Jump to content

Firewall - Interactive Mode not working properly


Recommended Posts

@Marcos, @xxJackxx: good to hear that.

Unfortunately, I think, I have yet another bad news: there are lurking one to two other bugs in the firewall in interactive mode, ie. not that related to the hidden firewall popups hell bug. (This has nothing to do with Opera, but with ESS V7.)
Probably both happening only in "launcher mode", ie. one programm calls (/shells) another one (parent-child relation). Thus I can now partially acknowledge the problem(s) described here, https://forum.eset.com/topic/2278-getting-fed-up-with-firewall/#entry13051:
 

 

[Nizrax000] (...) I.e Install a game, or web browser that uses a launcher or similar. (...)

 

1. (20140428) during Opera's Auto-Update to V12.17, 64 bit, there were 4 firewall popups, which I stored as rules. All these rules came from the Opera Update Installer, that launched the new 'opera.exe' after successfully installing the new version, which I saw through some HIPS popups. Everything seemed ok, until I wanted to shutdown my PC and saw in task manager that the Opera Update Installer was still active... Exactly knowing what this means (hidden firewall popups), I triggered the hidden notification popups with 'cmd.exe'. And, wow: this was the first time the hidden firewall popups appeared, at the same time as a whole bunch of piled up (PCAP) notification popups! (See screenshot.) After having dutifully stored two more firewall popups, the nearly closed Opera Update Installer closed fully.
---> Conclusion: it seems there are cases where not all firewall popups appear, even if you are storing all as firewall rules - presumably only happening in "launcher mode".

2. (20140429) I wanted to play an embedded Adobe Flash video (using Opera) - and landed in the firewall popup death loop hell! Flash Player uses Opera Plugin-Wrapper, and that's another "launcher mode" case (ie. parent-child process, see screenshot). First firewall popup appears, storing it as custom rule. I'm pretty sure, it was port 80, single IP. 2nd firewall popup appears, exactly the same! Same procedure. 3rd popup, the same again! Now storing as port 80, all IPs. 4th popup, the same again! Now doing all ports, all IPs. Next popup, the same again! Back and forth fiddling around, the only circumvention was to not create custom rule, but enabling "temporarily remember", then ALLOW button. This led to yet another IP on Port 80. Back and forth fiddling around, looking whether these rules are really stored (during firewall popup, works - good): yes, but not all! See screenshot, the first you can see isn't the first for sure! And in between there are missing some too, I think. Doing the circumvention. Yet another IP, port 1935. I don't know how, but after about half an hour the video finally began to play... But it was certainly because of the above mentioned circumvention procedure, ie. "temporarily remember" plus ALLOW button.
---> Conclusion: the firewall popup death loop hell is a reality and in this case, for the first time, ESS V7, has not stored all firewall rules and was ignoring all of these new ones for a very long time. (The last one is a "TCP, all remote ports / addresses" too, but - screenshot! - there are identical ones before!!! (Looking carefully at this screenshot the question that pops up is: how was it possible to leave the firewall popup death loop hell?... Answer: at some time one of these new rules must have kicked in, presumably #5, unfortunately one of those that had logging disabled. Video began playing at around 16:21:42. See screenshot.)

Could someone try problem #2 and acknowledge it? You need Opera V12.17, 64-Bit, plus Adobe Flash Player, switch firewall to interactive mode, one custom firewall rule for Opera (TCP, OUT, remote ports 80 + 443, all remote addresses, enable logging)
and this URL (in Opera press <F12> and enable cookies, JavaScript and plug-ins): hxxp://www.srf.ch/konsum/themen/multimedia/wettstreit-mit-schnellem-internet-teure-abos-oft-unnoetig. Klick the video and you should be in the firewall popup death loop hell.

 

post-3617-0-21709300-1398904190_thumb.jpg

post-3617-0-15707500-1398904197_thumb.png

post-3617-0-33349800-1398904204_thumb.png

post-3617-0-95254200-1398904212_thumb.png

Edited by mma64
Link to comment
Share on other sites

  • ESET Insiders

@mma64...

 

As much as I would like to test that, the last time I installed Opera on one of my machines it destroyed Internet Explorer beyond repair. I might be able to try in the next day or 2 in a virtual machine, if nobody else has responded first.

Link to comment
Share on other sites

[@Marcos: PM received, ESS V7.0.317.5 downloaded and installed, thanks. Do you know whether in this version the following, https://forum.eset.com/topic/2278-getting-fed-up-with-firewall/#entry13035, has been fixed too?:
 

[Marcos, 16 April 2014] The current version of ESS has a bug which causes that no prompt window pops up if a network-aware application with communication previously allowed is modified (e.g. updated). You can try excluding these applications from modification detection under Network -> Personal firewall -> Application modification detection.

]

The good [ESS V7.0.317.5]: Problem #2 (see previous posting, Flash video) can't be reproduced with this version - 2 firewall popups stored as rules (same remote address, ports 80 and 1935) and video starts playing.

