Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Eset Smart Security 5 firewall and HIPS questions

  1. #1
    Join Date
    Mar 2011
    Posts
    73

    Eset Smart Security 5 firewall and HIPS questions

    Hello, Been out way way too long... Hope you guys can help me and shed some light on a GRC Shields UP fail I am having and problems with the HIPS function. Recently I installed Eset Smart Security ver5 in a Windows 7 x32 pc. When finished I got a, "Ping Reply: RECEIVED (FAILED) Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation." The browser I am running this test is FF 11 inside Sandboxie. Without SBIE the result is the same. With Google Chrome, the same also with/without the use of SBIE. The test was on a wired connection(not behind a router --I hooked it on a dial-up connection). On a router it was all good and TrueStealth. But that's because of the router. Now I need to be safe while using the wired connection/dial-up as I use both. Anyone familiar with the Eset firewall....? What settings can I adjust in the firewall to pass this ping fail...? What settings should be checked...? Kindly see the settings. Do you guys know what I can check in the settings or something....? First time I got that "Ping Reply: RECEIVED (FAILED)" and frankly I don't know what to do. I always got a TrueStealth from GRC with CIS, Outpost, Online Armor, even the Avira IS 2012 firewall. To check I loaded a clean system image without AV/firewall only MalwarebytesPro, installed Avast IS Build 1426(default settings). Connected to the same conditions as what I try --dial-up connection/wired. It passed GRC. Did the same thing again and installed just Outpost Firewall Pro. There was no "Ping Reply: RECEIVED (FAILED)". Settings were at default. Now I seem to have read somewhere that the "Ping Reply: RECEIVED (FAILED)" is connected to ICMP. I see a setting there (see image) "ICMP protocol message checking" and "Covet data in ICMP protocol detection". I checked and un-checked both but the results were the same. How does ICMP affect that..? What may be the ill effects of that "Ping Reply: RECEIVED (FAILED)"..? What should be a good setting for it or remedy for it..? On the HIPS, I cannot seem to block a link that can be launched in an application window. By experience with Comodo and Online Armor I can block that in the HIPS portion to "not start an application". ESS has this also one, like for example: Source application : C:\Program Files\CCleaner\CCleaner.exe Action: Block Target Application: Start new application Over these applications: C:\Program Files\Mozilla Firefox\firefox.exe Now for other applications like for example a game that I have downloaded not so long ago that connects to the internet after exiting. I place that same rule and the browser will not launch and the HIPS blocks it. I seem to see that CCleaner and TheKMPlayer has he same behavior. Placing that rule is invalid. The browsers launches. Same rule for KMPLayer but instead of FF it's IE. I placed the IE folder there in the "Over these application" but it still launches. Now I saw in Comodo forums, that KMPlayer behavior can be blocked by denying access to protected COM interface in D+. Maybe CCleaner is the same...Problem is I do not know where/how can I do that in Eset HIPS. Where is that COM interface located...? Anyone know how to do this stuff...? How can I make a rule in Eset about blocking shell links or "links" that are set to launch browsers onced clicked...? First time using Eset and I'd like to use this license that I got but this is bugging me...do I need to panic or something... HELP. Thank you
    Last edited by jason7619; 11-04-12 at 06:39 PM. Reason: posted sentences overlap..

  2. #2
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    I really do not know much about ESET firewall so cant help you there. I have to test it myself. Kaspersky also fails the test but changing 2 rules makes it achieve trustealth. Have no idea with ESET 5. I would suggest for more granular control switch to Comodo Firewall or switch to a suite like Kaspersky or Norton with which you dont have to configure much. IF you PC responds to a ping reply means that anybody who sends a packet to you your pc responds to that person. This is the most common way to find if the host is alive ie the computer is online. This defeats the all ports stealthed by ESS as your pc actually responds to a packet meaning the attacker knows that you are online. See Esets guides how to configure firewall and HIPS. I have heard their guides are easy to understand and have a lot of pictures. Actually even Windows Firewall will give you true stealth.

