Connection issues with ESET Smart Security 8 firewall

[Seagull 8]

I have ESET Smart Security 8 (8.0.301.0) installed which I installed about a week ago over ESET Smart Security 7.

 

The problem I am having is my connection keeps dropping to my router and the internet. Webpages are also loading very slow and eventually the connection drops. This issue just started today, the last past week with version 8 was running flawlessly.

 

I checked my firewall logs and its being flooded with this...

 

 

10/13/2014 12:44:32 PM Packet blocked by active defense (IDS) 192.168.x.A 192.168.x.B ARP

 

 

(A being my router, and B being my machines IP.)

 

 

 The firewall logs keeps scrolling and scrolling and being flooded with this and I believe it is the source of the problem.

 

I did some troubleshooting and fully shutting down the firewall, IDS, and Botnet protection makes all my issues completely go away.

Now if I shutdown, lets say, just the firewall or Botnet protection or IDS, the problem persists. Only when I completely shutdown all 3 does the issue go completely away.

 

I am out of ideas and lost at this point so any advice or help would be appreciated.

 

Thanks. 

[Marcos 5,070]

How did you disable the firewall? By selecting "Temporarily disable firewall" from the icon right-click menu?

[Seagull 8]

On the user interface, I clicked on "Setup" then under "Network" I disable one at a time there.

[Seagull 8]

I don't mean to double post here, but, it seems this issue is a version 8 issue. Going back to version 7 fully resolves the problem.

 

Oh well, I guess I will hold off on version 8.

[rugk 397]

Do you tried enabling pre-release updates?

[Trauko 3]

There are a lot of reasons to stay with windows 7 as long as you can, and I'm not talking about compatibility issues which are minor issues, I'm talking about non-existent privacy under windows 8.1.

[Seagull 8]

@rugk  -    No, I never touch that setting as I was told that those updates may not be stable.

 

 

 

 

@Trauko   -    I am using Windows 7.

 

 

 

 

I have been using ESET Smart Security 7 since my last post and everything has been running great.

[Marcos 5,070]

We'd need you to enable logging blocked connections as well as advanced logging to pcap in the IDS setup. Then clear your firewall log, restart the computer and reproduce the issue.

When done, collect logs using ESET Log Collector and pm me the output along with the pcapng log created in C:\ProgramData\ESET\ESET Smart Security\Diagnostics folder.

[rugk 397]

@Trauko I think @Seagull meant ESS v7 and not Windows 7.

Do he doesn't switched his OS offhandedly, but the version of ESS.

He downgraded from the new v8 of ESET Smart Security to v7, to test if this issue is also there in v7 and it doesn't seems so.

But for future troubleshooting I recommend you to switch to v8 back and follow @Marcos. If you need detailed instructions about the log collector you can find them in the knowledge base.

 

If the issue is resolved then it is of course better to use the new v8 of ESS.

[Seagull 8]

PM sent Marcos.

 

 

Also I want to add, I upgraded back to ESET Smart Security 8 and it is doing the same thing before, connection keeps getting dropped only way to completely stop it is to disable the firewall, Network Attack Protection and Botnet protection.

 

 

Thanks everyone, all your help on this matter is very appreciated. 

[esetreg 0]

I have the same issue, and the only way to fix it when I disabling all the above mentioned 3 protection. Could be new information that the problem existed on version 7 and the upgrade (v8) still have the issue. Do someone know a fix to this?

[xxignis 2]

Hello There.

 

I dont know if anyone still reads this but in any case I found a solution to this problem. The problem seems to be caused ( in my case anyway maybe it'll work for others too ) by a zone rule. When you go to permanently disable firewall with all its options your internet works back normally and perfectly.

 

Now what I did was this : 

 

1. Setup -> Advanced Setup

2. Personal Firewall -> Rules and Zones

3. Rules and Zone editor -> Setup

4. Go to Zone tab

5. Look for DnsIP and remove ALL of them ( yes ESET might have created more than one automated firewall thingy )

6. Create a new one and add your subnet. 

 

Everything works perfectly after that. I hope this helps others too. Also hope the ESET team will find a way to actually fix this because a lot of people might just stop recommeding their software... 

[esetreg 0]

Can't able to work without internet so please investigate the firewall issue.

[Marcos 5,070]

ESET firewall does not create rules automatically unless you switch to learning mode. I rather suspect that you didn't have the Trusted zone configured properly and the remote address was not within the TZ.

[xxignis 2]

I did not switch to learning mode it was automatic with the first install. Second install. Third install. I upgraded from 7 to 8. Then redownloaded 7 and still same issue. Today I redownloaded 8 and I checked the zones without it being in learning mode, everytime I rebooted it showed that pop up with network selection ( public or home ) and when that happens internet simply just dies. After that I went to the zone thingy and there were 3 DnsIP connections automatically generated. When I deleted all and re-added only one with my subnet it worked again. I didnt change the firewall into learning mode I was on automatic mode. Had none of these issues untill I upgraded to 8. 

 

Perhaps when upgrading the settings got messed up or whatever and it needs a fresh install and resetting every single bit of configuration. And with all due respect, I dont think everyone here messed up with their TZ config ^^'' 

[rugk 397]

Zones are something different than rules.

Firewall rules are only created automatically in learning mode - that's correct.

But zones are one or more IP addresses - and some are created automatically from ESS when it detects a connection to a new network.

 

@xxignis

Great that you found the cause of the issue or at least a workaround.

But it's normal that there are 3 zones which names are like this: DnsIp:<one or more IP address(es)>_DhcpIp:<one or more IP address(es)>

In my case some entries there have the IP adresses "Subnet: 192.168.0.0 / 255.255.255.0".

Please note that this "value" is a subnet so e.g. 255.255.255.0 contains all IP addresses (the address range) from 192.168.1.1 to 192.168.1.254.

 

As this zone is automatically set by ESS as a "trusted zone" (when selecting the network as a home network) there should only be added local IP addresses.

 

So, xxignis, what zones are set in your case and what zones you deleted? And what zone do you added afterwards you deleted the old zones?

 

FYI there is also a zone "trusted zone" - this seems to be also automatically generated, but in this zone only contains some IP addresses and when you delete them (only the addresses - you can't delete the whole zone) there is a button "add automatically...", so maybe this adds something different (automatically) when you use it.

Edited December 13, 2014 by rugk

[Marcos 5,070]

The question is if adding your local subnet to the trusted zone manually makes a difference. The thing is ESS automatically creates authenticated zones for the subnet you mark as Home/work network when a new network is detected. For instance, if it creates an authenticated zone localdomain_DhcpIp:192.168.15.254 for the local subnet and your DHCP IP addresses changes, no IP addresses from the local subnet will be considered trusted unless you adjust the settings of that authenticated zone. To make the local subnet independent from your network configuration, add it directly to the Trusted zone in the zone setup.

[esetreg 0]

Sorry to disturbing here, but in my case no zones and no rules changed, so I'm gonna close these out. When the OS is starting I have (let's say about) 15 minutes without loosing the internet and after It needs to manually repair the connection to get internet back for (let's just say about) 5 more minutes and so on and on...

Same conclusion for me, when I disabling all the mentioned 3 protection, the internet staying, just without protection and this nobody wants it.

I have the ESET firewall log window always open separatedly and when I see Packet blocked by active defense (IDS) 192.168.x.A 192.168.x.B ARP I know the net is gone and need to manually repair again.

[xxignis 2]

@rugk Well Im not really a computer tech I guess. I only try to do what I learn little by little. Well my issue went around like this. I updated from 7 to 8 right? After that the next day internet stopped working, first I thought it was my router but soon I found that I couldnt even connect to my router admin page. So I uninstalled eset and downloaded 7 back and yet the same thing happened and note it did not happen before at all so somehow the settings must've gotten saved or something and when Eset 7 ran it automatically took the settings of 8 like the quarantine list, which is why I was recommending to find a way to completely remove everything if anyone wants to reinstall eset. 

 

So then I was looking here and found those "3" firewall rules that needed to be disabled. But what I did was to go to into the advanced settings and firewall and choose "permantently disable firewall" in that moment ESET disabled personal firewall, network attack protection, botnet BUT also Web access protection. Thats when internet started working again. After reboot though the changes didnt get saved. Then I saw someone was talking about manually adding your subnet to the trusted zones. Went there and I found 3 DnsIP. My guess is that there was some sort of conflict in the settings and removal of these upon upgrade and reinstall. I deleted all 3 and I added my subnet naming it home internet and the internet worked again and when I rebooted I didnt get the pop up question "Home network or public network". However I checked now the firewall settings again in the zones and yes you are right it still automatically generates a DnsIp. What I have now in my zones option is a "trusted zone" "DnsIP" my manually added Subnet, local adresses, DNS servers, adress exclusion and notification. 

 

So I dont know maybe for others its something diferent in the settings of eset, but for me this is what fixed it so I just thought I'd share it. 

