liewjp 0 Posted October 1, 2014 Share Posted October 1, 2014 Hi, I have installed ESET Smart Security Version 8 (registered version) and encountered error message at Microsoft Visual Studio 2010 (Ultimate version) during debugging as below : [unable to start debugging on the web server. The debug request could not be processed by the server due to invalid syntax.] I have tried temporary stop the ESET firewall and ESET protection, but the problem still persist. Finally I uninstall ESET Smart Security Version 8 and re-install ESET Smart Security Version 7, then everything seem fine. I do believe there are some settings in ESET Smart Security Version 8 caused the problem. Kindly advise and assist, thanks. Regards, Steven Liew Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 2, 2014 Administrators Share Posted October 2, 2014 Hello, does disabling HIPS and restarting the computer make a difference? If not, what about renaming C:\Windows\System32\drivers\eamonm.sys or eamonm.sys in safe mode, one at a time? Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 2, 2014 Author Share Posted October 2, 2014 Hi, I've just disable HIPS and restarting the computer, but it make no difference. I can't boot my company pc in safe mode due to my company policy and limited access right. I was wondering can I find the root caused in Windows Event Viewer or Eset log (if exist). Link to comment Share on other sites More sharing options...
RonF 0 Posted October 3, 2014 Share Posted October 3, 2014 I am having exactly the same issue and the same error message today after installing version 8 but mine is with Visual Studio 2012. Regards, Ron Fluegge Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 3, 2014 Author Share Posted October 3, 2014 Hi, Have you able to identify the problem and what is your workaround ? Uninstall ESET Smart Security Version 8 or downgrade to version 7 ? Regards, Steven Liew Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 3, 2014 Share Posted October 3, 2014 What happens if you add the vstudio directory or exe to exclusions on real time ? 2010: "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe" Link to comment Share on other sites More sharing options...
RonF 0 Posted October 3, 2014 Share Posted October 3, 2014 (edited) I only have installed the NOD32 version 8 Antivirus; not Smart Security. The original post and mine appear to involve debugging a web app running under IIS on the development machine with Visual Studio. Is there an issue with NOD32 and IIS? I too resolved the issue by uninstalling NOD32 version 8 and reinstalling NOD32 version 7. Since we're an ISV, I don't have the luxury of having 8 installed while I'm out of business and not able to debug one of our web apps. I'd like to try the exclusion setting but 7 does/did not require it ... so it is in the code changes between 7 and 8. Ron Edited October 3, 2014 by RonF Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 4, 2014 Author Share Posted October 4, 2014 Can I compress the memory dumps alongside with ESET SysInspector and send Eset via private message for further investigation ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 4, 2014 Administrators Share Posted October 4, 2014 Without narrowing it down to a particular module, manually generated dump will most likely be useless. Try the following, one at a time and try to reproduce the issue after each step: - disable real-time protection - disable protocol filtering in the advanced setup - disable HIPS and restart the computer - rename C:\Windows\System32\drivers\ehdrv.sys in safe mode - rename C:\Windows\System32\drivers\eamonm.sys in safe mode. As for starting Windows in safe mode, perhaps Ron will be able to try that and will let us know about his findings. Link to comment Share on other sites More sharing options...
RonF 0 Posted October 5, 2014 Share Posted October 5, 2014 What does temporarily disabling protection do relative to the first 3 test steps above? The original poster and I both did that and it did not fix the issue. Because of current development activities, I will not be able to reinstall version 8 and test in safe mode for several weeks. Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 7, 2014 Author Share Posted October 7, 2014 Hi, Please refer my following steps as below : - disable real-time protection (doesn't work, problem persist)- disable protocol filtering in the advanced setup (doesn't work, problem persist)- disable HIPS and restart the computer (doesn't work, problem persist)- exclusions on real time (doesn't work, problem persist) As mentioned, I can't rename C:\Windows\System32\drivers\ehdrv.sys and C:\Windows\System32\drivers\eamonm.sys in safe mode due to company policy and limited user access right. Obviously there are something not right with ESET Smart Security Version 8 compare with Version 7. Meanwhile I have uninstall ESET Smart Security Version 8 and re-install ESET Smart Security Version 7 again. Regards, Steven Liew Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted October 8, 2014 ESET Moderators Share Posted October 8, 2014 Hello, after disabling some protection system restart is required in order to complete the unloading. In case it is a web app you would suspect Protocol filtering. Can somebody with this issues please try to disable it and restart the system to check if the issue persists? Thank you in advance. Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 8, 2014 Author Share Posted October 8, 2014 Hi, For your information, I did performed each steps and followed by restart system, but the problem still persist. Let wait for other user to test and proof the issue. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted October 9, 2014 ESET Moderators Share Posted October 9, 2014 Hello, can you please try switch update more to prerelease, update your product check if Internet protection module updates to 1150B anr try to reproduce the situation? In case it fails with this module as well please disable Protocol filtering, restart the machine and try it with it. Please inform us about the results. Thank you very much in advance for cooperation. Link to comment Share on other sites More sharing options...
