Jump to content

Encountered problem in ESET Smart Security Version 8


Go to solution Solved by liewjp,

Recommended Posts

Hi,

 

  I have installed ESET Smart Security Version 8 (registered version) and encountered error message at Microsoft Visual Studio 2010 (Ultimate version) during debugging as below :

 

  [unable to start debugging on the web server. The debug request could not be processed by the server due to invalid syntax.]
 
  I have tried temporary stop the ESET firewall and ESET protection, but the problem still persist.
 
  Finally I uninstall ESET Smart Security Version 8 and re-install ESET Smart Security Version 7, then everything seem fine.
 
  I do believe there are some settings in ESET Smart Security Version 8 caused the problem.  
 
  Kindly advise and assist, thanks.
 
  Regards,
  Steven Liew 
 
 

post-5320-0-71582200-1412159744_thumb.jpg

Link to comment
Share on other sites

  • Administrators

Hello,

does disabling HIPS and restarting the computer make a difference? If not, what about renaming C:\Windows\System32\drivers\eamonm.sys or eamonm.sys in safe mode, one at a time?

Link to comment
Share on other sites

Hi,

 

  I've just disable HIPS and restarting the computer, but it make no difference. I can't boot my company pc in safe mode due to my company policy and limited access right.

 

  I was wondering can I find the root caused in Windows Event Viewer or Eset log (if exist).

Link to comment
Share on other sites

I am having exactly the same issue and the same error message today after installing version 8 but mine is with Visual Studio 2012.

 

Regards,

 

Ron Fluegge

Link to comment
Share on other sites

Hi,

  

  Have you able to identify the problem and what is your workaround ? Uninstall ESET Smart Security Version 8 or downgrade to version 7 ?

 

Regards,

Steven Liew

Link to comment
Share on other sites

What happens if you add the vstudio directory or exe to exclusions on real time ?

 

2010:

"C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe"

Link to comment
Share on other sites

I only have installed the NOD32 version 8 Antivirus; not Smart Security.

 

The original post and mine appear to involve debugging a web app running under IIS on the development machine with Visual Studio.  Is there an issue with NOD32 and IIS?

 

I too resolved the issue by uninstalling NOD32 version 8 and reinstalling NOD32 version 7.  Since we're an ISV, I don't have the luxury of having 8 installed while I'm out of business and not able to debug one of our web apps.  I'd like to try the exclusion setting but 7 does/did not require it ... so it is in the code changes between 7 and 8.

 

Ron

Edited by RonF
Link to comment
Share on other sites

Can I compress the memory dumps alongside with ESET SysInspector and send Eset via private message for further investigation ?

Link to comment
Share on other sites

  • Administrators

Without narrowing it down to a particular module, manually generated dump will most likely be useless. Try the following, one at a time and try to reproduce the issue after each step:

- disable real-time protection

- disable protocol filtering in the advanced setup

- disable HIPS and restart the computer

- rename C:\Windows\System32\drivers\ehdrv.sys in safe mode

- rename C:\Windows\System32\drivers\eamonm.sys in safe mode.

 

As for starting Windows in safe mode, perhaps Ron will be able to try that and will let us know about his findings.

Link to comment
Share on other sites

What does temporarily disabling protection do relative to the first 3 test steps above?  The original poster and I both did that and it did not fix the issue.

 

Because of current development activities, I will not be able to reinstall version 8 and test in safe mode for several weeks.

Link to comment
Share on other sites

Hi,
 
  Please refer my following steps as below :
 
- disable real-time protection  (doesn't work, problem persist)
- disable protocol filtering in the advanced setup  (doesn't work, problem persist)
- disable HIPS and restart the computer  (doesn't work, problem persist)
- exclusions on real time  (doesn't work, problem persist)

 

  As mentioned, I can't rename C:\Windows\System32\drivers\ehdrv.sys and C:\Windows\System32\drivers\eamonm.sys in safe mode due to company policy and limited user access right.

 

  Obviously there are something not right with ESET Smart Security Version 8 compare with Version 7.

 

  Meanwhile I have uninstall ESET Smart Security Version 8 and re-install ESET Smart Security Version 7 again.

 

  Regards,

  Steven Liew

 

 

post-5320-0-66893200-1412645968_thumb.jpg

post-5320-0-12146700-1412645976_thumb.jpg

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

after disabling some protection system restart is required in order to complete the unloading.

In case it is a web app you would suspect Protocol filtering.

 

Can somebody with this issues please try to disable it and restart the system to check if the issue persists?

 

Thank you in advance.

Link to comment
Share on other sites

Hi,

For your information, I did performed each steps and followed by restart system, but the problem still persist.

Let wait for other user to test and proof the issue.

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

can you please try switch update more to prerelease, update your product check if Internet protection module updates to 1150B anr try to reproduce the situation?

 

In case it fails with this module as well please disable Protocol filtering, restart the machine and try it with it.

 

Please inform us about the results.

 

Thank you very much in advance for cooperation.

Link to comment
Share on other sites

Hello,

 

can you please try switch update more to prerelease, update your product check if Internet protection module updates to 1150B anr try to reproduce the situation?

 

In case it fails with this module as well please disable Protocol filtering, restart the machine and try it with it.

 

Please inform us about the results.

 

Thank you very much in advance for cooperation.

I just wanted to add some more info incase the user don't know how to do it.

