Shinu 0 Posted January 3, 2014 Share Posted January 3, 2014 (edited) Hey all, I've been having an issue ever since installing Windows 8.1 Pro that I never had happen when using Windows 7. I have Smart Security 7 installed and configured to use Interactive mode. I have a Freenas machine set up with hundreds of movies which I view using XBMC. All works fine when viewing and playing the media normally, however when I scan the drives for new media, the connection to the machine is completely lost (mere seconds into the scan), and only comes back upon disabling the firewall. I also use a media manager to automatically download artwork for my movies before hand, and the same thing happens whenever I begin scanning the drives for new media. I'm at a loss as to what can rectify the problem and would appreciate any and all assistance given. Thanks. Edited January 3, 2014 by Shinu Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted January 3, 2014 Administrators Share Posted January 3, 2014 Please check if the Freenas' IP address is in the Trusted zone. If it is and the issue occurs though, carry on as follows: - navigate to Setup -> Network and make sure the IP address is not listed in the temporary IP address blacklist - clear the firewall log - enable logging of blocked communications in the IDS setup - reproduce the problem - post the firewall log records here. Just in case, also include explanation which IP address belongs to which device. Link to comment Share on other sites More sharing options...
Shinu 0 Posted January 3, 2014 Author Share Posted January 3, 2014 Wow, thanks for the extremely fast respnse! I wasn't too sure how to verify if Freenas was part of the Trusted zone, so I went ahead with the other steps. After scanning again I noticed that the Nas' IP was indeed being added to the temporary IP blacklist. I added an exception to the address and I didn't get disconnected. Should this be enough to rectify the issue or is it just a temporary fix? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 3, 2014 Share Posted January 3, 2014 That should do it Shinu ! Link to comment Share on other sites More sharing options...
Shinu 0 Posted January 3, 2014 Author Share Posted January 3, 2014 Awesome! Thanks a lot guys. Really appreciate the help. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted January 4, 2014 Administrators Share Posted January 4, 2014 It would be interesting to see your firewall log records with information what kind of attack was detected that made the IP address get into the blacklist. Link to comment Share on other sites More sharing options...
Shinu 0 Posted January 4, 2014 Author Share Posted January 4, 2014 No prob. This is what I got from the log file... 1/3/2014 1:29:24 PM Detected attack against security hole 192.168.1.250:445 192.168.1.137:64659 TCP Win32/Exploit.SMB.CVE-2012-4774 System 1/3/2014 1:29:24 PM Address temporarily blocked by active defense (IDS) 192.168.1.137 192.168.1.250 TCP Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 4, 2014 Share Posted January 4, 2014 Windows filename parsing vuln Remote execution can be triggered Legitimate Block Link to comment Share on other sites More sharing options...
Shinu 0 Posted January 4, 2014 Author Share Posted January 4, 2014 Will adding the exception open myself up to legitimate attacks though? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 4, 2014 Share Posted January 4, 2014 I will defer to ESET or Marcos on that question Shinu Link to comment Share on other sites More sharing options...
Recommended Posts