But...: as being a professional programmer, I doubt very much whether having exclusively fixed the hidden firewall popups limbo now (well done) has fixed problem #2 at the same time. There is a big difference between "pressing DENY leading to suppression of the other firewall popups and hiding them until PC restart / shutdown" and "repeating the same two firewall popups forever, even if storing each of them, even if storing the rule(s) with changing them to allow all remote ports, addresses, on TCP and UDP multiple times, including that not all of them were actually stored (!) at all, and all of a sudden one of the newly created rules kicks in!". (Carefully look at screenshot #3 in my previous posting, this is not Photoshop, this is what really happened!) Of course, the ESET developer team might have seen and fixed other things in this patched version too!

Everybody can totally ignore the following "lenghty", "time consuming", but valuable bug reproduction description, if Marcos or anyone from ESET can acknowledge that "[Marcos, 16 April 2014] The current version of ESS has a bug which causes that no prompt window pops..." is eliminated. But if not yet fixed, then I'm more than sure that you, ESET, will find the root cause (in the source code) for these seemingly erratic and "random" problems (see here, https://forum.eset.com/topic/2278-getting-fed-up-with-firewall/) by using my reproduction procedure!

@xxJackxx (plus the highly capable ESET developer team: really, the key to reproduce this problem (or any other "variant" of it) is "launcher mode" (parent-child relation) and first run of a previously updated program):

Carefully reading through the thread "Getting fed up with firewall", I come to the conclusion, that problem #2 is highly reproducible, (@xxJackxx) if you want to still test it. (ESET should go through it anyway.) But it's of the highest importance to follow this guideline precisely:

0. you must use ESS V7.x before ESS V7.0.317.5 (ie. the original one). You need Win7 64 bit, Win8 64 bit should be ok too.
1. (HIPS: automatic, firewall: automatic) install Opera V12.16, 64 bit, if you have the installer. Otherwise get the nearest available to V12.16 from here, hxxp://arc.opera.com/pub/opera/win/1211/int/Opera_1211_int_Setup_x64.exe
2. create one custom firewall rule for Opera (TCP, OUT, remote ports 80 + 443, all remote addresses, enable logging). There may be no other firewall rules for Opera.
3. create one custom firewall rule for the Opera Plugin Wrapper, see screenshot (TCP, OUT, DENY, remote port 443, all remote addresses)
4. launch Opera V12.16 / V12.11, call any website, works, close Opera. Safety check: task manager, is Opera closed? (If not restart your PC / your VM instance of Win7 / Win8.)
5. Adobe Flash Player must be installed.
6. (HIPS: interactive (always enable "remember this", then just press ALLOW button), firewall: interactive) launch Opera V12.16 / V12.11, force update to V12.17 with "Opera (click on Opera icon in the upper left corner) : help : check for updates", store each firewall popup (it's the Opera Update Installer) appearing as a custom rule, enabling logging. Opera Update Installer launches the updated Opera, a "thank you" web page appears. Close it. Safety check: task manager, is Opera closed? Presumably yes, but is Opera Update Installer closed?! Probably not. Only then (or if 'opera.exe' appeared in task manager) you have to restart your PC / your VM instance of Win7 / Win8.
7. launch Opera V12.17 for the first time after having updated it, press <F12> and enable cookies, JavaScript and plug-ins
8. click the following URL, hxxp://www.srf.ch/konsum/themen/multimedia/wettstreit-mit-schnellem-internet-teure-abos-oft-unnoetig, click the video
9. now you should be in the firewall popup death loop hell, hopefully: store 1st one as custom rule as often as you like, it will always reappear, even if you change it to include all remote ports / addresses / OUT + IN / TCP + UPD (see previous posting for getting to the 2nd popup and how to get out of this mess)

10. or it could be that you are in any other weird variant of the problem. (Besides of the death loop that I had experienced it could be that Opera doesn't show the web page / gets unresponsive / hangs or the like.)

11. or after having stored two custom firewall rules the video begins to play.
12. as soon as the video begins to play you can stop it.

 

post-3617-0-69928600-1399060065_thumb.png

Link to comment
Share on other sites

Been testing the ESS build Marcos provided for about a week now and it seems the missing popup issue is completely gone. Even after several days of continuous uptime, I instantly get the message prompt whenever I delete an existing rule for testing purposes.

 

Thanks for the effort you guys out into this, much appreciated

Link to comment
Share on other sites

Been living with invisible firewall promts for months now, glad it's finally getting fixed (I just asked Marcos for a link to the new build, hope it works)...

Link to comment
Share on other sites

I got the same issue running ESET 7.0.302.26 with interactive mode on windows 7 64-bit... it's just a shame, i've pinpointed somewhat an explanation... didn't read the whole topic...

 

The issue starts arising atleast for me after i suspend and resume the computer, i can't say this exactly but after few days with the computer ON, it just deny's me any connection that isn't on the rules or is on it but to "ask" without prompting anything... current rules that has "allowed" in it already works fine, any new program won't be able to connect to the internet.