  3. #3
    Join Date
    Mar 2011
    Posts
    73
    Hello avibky, Nice to see you doing the rounds here. You are truly a help here. Reason why I used ESS ver5 is that I obtained a license and not wanting to waste it --I used it. The dealer said that it has a shelf life but apparently it does not. So I was duped into using it actually. So I intend to use it. I find the Eset firewall "different". About Kaspersky Labs KIS 2012 firewall, yeah the girlfrined is using one and we have done that adjustment and obtained TruStealth, quite nice actually. Program has improved and to my surprise was "light" unlike the 2011 version I tried last year. The Eset guides was a waste of time. True they have this nice pictures but is not designed for something like this. Hell I even posted in another forum asking for help from Eset guys and I am getting a feeling that they don't wanna respond to the issue. Saw some issues with the GRC "Ping Reply: RECEIVED (FAILED)" is connected to ICMP also there. So it's not only me who has this one. The HIPS issue is also unclear to me. I cannot block the issue I have posted in Eset firewall/HIPS. On some .exe it did blocked the launch of the default browser. But this one specifically as that of CCleaner and KMPlayer it failed. Is there any site that is safe to go to test this "Ping Reply: RECEIVED (FAILED)" is connected to ICMP". other than PCFlank..? With PCFlank I am getting a full stealth which confuses me. Again thanks for the help. jason

    ---------- Post added at 11:07 PM ---------- Previous post was at 11:03 PM ----------

    On a lighter note, I seem to have this problem when I post.....although I type with spaces, I get the display packed. I was thinking it was because I used WordPad but I did the latest post in the Quick repl but ended up the same. Any ideas there...? Jason

  4. #4
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Hi jason do i know you? You seem to know me. Okay your best option now is it contact ESET support. But mind you, I have tried many supports of different Av companies and most of them do not know what is stealthing. Most of the time i figure out what to do. But you out of luck cuz have never tried ESET5. I keeping on changing AV's but never got a ESET license so did not try it.(was gonna buy it but shops were out of stock). I would suggest you a very good option. Go to malwaretips.com. Create an account and posts this question. Many security junkies like me are over there and there are 2-3 like Mr Xidus who have used ESET. As you said ESET does not have a shelf life until i know. IF you have any other av switch to it. For stealthing all ports in KIS check out my guide in avitech or malwaretipsReport back for other issues. Probably i may install ESET and see what can be done.

  5. #5
    Join Date
    Mar 2011
    Posts
    73
    Hi, Your reply is also packed and not arranged like mine. Anyway, no I do not know you MalwareTips.com hmmm..that's where I got a KIS 2012 tip complete with video demonstration. It's a nice guide I gave to my girlfriend. Yes I'll gonna visit later there. Support has not replied to me yet. The support forum they have at Wilder's also seem to be busy to take a look at my predicament. The HIPS question I posted there still isn't replied to. This will weigh in on whether to get another Eset product or not. You have a nice day

  6. #6
    Join Date
    Dec 2010
    Posts
    775
    avibky: If you like, I can give you trial license of Smart Security v5 to start with at the beginning. I am now also using it as trial for 3 months and will then change back to Kaspersky Internet Security 2012 thereafter.

  7. #7
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Ya this is something new. In GRC when i tested AVG Internet Security i got most ports closed and some other stealthed. And two open. Same result with quickheal. I think those firewalls which Agnitum Outposts technology as do avg and quickheal give this result. But interestingly pcflank gives me full stealth. Best I am gonna use NMap or Nesus to find out.

  8. #8
    Join Date
    Mar 2011
    Posts
    73
    Hi avibky, NMap or Nesus...Hmmmm How do you use those two..? Can you point me towards using them Incidentally as I posted in the other forum you suggested I got some help there. Thanks for that. Sad to note that issue is the same and as you saw it had a couple of experiments using other firewalls in combination with the AV version only (Nod32). Using ESS seems and feels like KIS 2012 in lightness but ESS is a notch lower versus KIS(well in my own observation). I like KIS better. Maybe I'll get a better rsult with NMap or Nesus. Thanks for the help dude

  9. #9
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Look here for Nmap . In the download section find the windows self installer. Download and install and run a regular scan. Soon I will blog about using nmap so dont worry. Try AVG IS in the meantime. Thanks hakah if I am writing a review on it i will ask for it.

  10. #10
    Join Date
    Mar 2011
    Posts
    73
    Quote Originally Posted by avibky View Post
    Look here for Nmap . In the download section find the windows self installer. Download and install and run a regular scan. Soon I will blog about using nmap so dont worry. Try AVG IS in the meantime. Thanks hakah if I am writing a review on it i will ask for it.
    Hi avibky,

    Sorry for the late reply. Been busy at work. Thanks for the link. Been reading it and I seem to see that it's not tailored for dial-up...yes? Or I just misread it...On the issue at hand. Still no reply from Eset support and I am no leaning on just using the AV component so as not to waste the license I got. I believe thsi will be the final test on Nmap and if this one fails then ESS goodbye and Nod32 and probably Online Armor Premium or Outpost Firewall pro.

    Will get back here upon your reply and when I have tested with Nmap.

    Thanks

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •