Smart Security messing with SDS2 running with FLEX LM licensing

[missinaz 0]

Hello:

I run SDS2 steel detailing software on my Windows 7 Professional machine - 64 bit.  The progaram utilizes the Flex LM licensing software.  While working in the software, various commands access the licensing software before completing the command.  Smart Security Personal Firewall is blocking this communication intermittently.  The same command will work for three for four tries - then delay on the next attempt.  AFter about 15-30 seconds, the license throws an error window . . . then immediate does the command.

 

The error is Error trying to get license . . . Cannot ready data from the license server.  The license server process appears to be running, but is not responding.  See attached image of error.

 

I have written exclusions for SDS2 software, and every FlexLM file on my machine.  The only way I can get my system to run without issue is (1) disable the firewall, or (2) unplug my computer from the network.  The second issue is not feasable as I work in an office where I have to share project files with another machine.  That machine also has this delay issue and is also running Smart Security.

 

Pleae help . .  I have tried everything.  My software vendor had me uninstall - on at a time - all programs running on my machine.  It boils down to the only issue is Smart Security.  I hate to go to another antivirus/firewall, but I can't get your program to play nice with my software.

 

Right now I have resorted to System integration setting "only scan application protocols".  My system works, but obviously my firewall is off. 

[missinaz 0]

Hello:

I am running Smart Security 8 on a 64 bit Windows 7 Professional machine.  I run SDS2 software package, which utilizes FLEX LM licensing software.  After most command executions in the software, SDS2 will access the licensing before completing the command.

 

Smart Security is delaying communication with the licensing software on about half of the commands I execute in any given period.  Sometimes the delay is 5 - 10 seconds, and then the command finally runs (it should be instantaneous).  Other times, the delay can last 20-30 seconds, then the Flexlm software will throw an error.  Immediately after the error, the command will execute.  At no time does my licensing software stop running.  These delays are all Smart Security.

 

My system will run fine with commands executing on demand if I do one of the following: (1) disable the firewall completely, (2) set Smart security firewall to scan application protocols only (which renders firewall almost inactive), or (3) completely unplug my machine from the network.

 

I have created an exception rule for every port this software uses, along with every .exe file for the software and flexlm software . . . over 10 different exceptions.  I have also excluded SDS2 and FLEX LM software from scanning of protocols under protocol filtering in the web and email settings.

 

I would really like to keep this software.  I have used others out there and they are all drains on my system.  But I can seem to get this firewall to stop interferring with my legitimate software.  Please help.

[arcanum 0]

How about running smart security firewall in learning mode for a while? If Flex LM causes IDS warnings of something like that, you can check IDS exceptions and then make a custom rule for that and then move the rule first on the list.

Flex LM is a one of the modern software protection schemes around. It uses many techniques to contact license server(s). 

[missinaz 0]

I have used Learning mode . . . and interactive mode.  I allow Smart Secrity to make rules for any and all items dealing with SDS2 and FlexLM.  I still get the delay when running in either of these two modes.  I have to disable the firewall in order to get trouble free performance.

[Marcos 4,720]

When certain communication is blocked, follow the instructions below:

 

- in the IDS setup, enable logging of blocked connections as well as special pcap logging

- clear the firewall log

- restart the computer

- reproduce the issue

- disable logging

- collect logs using ESET Log Collector

- drop me a pm with the output archive as well as the pcapng file from "C:\ProgramData\ESET\ESET Smart Security\Diagnostics" folder.

[missinaz 0]

Yeah . . . this problem solved . . . UNINSTALLED SMART SECURITY.  Windows firewall does not exhibit this restrictive behavior.

[rugk 397]

I'm very sorry that you chose this step.

From our point of view (or at least from my point of view - I don't want to talk in the name of other people) this topic is not solved.

I don't know whether you installed NOD32 instead of ESS, so you would at least have some basic protection. As ESS firewall (or related features) provides more protection than Windows own firewall I wouldn't recommend to switch to Windows own firewall. ESS e.g. has some special features like a Botnet blocker and protocol filtering, which Windows own firewall doesn't have.

 

It would be very nice of you if you could continue troubleshooting the problem, so that ESET will be able to fix it.

In many cases it's also not ESETs fault, but there is an issue in the Windows Filtering Platform, which is used by ESS. As ESS firewall and the Windows firewall handle WFP differently something may work with Windows own firewall, but not with ESS.

If you would help ESET to troubleshoot this problem, then they are surely able to fix this is ASAP.

To do this please follow Marcos instructions above. If you need help don't hesitate to ask - I'm sure someone will help you very soon.

Edited February 2, 2015 by rugk

[missinaz 0]

Well I did follow Marco's instructions . . . about 10 minutes after he posted.  I need to get this resolved sooner than later and when I did not hear anything from him, I went with what allows me to do my job without all the delays.  If he can figure something out I would be willing to reinstall ESS and give it another try.

[rugk 397]

Okay, so if he already has a PM then that's great.

I'm sure they will check it out and try to fix the problem.

[Marcos 4,720]

Just to make sure, does the problem go away after disabling the firewall from the right-click tray icon menu? I've now realized that it may not necessarily fix the issue as you wrote that you only tried changing the integration type to "Only scan application protocols" which helped.

[missinaz 0]

Hello:

The problem resolves if I:

(1) Disable the firewall from the tray icon menu

(2) Set settings to "Only Scan Application Protocols"

(3) Unplug the machine from the network - presumabley disabling internet access

(4) Uninstall ESS and run Eset Antivirus with Windows Firewall

[Marcos 4,720]

Apparently you have several virtual adapters installed which have IPv6 addresses assigned. The problem is that none of the IPv6 addresses is considered local so when the program tries to connect to teredo IPv6 link local address it won't receive a quick notification about closed port but waits until the timeout is reached (which can lead to that 20 sec. delay).

 

Before you proceed with quick solutions, we'd need you to make a list of all active connections by running "netstat -an > netstat.txt". When done, send me netstat.txt attached to a pm.

 

Quick alternate solutions:

1. disable all IPv6 tunneling mechanisms:
netsh int ipv6 isatap set state disabled
netsh int ipv6 6to4 set state disabled
netsh interface teredo set state disable

 

2. disable IPv6 completely (uncheck it in network adapter settings)

 

3. if the software supports specifying the license server, do not use the hostname but IPv4 address instead (ie. 127.0.0.1).

 

 

[missinaz 0]

netstat.txt file sent via PM . . . thanks

[Marcos 4,720]

The log confirmed our assumption. Please use any of the 3 methods listed above to resolve the issue.