 

I saw post above, is there a fix coming? I've been using this since version 4 on windows xp, and i detect none issue with that since this 7.xx version...

 

Glad i saw this topic, i was just about to create one...

 

But, as said above somewhere, restarting the computer does solve the problem... but that's not always an option.

Edited by goldfish
Link to comment
Share on other sites

[goldfish] I saw post above, is there a fix coming? (...) But, as said above somewhere, restarting the computer does solve the problem... but that's not always an option.

 

You can prevent it from happening, read how to do it here, https://forum.eset.com/topic/2124-firewall-interactive-mode-not-working-properly/page-2#entry13169. (Ie. almost always, read here, https://forum.eset.com/topic/2124-firewall-interactive-mode-not-working-properly/page-2#entry13531, ie. "1. (20140428) ...". But this is, I'm sure, a problem very distinct from the hiding firewall popups bug you're experiencing. Read my just mentioned 2nd posting and this thread, https://forum.eset.com/topic/2278-getting-fed-up-with-firewall/, to dive deeper into this problem...)

 

If you're "in this bug", restarting is your only (and by far the easiest) option.

 

You can request a corrected version, I think (others have it, and I too), look at this:

 

[Marcos] (...) If somebody is willing to try out the new build of ESS, feel free to drop me a pm.

 

With this version the hiding firewall popups bug should be fixed.

 

Link to comment
Share on other sites

I see this issue was reproduced In February. Please tell me you are close to a fix here soon or a decent work around. This is causing major major issues and I find myself completely disabling my firewall time to time when I'm in a pinch and HAVE to get an application working. This issue is pretty much a deal breaker for me if this isn't fixed pretty soon. I'm surprised its taking  this long.

Link to comment
Share on other sites

  • 3 weeks later...

And what happened with this new ESS build?

Apparently it is around for about a month, maybe more.

 

Do we all have to send a PM to Marcos? Is this a new (maybe even official) procedure of getting a new build? Or is it going to be tested till arrival of the ESS 8?

What is the problem with this whole thing anyway?

I'm responsible for 395 computers, and I have better things to do than resolving this annoying issue by manually installing new build on each device.

 

Please, fix this issue NOW.

Link to comment
Share on other sites

All this time I was thinking it was related to a RAM issue since Nov, 2013. (Interactive Policy Option as well)

 

https://forum.eset.com/topic/1420-process-not-ending/#entry7841

 

Bascially when running an app that connects to the net and is not on the firewalls policy list, it should pop-up a notification to allow/deny etc. Sometimes it will not do that and will bascially lock the .exe in place which denies termination via task manager or Unlocker. When it does show a pop-up and then quitting and running the app again (if you only temp allowed/denied), it would sometimes not show the pop-up at all which may lead to a half-loaded app/app crash (which when terminating the task from desktop view will remain in the task managers process list). This forces a user to reset/reboot in order to free up the apps from locked state by ESET. This has never happend in previous versions of ESET before and only started happening in v7 from what I can tell. I am currently on v7.0.302.26 where this still occurs but will try the newer v7.0.317.4 in hopes that this issue is addressed. Really annoying and I hope this gets fixed if it hasn't already been fixed.

Edited by Morisato
Link to comment
Share on other sites

  • 2 weeks later...

I confirm that problem "pop-up notification".

What i did is this:

If an application gets stucked because i cannot see the pop-up window of Eset - i open taskmanager and i KILL egui.exe (i use Anvir Task Manager free version).

What happens? the hidden Eset pop-up appears. I dont have to reboot the PC and the application stops freezing...

 

Just try it, i hope it works for you too

(Of course no perfect solution - but at least it works) ;)

 

Scuba (nitrox diver)

Link to comment
Share on other sites

I think he is saying that is a work around for the older version.

Yep I think so too :)  But if he upgrades he shouldn't need to do a work around.

Edited by SweX
Link to comment
Share on other sites

  • 2 months later...
  • Administrators

I also have this issue.  Interactive mode is broken as I get zero popups.  The mode simply does not work.  Will this issue ever get adressed?

 

This has already been fixed. Make sure you have the latest version 7.0.317 installed.

Link to comment
Share on other sites

 

I also have this issue.  Interactive mode is broken as I get zero popups.  The mode simply does not work.  Will this issue ever get adressed?

 

This has already been fixed. Make sure you have the latest version 7.0.317 installed.

 

I have 7.0.302.26.  So I need to uninstall and reinstal as ESET says it's up to date.  Also if so, where do I get the 7.0.317 version? 

edit: never mind.  I uninstalled and reinstalled.  I'm geting popups again :)

Thanks.

 

PS: Auto update should auto update shouldn't it or at least tell you you need to reinstall?

Edited by abram730
Link to comment
Share on other sites

Hello,

 

No, the 7.0.317 build was not released as a PCU so it is not pushed out via the in-built updater. Users have to download it manually, but users can install over their current installed version if they like. :)

Link to comment
Share on other sites

  • 4 months later...
  • 7 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...