 

How to Enable pre-release updates....

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3415&actp=search&viewlocale=en_US&searchid=1412796137155

 

After you have updated as instructed in the KB article you can right-click on your systray ESET icon "e" and click "About" then look up the "Internet Protection Module" to see if you now have 1150B.

 

When you have the new 1150B IPM module try to reproduce the problem.

 

But if the new module does NOT fix the problem, then open the GUI press F5 and uncheck "enable application protocol content filtering" as seen in this screenshot: hxxp://i.imgur.com/syeVHGi.png . After that reboot your system, and then try to reproduce the problem with protocol filtering disabled.

Edited by SweX
Link to comment
Share on other sites

Hi,

 

  After enable pre-release updates, the new module ("Internet Protection Module" - 1150B) doesn't fix the problem.

 

  Open the GUI press F5 and uncheck "enable application protocol content filtering" and reboot the system, and then problem solved.

 

  But web access protection show Non-functional status and Anti-Phishing protection show disable status as at attachment, and this become my another concern as well.

 

  Kindly advise and assist, thanks.

 

  Regards

  Steven Liew

 

  

 

 

post-5320-0-35721500-1412907238_thumb.jpg

post-5320-0-95054100-1412907252_thumb.jpg

post-5320-0-66744900-1412907261_thumb.jpg

Link to comment
Share on other sites

Thank you for confirming that IPM module 1150B does NOT fix the problem. But disabling protocol filtering does fix it.

 

Yes that you see those red dots is normal after you have disabled protocol filtering.

I don't know what ESET want you to do next, but I would re-enable protocol filtering until you hear further instructions from ESET. 

Link to comment
Share on other sites

For me, disabled protocol filtering doesn't really solved my problem, even it was the root caused. Disabled it only bypass one problem and create another two problems to me (without web access protection & anti-Phishing protection).

Anyhow I will uninstall version 8, and reintall version 7 again.

Regards,

Steven Liew

Link to comment
Share on other sites

For me, disabled protocol filtering doesn't really solved my problem, even it was the root caused. 

Yes, and now we know that disabling protocol filtering help in this case. We wanted to find the root of the problem, and now we know that protocol filtering most likely has something to do with it.

 

Disabled it only bypass one problem and create another two problems to me (without web access protection & anti-Phishing protection).

I know what you mean. But that is not a problem as the one you're reporting about, this is expected to happen, but you only disabled protocol filtering for a test, ESET does not mean that you should have protocol filtering disabled from now on. You only disabled it to find out if it would fix the problem you report about, or not. And now we know that it did as you confirmed that, so now you should enable protocol filtering again until we hear back from ESET.

Edited by SweX
Link to comment
Share on other sites

OK, then I will keep my fingers crossed and wait for the total solutions. Hopefullly won't have to wait too long to get the new fixes.

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

O.K., good now we are 100% sure that the issue is caused by Protocol filtering, thank you Steven.

 

Now we need to find the root cause of the issue.

 

May I kindly ask someone facing this issue to provide us with  Internet protection.pcaps?:

1. Enable dumping to Internet protection pcaps by importing the dump_to_pcaps-enable-home.xml into settings
2. Reproduce the problem, note the time (with time zone information) when the problem occured (e.g. 14.10.2014 at 16:14:30 UTC +0900).
3. Disable the dumping by importing dump_to_pcaps-disable-home.xml into settings
4. pack the files EsetProxyInner.pcap and EsetProxyOuter.pcap (located in "c:\ProgramData\ESET\<product name>\Diagnostics" for ESS8 and EES6 and newer, in "c:\" for the rest) upload to safe location and PM me a download link.
 
Please provide us with info:
Time from step 2
any error messages that were displayed
description of the problem i.e. reference to this topic.
OS, ESET product and Internet protection module version.
 
Thank you very much in advance for cooperation.
 
P.R.
Link to comment
Share on other sites

@Peter Randziak

Interesting XML files you have there.

 

But they don't seem to be XML files. They seem to be HTML files.

So I think you posted the wrong files. You posted internally HTML files... Not good. (but there aren't any sensitive information included AFAIK)

 

@ESET

Anyway I tried to test to import the config files. It showed nothing.

But because I was quite sure this aren't the correct config files I tried to do the stupidest thing you could do - import a picture as your configuration.

And it showed nothing!

 

So maybe this is a bug - maybe it is just a missing thing, so take it either as a bug report or as a suggestion.

But the user should get some information when importing and exporting the configuration. A simple notification like "configuration was successfully imported" or "error at importing configuration" (even this isn't shown!).

 

@liewjp / Steven

So that you don't have to wait and I modified the XML files and extracted the real configuration files and attached them here. I tested them and it worked (there should popup a message from ESET that you are currently saving dumps of the Protocol filtering).

Internet_protection_dumping_enable_and_disable_corrected_by_rugk.zip

Edited by rugk
Link to comment
Share on other sites

Hi,

 

  @Peter Randziak

  I've send the files and information as requested via PM to you. Looking forward for your reply and feedback.

 

  @Rugk

  Thanks for provided the modified XML.

 

  Thank you, I really appreciate it.

 

  Regards,

  Steven Liew

    

 

 

 

Link to comment
Share on other sites

Hi Peter,


 


  For your information, I have used the .xml files provided by RugK and reproduce the issue.


  


Regards,


Steven Liew


Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...