[esetreg 0]

If I switch my network from public to private the problem is gone, so it's only happening under public. My settings for home network was always public(without problem) because that is safer, but now I can't able to work under public because of this connection issue.

[Marcos 5,070]

If I switch my network from public to private the problem is gone, so it's only happening under public. My settings for home network was always public(without problem) because that is safer, but now I can't able to work under public because of this connection issue.

 

Your local network should be in the trusted zone otherwise you can expect problems with communicating with other devices in the network as crucial services are allowed only in the trusted zone. If it used to work before with your local subnet not being in the TZ (public network), it could be that a bug was fixed in a recent firewall module update and it didn't work correctly before.

[scottls59901 1]

I Was Also having intermittent dropped connection issues on my Win7 Pro laptop (Public- Desktop was OK), and this fixed it/ Reduced boot times 5sec/Great Performance Increase.

It is Always a Good idea to save a Full system image Before making major system changes (I like Macrium Reflect as you can also Easily recover Files/Folders...(free or Paid)!-

 

I switched 3d party defrags- From Defraggler (no replace WDD, puts Many files in MFT)), to free IObits Smart Defrag v3 (did Not download from cnet, as they add crapware...! I Use Safer Softtonic for downloads, then scan with VirusTotal-This will identify some addons that you can Opt out of.

Opted out of addons... on install, and Disable auto-updates on 1st open (supposedly another source of crapware, and Never check for updates from GUI!?) /reboot.

Opened/ hovered over most everything in SD to get it Trusted by ESS/reboot.

This is what fixed internet!- Configured SD (Any Defrag- Always Run as admin!) Enabled Boot defrag configured for Everything (MFT/sys?...) /reboot.

Removed 3,200 files from MFT, and...!- Internet problem went away!

 

Tips!-

Never do any defrag, until after next days cold startup (Trust by ESS Again!/reboot).

Never defrag/ install/uninstall/... Anything on a cold startup (reboot after 40min)!

Never use SD's  Cleanup..., as this corrupted my system! Don't install any of SD's other software!

 

I like Quick Optimize better (Wait 2min on open!- then Always Analyze Twice (ESS will then Trust, and allow All of it's files too)), as the other defrag Options move Huge files to the end of the HD...

 

G'luck!

Scott (software tech)

[SweX 871]

(did Not download from cnet, as they add crapware...! I Use Safer Softtonic for downloads,"

 

They are both PUA swamps, you went from one swamp to another ;-P.

Go with Majorgeeks, Softpedia to name two safer and better examples. (even if I hate the new design of Softpedia)

 

Funny you went from defraggler by Piriform, to SD by IObit, I could understand if you came from IObit to Piriform, but ok. Personally I won't touch anything from IObit with a ten foot pole.

Edited December 19, 2014 by SweX

[rugk 397]

Funny you went from defraggler by Piriform, to SD by IObit, I could understand if you came from IObit to Piriform, but ok. Personally I won't touch anything from IObit with a ten foot pole.

Yes, we already discussed this in this forum somewhere...

https://en.wikipedia.org/wiki/Malwarebytes%27_Anti-Malware#Dispute_with_IObit

 

Interestingly the company seems also be too lazy to host their software on their own servers.

All there downloads redirect to cnet (PUA site) - except of the Smart Defrag download, this one strangely redirects to majorgeeks.

And I'm quite sure that they get a small provision with the PUA-containing cnet downloads...

 

And on this majorgeeks site there is even a "interesting" comment:

I have used this for a long time, but ive abandoned it now that it is

SOOO full of bundleware, and every update any user i install this for

ends up with IOBit Advanced SystemCare installed because they get cant

figure out how to install the updates without being tricked into

installing it EVERY bloody update.

[...]

from Adrian Miller, 5 months ago

Edited April 13, 2015 by rugk

[cutting_edgetech 25]

I just ran into the exact same problem the starter of this thread did with ESS 8 on Windows 7X64. I had just switched my Network type from Home Network to Public Network hoping it would increase my security even though I'm on a Home Network. It caused the exact same problem with the exact same entries in Eset's Log that is described in the first post of this thread. I lost complete internet connectivity. I thought I would mention that here in case it helped others that may run into the same problem. Switching the Network type back to Home Network fixed the problem. ESS will not allow my router because it is not in the trusted zone. I wonder why private network mode will work at a place like a coffee shop, and not at home. It would have to allow connections from there rounter, or internet would fail there as well. Can anyone answer this question?

Edited April 10, 2015 by cutting_edgetech