Jump to content

EES on OSX 10.10.2 blockades almost http traffic


Megachip

Recommended Posts

Looks like I have a problem with EES (latest V6) blockades almost all of my web traffic. Except google, Facebook and microsoft works. Ping and instant messaging works without problems.

(Except in VirtualBox on that OS X, there all http traffic is blocked)

 

Enable/Disable web filtering and/or filewall doesn't matter.

 

uninstall works.

 

Any clues?

 

EDIT:

Also it destroys a lot of CSS in some websites (like netapp etc), some didn't load at all (blank page). Same as above, enable or disable web filtering doesn't matter.

Edited by Megachip
Link to comment
Share on other sites

  • Administrators

By disabling web filtering you mean disabling web protection or protocol filtering? If the latter, could you post the information about installed modules from the About window? Has the issue started to occur just recently? Does switching to pre-release updates following by running manual update make a difference?

Link to comment
Share on other sites

  • Most Valued Members

Having no issues here with the regular updates (netapp is loading with the CSS). Along with what Marcos said...

  • Do you have any other application that monitors or modifies your network connection (eg. Little Snitch)?
  • How about 'Web Control' (Allowing or blocking URLs or Categories), is that disabled?
  • Does the issue occur on a secondary browser?
  • Are there any entries in the 'Web Control' and 'Filtered Websites' logs (Open EES, go to Tools > Log files > Log: and check the two) that list the websites that are not working?
  • Lastly, are there any messages in the 'Events' log mentioning "Child process proxy" or anything severe (highlighted orange or red) that looks out of the ordinary?
Edited by planet
Link to comment
Share on other sites

Hi Marcos & planet,

 

thx for the fast reply. As described "uninstall works", I can't check your questions and suggestions anymore.

 

But the problem with accessing webpages started at (as far as I remember) on 2nd of april. Sometimes after lunchtime (GTM+2). At this point web-control and firewall was disabled already.

 

The CSS problem exists since I've installed EES.

  • Does the issue occur on a secondary browser?

Didn't test, but afair it worked in virtualBox. 

  • Are there any entries in the 'Web Control' and 'Filtered Websites' logs (Open EES, go to Tools > Log files > Log: and check the two) that list the websites that are not working?

Are these logs accessible after uninstalling?

  • Lastly, are there any messages in the 'Events' log mentioning "Child process proxy" or anything severe (highlighted orange or red) that looks out of the ordinary?
02.04.15 12:25:07,879 esets[265]: error[01330000]: Protoscan Proxy-Agent: Text (0x151000e3:#{Reason}=336592977) kann nicht lokalisiert werden: Fehler beim Scanner-Aufruf
02.04.15 20:25:13,584 esets[288]: error[033b0000]: Protoscan Proxy-Agent: Text (0x1510002d:${Addr}=:80|#{Reason}=336592983) kann nicht lokalisiert werden: Fehler beim Scanner-Aufruf02.04.15 20:25:13,584 esets[288]: error[033b0000]: Protoscan Proxy-Agent: [0x7eb5f000] CONNECT - c_fd=22 s_fd=-1 c_addr=::1:50729 s_addr=2a00:1450:4008:800::100d:80 pid=407 ppid=1 uid=501 ruuid=501 gid=20 app_name=com.apple.WebKi app_path=/Applications/Safari.app/Contents/MacOS/Safari

The following errors seems occurring frequently (but not in the timespan where the problem occurred. Can't remember if I had these problems on the other location (which the 22:XX logs matching) too.

