webslinger 2]

Asus RT-AC66U is similarly affected: https://forum.eset.com/topic/1160-eset-ss-7030226-blocking-access-to-asus-rt-ac66u-router/

[Ron 0]

Same Problem here with NETGEAR WNR1000 router, its a good thing I purchased Nod32 v7 anti-virus software on a promotion for $4.99, I will be unstalling Eset and moving on.

lesson learned  stay away from Eset!

[Arakasi 549]

Ron you have issues

 

ESET is working to solve this ....... very minor issues already ....

 

Another thing ..... this is an issue where the router only needs to be added to the exclusions list

Edited December 2, 2013 by Arakasi

[Marcos 5,074]

ESET is working to solve this ....... very minor issues already ....

Another thing ..... this is an issue where the router only needs to be added to the exclusions list  troll on

Yeah, web pages complying with rfc standards should be rendered correctly with ESET's web protection enabled. Anyways, as Arakasi mentioned, we are trying to get logs from affected clients to determine what exactly is causing the issue. The issue can be worked around by adding the router's IP address to the list of addresses excluded from protocol filtering.

[Ron 0]

Ron you have issues

 

ESET is working to solve this ....... very minor issues already ....

 

Another thing ..... this is an issue where the router only needs to be added to the exclusions list  troll on

 

I just found out that the problem could be that in am running Outpost firewall Pro and that Eset Anti-Virus Version 7 is not compatible, either way looks like I am going to have to drop Eset.

I have used previous versions of Eset Anti-virus and did not have these proplems.

[Arakasi 549]

Thank you Ron for posting.

If you would like some assistance making the two work together,please start a new thread.

 

Good luck

[Marcos 5,074]

The compatibility issue with Outpost firewall Pro was solved in Ant-Stealth module 1055. Please post the information about installed modules from the About window to make sure you're using the latest.

Also I'd like to note that Outpost firewall Pro is not only a firewall but also includes protection modules (system guard, application guard, etc.) that might theoretically clash with ESET as well as with other security solutions. However, in our testing environment we didn't experience any issues after upgrading the Anti-Stealth module to the latest version.

[Webslinger 2]

The problem with Asus routers is not related to third party firewall products. Completely separate issue.

 

The Asus routers do poll for active connected devices for enumeration purposes upon accessing the web interface. That might be the cause. There's no way to disable that process in the router though.

Edited December 2, 2013 by Webslinger

[Arakasi 549]

Marcos and i were off topic Webslinger, from this post : https://forum.eset.com/topic/1389-eset-av-blocking-my-router-web-admin-page/#entry8155

 

Thanks

[Webslinger 2]

The problem still persists.

 

Virus signature database: 9177P (20131216)
Rapid Response module: 3438 (20131216)
Update module: 1047 (20131023)
Antivirus and antispyware scanner module: 1417 (20131206)
Advanced heuristics module: 1145 (20131121)
Archive support module: 1187 (20131205)
Cleaner module: 1081 (20131127)
Anti-Stealth support module: 1057 (20131125)
Personal firewall module: 1162 (20131204)
Antispam module: 1027 (20131119)
ESET SysInspector module: 1240 (20131202)
Real-time file system protection module: 1009 (20130301)
Translation support module: 1145 (20131121)
HIPS support module: 1106B (20131210)
Internet protection module: 1094 (20131204)
Web content filter module: 1030 (20130719)
Advanced antispam module: 1560P (20131216)
Database module: 1044 (20131108)

[Pro 0]

And a year later this problem STILL exists.

I'm using a ASUS RT-AC68U

 

EAV: 5.0.2229.1

Signaturdatenbank: 10914 (20141222)
Soforteinsatz-Modul: 5253 (20141222)
Updates: 1055 (20141118)
Viren- und Spyware-Schutz: 1446 (20141208)
Advanced Heuristik: 1153 (20140915)
Archivunterstützung: 1215 (20141106)
Säuberungstechnologie: 1102 (20141112)
Anti-Stealth-Unterstützung: 1060 (20140514)
ESET SysInspector: 1245 (20141028)
Self-Defense-Unterstützung: 1018 (20100812)
Echtzeit-Dateischutz: 1006 (20110921)
Lokalisierungsunterstützung: 1273 (20141008)
HIPS-Unterstützung: 1155 (20141127)
Internet-Schutz: 1151 (20141009)
Datenbank: 1061 (20141124)

I need to disable my EAV to get access to my router. I know the workaroud through the whitelist, but that's not a long term solution.

[Marcos 5,074]

This should be fixed in Endpoint v6 and EAV/ESS v8. A workaround for older versions is to exclude the IP address of the router from protocol filtering which is much safer and straightforward than disabling EAV each time you want to access the router's web interface.

[Pro 0]

This should be fixed in Endpoint v6 and EAV/ESS v8.

 

Endpoint v6 ist not yet available. The most recent version is 5.0.2237.0 (see hxxp://www.eset.com/de/download/business/detail/family/150/)

When can v6 be expected?

[rugk 397]

Actually v6 of the business products have been released in North America. It will be released in the first quarter of 2015 worldwide (including Germany of course).

 

More information you can find in this topic: The next generation of the business products from ESET (6)