Sign in to follow this  
txhawkeye

Problem with Internet Security 11.1.54

Recommended Posts

I've used Eset Internet Security on Windows 7 together with Symantec Workspace Virtualization (SWV) for a long time with no problems until upgrading Internet Security to 11.1.54 and now firewall rules no longer work for applications under the control of SWV.

SWV allows me to virtualize applications into an SWV 'layers'.   It uses a filter driver to redirect I/O for each virtualized application.  So, an application like SyncBackPro appears to other applications to be located at C:\Program Files (x86)\2BrightSparks\SyncBackPro.exe, but is actually located at C:\fslrdr\43\[_B_]PROGRAMFILES[_E_]\2BrightSparks\SyncBackPro\SyncBackPro.exe.  Internet Security sees the location as C:\fslrdr\43\[_B_]PROGRAMFILES[_E_]\2BrightSparks\SyncBackPro\SyncBackPro.exe when creating a firewall rules.

I run Internet Security in interactive mode.  After upgrading to 11.1.54 all the permanent firewall rules I've created for SWV virtualized applications are essentially ignored.  Internet Security prompts me every time for what action to take for outbound traffic every time I start an SWV virtualized application that has rules defining the action that should be taken. I tried creating new permanent rules from the prompts, but the next time I run the application Internet Security generates a new prompt (as if I'd specified that the rule is to apply only for the current instantiation of the application).  I've checked the firewall rules list and the new rules have been added, but Internet Security still prompts me every time the is run.

I had no problems before 11.1.54; I could create a permanent rule for any SWV virtualized application using the redirected location and it would work as expected.  After 11.1.54, the permanent rules for SWV virtualized applications no longer work and I cannot find a way to stop getting a prompt every time the virtualized applications run, so I've reverted to 11.0.151.9.

I don’t know what changed in 11.1.54, but I can’t upgrade to it until this is fixed.  Let me know if you need any further information to help resolve this.

Thank you in advance.

Share this post


Link to post
Share on other sites

Did you tried to reset to default firewall in EIS?

Share this post


Link to post
Share on other sites

No, I did not attempt to reset anything before restoring the prior version.

I'm willing to try, but I need to know what you mean by "reset to default firewall in EIS".  Please let me know what steps I need to perform in order to do what you're asking.

Share this post


Link to post
Share on other sites
2 hours ago, anton83 said:

I run Internet Security in interactive mode.  After upgrading to 11.1.54 all the permanent firewall rules I've created for SWV virtualized applications are essentially ignored.  Internet Security prompts me every time for what action to take for outbound traffic every time I start an SWV virtualized application that has rules defining the action that should be taken.

Post a screen shot of the Eset alert you are receiving. I want to verify that it is a firewall alert and not an application modification alert which I assume you have enabled.

Share this post


Link to post
Share on other sites

It was a firewall alert, not an application modification alert; I'm familiar with both.  The SWV virtualized applications hadn't changed.  The firewall alert popped every time I started one of the virtualized apps - even after telling Eset to create a permanent rule to allow (and I verified the rules were created by looking at the firewall rules after Eset created them).

I have reverted to 11.0.159.9 because it was too much of a hassle to have to continually interact with Eset to run the multiple SWV virtualized apps I have.  The problems do not occur in 11.0.159.9.

If you need me to re-install and send you a screenshot, I can do that, but I'm certain Eset was throwing firewall alerts.

Please advise.

Share this post


Link to post
Share on other sites

As best as I can determine, there were no changes to the firewall in ver. 11.1.54. Eset a few vers. back removed the individual service ref. for svchost.exe for the default firewall rules. Personally, I don't see how your existing rules for SWV in the prior versions.

Share this post


Link to post
Share on other sites

Hmmm.  I've been using Eset going back to at least version 7.  The firewall rules for SWV virtualized applications have always worked without any issue for all versions until 11.1.54.

Perhaps something happened during the upgrade to 11.1.54.  I upgraded via a prompt from the Eset software.  I'll try upgrading again and see what happens and report back (it may be a day of so before I can, though).

Share this post


Link to post
Share on other sites
7 hours ago, txhawkeye said:

No, I did not attempt to reset anything before restoring the prior version.

I'm willing to try, but I need to know what you mean by "reset to default firewall in EIS".  Please let me know what steps I need to perform in order to do what you're asking.

There was a such error for some users. You need to enter EIS firewall settings and click to reset to default. There wa a post here how to do it.

Share this post


Link to post
Share on other sites

Change in support options Eset IS with Eset antivirus and use windows FW it will help.

Share this post


Link to post
Share on other sites
21 hours ago, txhawkeye said:

Internet Security sees the location as C:\fslrdr\43\[_B_]PROGRAMFILES[_E_]\2BrightSparks\SyncBackPro\SyncBackPro.exe when creating a firewall rules.

Next time you create a new firewall rule from above process Eset alert, pay close attention to the full path name inserted into the firewall rule. I suspect there is some "subtle" change in the path name.

Also it might be the firewall rule processor can no handle those "[_B_]" bracket characters; BTW do those correspond to any known keyboard character?

Share this post


Link to post
Share on other sites

The path C:\fslrdr\43\[_B_]PROGRAMFILES[_E_]\2BrightSparks\SyncBackPro\SyncBackPro.exe is what I have copied directly from the path name a firewall rule that worked before 11.1.54 and has problems starting with 11.1.54.  The substrings '[_B_]' are literally those characters on the keyboard.

I did another test after my last update.  I had reverted to 11.0.159.9 after having problems with 11.1.54.  For this test, I uninstalled 11.0.159.9 and installed a full copy of 11.1.54 downloaded from the Eset website.  Same results.

However, I did find that the rules for some of the SWV virtual apps did work properly and some did not (I hadn't tested all SWV virtual apps the first time).  Some limited testing hints that the problem MAY be with virtualized 32-bit apps; I have one virtualized 64-bit app and its rules were recognized and handled as expected.  I need more testing to determine whether this is a problem with virtualized 32-bit vs 64-bit apps.

Unfortunately, I have two virtualized 32-bit apps that run frequently on a scheduled basis, so it isn't feasible to stay on 11.1.54 for extended periods of time because 11.1.54 Eset pops firewall alerts every time a scheduled execution takes place.  Therefore, I have again reverted to 11.0.159.9 for now.  When I get some more time, I will do some more testing and report back.

Share this post


Link to post
Share on other sites
2 hours ago, txhawkeye said:

Some limited testing hints that the problem MAY be with virtualized 32-bit apps

That's interesting. There have been reported issues with Win 10 x(86) 1803  and Eset ver. 11.1.54; mostly on NOD32. I haven't heard of any with Win 7 however. 

galaxy likes this

Share this post


Link to post
Share on other sites
2 hours ago, itman said:

That's interesting. There have been reported issues with Win 10 x(86) 1803  and Eset ver. 11.1.54; mostly on NOD32. I haven't heard of any with Win 7 however. 

Just to be clear, I'm running 64-bit Win 7.  Some of the SWV virtualized apps are 32-bit apps; others are 64-bit.  I'm working on an approach to determine whether  or not the problem I've encountered on 11.1.54 is related to just the 32-bit apps when I run another test.

Share this post


Link to post
Share on other sites

I did more extensive testing today on EIS 11.1.54.  The problem with EIS 'remembering' firewall rules created for applications that have been virtualized by Symantec Workspace Virtualization (SWV) occurs for both 32-bit and 64-bit virtualized applications.  EIS generates alerts every time an SWV virtualized application attempts to communicate over the network.

As suggested by anton83, I also tried resetting all firewall settings to default.  I can't use the default firewall mode, so I set the firewall to interactive mode after the reset - the problem was still there.  I reset settings again and tried learning mode ... EIS still generated firewall alerts every time an SWV application attempted to communicate over the network. 

I've attached two screenshots of EIS firewalls rules from the tests.  The first show rules generated during the test in interactive mode; the second shows rules generated in learning mode.  Both show multiple copies of the same rules generated when running a program called DxO Photo Lab.  EIS creates the rules correctly, but it doesn't apply them when the application is started again and instead generates a new alert as if no rule exists.

This never happened before 11.4.54.

I have once again reverted to 11.0.159.9 until this problem can be fixed.

Eset_11.1.54 Interactive.jpg

Eset_11.1.54 learning.jpg

Edited by txhawkeye

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.