SweX 871 Posted October 9, 2014 Share Posted October 9, 2014 (edited) Hello, can you please try switch update more to prerelease, update your product check if Internet protection module updates to 1150B anr try to reproduce the situation? In case it fails with this module as well please disable Protocol filtering, restart the machine and try it with it. Please inform us about the results. Thank you very much in advance for cooperation. I just wanted to add some more info incase the user don't know how to do it. How to Enable pre-release updates.... hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3415&actp=search&viewlocale=en_US&searchid=1412796137155 After you have updated as instructed in the KB article you can right-click on your systray ESET icon "e" and click "About" then look up the "Internet Protection Module" to see if you now have 1150B. When you have the new 1150B IPM module try to reproduce the problem. But if the new module does NOT fix the problem, then open the GUI press F5 and uncheck "enable application protocol content filtering" as seen in this screenshot: hxxp://i.imgur.com/syeVHGi.png . After that reboot your system, and then try to reproduce the problem with protocol filtering disabled. Edited October 9, 2014 by SweX Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 10, 2014 Author Share Posted October 10, 2014 Hi, After enable pre-release updates, the new module ("Internet Protection Module" - 1150B) doesn't fix the problem. Open the GUI press F5 and uncheck "enable application protocol content filtering" and reboot the system, and then problem solved. But web access protection show Non-functional status and Anti-Phishing protection show disable status as at attachment, and this become my another concern as well. Kindly advise and assist, thanks. Regards Steven Liew Link to comment Share on other sites More sharing options...
SweX 871 Posted October 10, 2014 Share Posted October 10, 2014 Thank you for confirming that IPM module 1150B does NOT fix the problem. But disabling protocol filtering does fix it. Yes that you see those red dots is normal after you have disabled protocol filtering. I don't know what ESET want you to do next, but I would re-enable protocol filtering until you hear further instructions from ESET. Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 11, 2014 Author Share Posted October 11, 2014 For me, disabled protocol filtering doesn't really solved my problem, even it was the root caused. Disabled it only bypass one problem and create another two problems to me (without web access protection & anti-Phishing protection). Anyhow I will uninstall version 8, and reintall version 7 again. Regards, Steven Liew Link to comment Share on other sites More sharing options...
SweX 871 Posted October 11, 2014 Share Posted October 11, 2014 (edited) For me, disabled protocol filtering doesn't really solved my problem, even it was the root caused. Yes, and now we know that disabling protocol filtering help in this case. We wanted to find the root of the problem, and now we know that protocol filtering most likely has something to do with it. Disabled it only bypass one problem and create another two problems to me (without web access protection & anti-Phishing protection). I know what you mean. But that is not a problem as the one you're reporting about, this is expected to happen, but you only disabled protocol filtering for a test, ESET does not mean that you should have protocol filtering disabled from now on. You only disabled it to find out if it would fix the problem you report about, or not. And now we know that it did as you confirmed that, so now you should enable protocol filtering again until we hear back from ESET. Edited October 11, 2014 by SweX Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 11, 2014 Author Share Posted October 11, 2014 OK, then I will keep my fingers crossed and wait for the total solutions. Hopefullly won't have to wait too long to get the new fixes. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted October 14, 2014 ESET Moderators Share Posted October 14, 2014 Hello, O.K., good now we are 100% sure that the issue is caused by Protocol filtering, thank you Steven. Now we need to find the root cause of the issue. May I kindly ask someone facing this issue to provide us with Internet protection.pcaps?: 1. Enable dumping to Internet protection pcaps by importing the dump_to_pcaps-enable-home.xml into settings 2. Reproduce the problem, note the time (with time zone information) when the problem occured (e.g. 14.10.2014 at 16:14:30 UTC +0900). 3. Disable the dumping by importing dump_to_pcaps-disable-home.xml into settings 4. pack the files EsetProxyInner.pcap and EsetProxyOuter.pcap (located in "c:\ProgramData\ESET\<product name>\Diagnostics" for ESS8 and EES6 and newer, in "c:\" for the rest) upload to safe location and PM me a download link. Please provide us with info: Time from step 2 any error messages that were displayed description of the problem i.e. reference to this topic. OS, ESET product and Internet protection module version. Thank you very much in advance for cooperation. P.R. Link to comment Share on other sites More sharing options...
rugk 397 Posted October 14, 2014 Share Posted October 14, 2014 (edited) @Peter Randziak Interesting XML files you have there. But they don't seem to be XML files. They seem to be HTML files. So I think you posted the wrong files. You posted internally HTML files... Not good. (but there aren't any sensitive information included AFAIK) @ESET Anyway I tried to test to import the config files. It showed nothing. But because I was quite sure this aren't the correct config files I tried to do the stupidest thing you could do - import a picture as your configuration. And it showed nothing! So maybe this is a bug - maybe it is just a missing thing, so take it either as a bug report or as a suggestion. But the user should get some information when importing and exporting the configuration. A simple notification like "configuration was successfully imported" or "error at importing configuration" (even this isn't shown!). @liewjp / Steven So that you don't have to wait and I modified the XML files and extracted the real configuration files and attached them here. I tested them and it worked (there should popup a message from ESET that you are currently saving dumps of the Protocol filtering). Internet_protection_dumping_enable_and_disable_corrected_by_rugk.zip Edited October 14, 2014 by rugk Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 15, 2014 Author Share Posted October 15, 2014 Hi, @Peter Randziak I've send the files and information as requested via PM to you. Looking forward for your reply and feedback. @Rugk Thanks for provided the modified XML. Thank you, I really appreciate it. Regards, Steven Liew Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted October 15, 2014 ESET Moderators Share Posted October 15, 2014 Hello, sorry my fault with wrong .xml files, thank you RugK for pointing on it. Correct files are attached here in this post. Thank you once again. Internet_protection_dumping_enable&disable.zip Link to comment Share on other sites More sharing options...
liewjp 0 Posted October 15, 2014 Author Share Posted October 15, 2014 Hi Peter, For your information, I have used the .xml files provided by RugK and reproduce the issue. Regards, Steven Liew Link to comment Share on other sites More sharing options...
Recommended Posts