02.04.15 22:54:59,902 ReportCrash[1758]: Saved crash report for esets_proxy[1355] version ??? to /Library/Logs/DiagnosticReports/esets_proxy_2015-04-02-225459_Megs-MacBook-Pro.crash
02.04.15 22:54:59,947 esets[288]: error[011f0000]: ESET Daemon: Untergeordneter Vorgang proxy[1355] hat Signal 11 nicht verarbeitet, Neustart in 0 Sekunden
02.04.15 22:57:28,981 ReportCrash[1764]: Saved crash report for esets_proxy[1759] version ??? to /Library/Logs/DiagnosticReports/esets_proxy_2015-04-02-225728_Megs-MacBook-Pro.crash
02.04.15 22:57:29,034 esets[288]: error[011f0000]: ESET Daemon: Untergeordneter Vorgang proxy[1759] hat Signal 11 nicht verarbeitet, Neustart in 0 Sekunden
02.04.15 22:58:47,062 ReportCrash[1776]: Saved crash report for esets_proxy[1765] version ??? to /Library/Logs/DiagnosticReports/esets_proxy_2015-04-02-225847_Megs-MacBook-Pro.crash
02.04.15 22:58:47,109 esets[288]: error[011f0000]: ESET Daemon: Untergeordneter Vorgang proxy[1765] hat Signal 11 nicht verarbeitet, Neustart in 0 Sekunden
Edited by Megachip
Link to comment
Share on other sites

  • Most Valued Members

Noticing the same issues as Megachip, but with different websites and also includes JS files as well as CSS files.
 
Might also be the reason for the freezes or webpages not loading (trying to get something before loading but failing). I've noticed that JS files are also not loading on some pages - which is the same issue.
 
I found two websites that always has the CSS not working with EES installed, which is DeviantArt and Photobucket.
If you uninstall EES, they load correctly instantly. If you install EES, the issue occurs straight away.
 
No indication of anything blocked in the logs or in statistics of EES, so I have no idea why this is happening.
Safari does give me this message about trying to load the JS and/or CSS file:

Failed to load resource: The network connection was lost.

 
This JS/CSS issue happens as soon as a fresh install is complete, so there is nothing manually configured in EES yet.
Turning off all protection from the 'Setup' tab on the GUI doesn't fix it. Turning on pre-release updates also doesn't fix it for now.
Only workaround is to uninstall EES, which then loads correctly straight after.
 
 

Could you post the information about installed modules from the About window? Has the issue started to occur just recently? Does switching to pre-release updates following by running manual update make a difference?


The issue occurs straight after installation of 6.0.24.0, which has a prerelease virus signature database version in February 2015 built in. Meaning this issue was occurring with modules and VSD in February, and continues to happen with the latest modules and VSD to this day. Switching to pre-release updates does not make a difference.
 

Update module  1056 (20150113)
Antivirus and antispyware scanner module  1452 (20150331)
Virus signature database  11463P (20150412)
Archive support module  1224 (20150401)
Advanced heuristics module  1154 (20150129)
Cleaner module  1107 (20150401)
Translation support module  1329 (20150326)
Internet protection module  1173B.4 (20150331)
Web content filter module  1037 (20141103)
Database module  1064 (20150303)
Mac setting module  1001 (20131204)
Configuration module  1007 (20141208)
Edited by planet
Link to comment
Share on other sites

  • Most Valued Members

I'm noticing that a module being used for Endpoint Security for OS X (and Cyber Security now) is causing the issue (guessing it is the 'Internet protection module').

 

When you install Endpoint Security for OS X, here are the modules/VSD that comes with it out of the box.

The issue occurs as soon as the program is installed.

Update module  1056 (20150113)
Antivirus and antispyware scanner module  1450 (20150126)
Virus signature database  11158P (20150211)
Archive support module  1218 (20150119)
Advanced heuristics module  1154 (20150129)
Cleaner module  1105 (20150120)
Translation support module  1295B (20141212)
Internet protection module  1171B (20150129)
Web content filter module  1037 (20141103)
Database module  1061 (20141124)
Mac setting module  1001 (20131204)
Configuration module  1007 (20141208)

Currently, pre-release updates for Cyber Security (and Pro) are updating the 'Internet protection module' to '1173B.4 (20150331)', matching with Endpoint Security for OS X.

 

Because of this module update, the issue on this topic is happening with Cyber Security (and Pro) as well now. However, the issue is gone with the current 'regular' module of '1164.1 (20150320)' on Cyber Security (and Pro). But, Endpoint Security for OS X comes with '1171B (20150129)' or if you update on the regular release, you receive '1173B.3 (20150324)', which also has the issue... so there is no available module for Endpoint Security that doesn't have this problem, unlike Cyber Security (and Pro).

 

To put it all together, there is something between Cyber Security's '1164.1 (20150320)' and the current module that made this issue begin to occur (on all of ESET's Mac products). If it is not the 'Internet protection module', it would be a different module causing the issue but with the same reason (recent module update is causing it).

Edited by planet
Link to comment
Share on other sites

  • 1 month later...
  • Most Valued Members

An update, both regular and pre-release updates for the Internet protection module has resolved this issue but I needed to restart the Mac for changes to take effect and for websites to load correctly again.

Edited by planet
Link to comment
Share on other sites

  • 1 month later...

Using EES 6.0.24.1 and 6.0.24.0 in combination with ERA 6.x we are experiencing the same thing. Killing the esets_proxy daemon has resolved the issue temporarily, but the problem returned.

Link to comment
Share on other sites

  • Most Valued Members

Using EES 6.0.24.1 and 6.0.24.0 in combination with ERA 6.x we are experiencing the same thing. Killing the esets_proxy daemon has resolved the issue temporarily, but the problem returned.

 

 

Is the issue still occurring after having the 'Internet protection module' updated to 1173.9 (20150617) and then restarting OS X?

If so, are there any websites you can provide for examples to see if I can reproduce the issue?

Link to comment
Share on other sites

  • 4 weeks later...

In my Company we have recently upgraded to ERA 6.x on an brand new Server.

In the beginning everything was fine, but the trouble started with 2 Mac users whom suddenly was unable to browse with any browser Safari, Chrome, Firefox.

User nr.1

We had originally installed Endpoint Security OS X 6.x but I thought is was the firewall causing problems, so we changed it to Endpoint Antivirus 6.x

1. time switch - no change - able to ping - but not browse.

2. after an clean install of Yosemite 10.10 we where able to get Endpoint Antivirus up and running - for a couple of days

3. yesterday though - the problem reoccured, but after a restart, the problem had wanted (for now)

 

User nr.2

Is also on Yosemite

We have been forced to downgrade to Nod32 4.x 

 

and this morning, the same thing happened to me, so I have myself downgraded to Nod32 4.x - now all is good, but it is not an solution.

Please help to get this fixed

Link to comment
Share on other sites

  • 2 weeks later...

 

Using EES 6.0.24.1 and 6.0.24.0 in combination with ERA 6.x we are experiencing the same thing. Killing the esets_proxy daemon has resolved the issue temporarily, but the problem returned.

 

 

Is the issue still occurring after having the 'Internet protection module' updated to 1173.9 (20150617) and then restarting OS X?

If so, are there any websites you can provide for examples to see if I can reproduce the issue?

 

We have recently 'solved' this issue by redirecting the Web Access protection to an unused port - note this effectively disabled the monitoring, but the issues ceased. As Completely disabling web access protection gave those annoying errors in the ERA console. I would like to see this issue get some more attention, as the logs and communication I have had with ESET representatives have led to nothing. I have send logs and other information, but have yet to receive more than 'thank you we received and will get back to you'.

 

Edit: @Planet: Yes issues persisted with 'early updates' and even re-rolls to earlier versions.

Edited by sheane
Link to comment
Share on other sites

  • Administrators

We have ESET Endpoint products 6.1.7.0 available for public testing. What it contains is a new Device Control feature (disabled by default) as well as fixes in esets_proxy and updated modules. You can apply for the beta at hxxp://eset.centercode.com. It should become final within a couple of weeks.

Link to comment
Share on other sites

  • 1 month later...

I see this topic is a bit old, but I was having issues like this with an MSP customer (ESET Endpoint Antivirus for Mac OSX version 6.1.12.0 running on Mac OS X "Lion" 10.7.5) - specifically the following websites were given to me as examples:

 

- aol.com (page never loads)

- pandora.com (site loads, but cannot stream music)

 

Working with Eset support, we did end up disabling the ERA_Proxy to resolve.  Things have been working great since, but I haven't received word on whether it's OK to reinstall the proxy or if it's still an issue?  I'm wondering what protection they've lost not having that proxy running?

Edited by LocknetSSmith
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...