- Apr 13, 2012
- 421
Hello,
I have just installed Eset Smart Security last week and I am getting a fail at GRC test. Failed notice was,
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."
Prior to GRC posting the results I get a pop-up of Inbound Traffic from GRC. Kindly see image. I clicked "Deny" and "Remember Action (Create Rule)". I repeated the test but all 3 failed. This is on wired connection(not behind a router --I hooked it on a dial-up connection). This is the first time I failed GRC.
What settings can I adjust in the firewall to pass this ping fail...? What settings should be checked...? Kindly see attached the IDS and Advanced options.
Is "ICMP protocol message checking" and "Covet data in ICMP protocol detection" responsible for the ping fail..? I tried checking and un-checking it the result was the same.
To check with other security setup I loaded a clean system image without AV/firewall only MalwarebytesPro(I keep this image when I wanna try a new setup). Upon loading, I installed Avast IS Build 1426(default settings). Connected to the same conditions as what I try --dial-up connection/wired. It passed both GRC.
Now there was a suggestion that I should set protection mode to "Strict Protection". I am not permanently a part of a network and a pop-up appears when I click Advanced Settings>Rules and Zones>Setup. So I can't set it up there. See image.
Since I cannot set it there, what can I do to remedy that ping fail..?
I some reading of the manual of ESSv5 and I saw there was a lot of rules for Trusted Zone. So given the situation that I have "No active authentication zone detected...", what happens to the rules in the advanced setup that says, Allow communication / requests / incoming / outgoing /etc etc in Trusted Zone...?
If not applicable what rules does Eset firewall use...? What is the default rule applied if the pc is identified as "No active authentication zone detected..."...?
Is it different for Automatic mode and Interactive Mode? I am in interactive mode now because I wanna see those pop-ups. Is it different per mode if the pc is identified as "No active authentication zone detected..."...?
Earlier I had a pop-up of Outbound traffic for System trying to communicate to an IP address 192.88.99.1, I clicked DENY and I forgot to check the "Remember Action" button. See image. I checked it out in WhoIs but it was "Unknown". What is that pop-up? In Comodo and other firewalls I used I had seen that "System" is only 'Listening' at port 445 not trying to connect outbound. I also see it in "listen" mode in Process Hacker. Is that behavior bad? What should be done on that..?
In relation to that, I was searching for some logs from which I can refer to some of the previous pop-ups I have had. Review the events. The log files do not contain it. Even the alert pop-up I just posted. The firewall logs only contained the FF plugin-container.exe rule from April 10th! Does Eset log those alerts? If I want to modify and make a rule for that, what must I do..?
4/10/2012 2:46:39 AM Communication allowed by rule 10.xxx.7.9:1531 211.5.xxx.39:80 TCP Allow communication for plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe XXXXXXXX-PC\JXXXXXXXXX
4/10/2012 2:46:39 AM Communication allowed by rule 10.xxx.7.9:1531 211.5.1xx.39:80 TCP Allow communication for plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe XXXXXXXX-PC\JXXXXXXXXX
Can I terminate a connection with the Eset firewall..? I cannot see any documentation that says so. I use Process Hacker at the moment to do that.
Now I have used different firewall's before (Comodo/Emsisoft/Privatefirewall/Outpost) but I am no expert. I just learn from advices and I take it from there. This is the first time I had a ping fail and I do not know what to do really. This is my first spin with Eset firewall. I installed it to use a license I obtained from a blog win. I thought it will expire so I used it. It was only later that I knew that it doesn't have a shelf-life. So too late but good in the sense that I discovered that there are problems with it(as with all first time usages).
This is on a dial-up connection(the fail). The router I use from the ISP provider passed GRC. Now I use both depending on certain situations I am in so I need it to be safe whichever I use.
Can you guys help me understand what's going on here...? I seem to be getting confused using the firewall...Can you give me some ideas/advice/explanations on how to use the Eset firewall effectively...?
I already posted on the support forum pf Eset but it seems mods/support are busy there. I was advised by a forum friend to join and post here. Please help me.
Thank you so much.
Jason
I have just installed Eset Smart Security last week and I am getting a fail at GRC test. Failed notice was,
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."
Prior to GRC posting the results I get a pop-up of Inbound Traffic from GRC. Kindly see image. I clicked "Deny" and "Remember Action (Create Rule)". I repeated the test but all 3 failed. This is on wired connection(not behind a router --I hooked it on a dial-up connection). This is the first time I failed GRC.
What settings can I adjust in the firewall to pass this ping fail...? What settings should be checked...? Kindly see attached the IDS and Advanced options.
Is "ICMP protocol message checking" and "Covet data in ICMP protocol detection" responsible for the ping fail..? I tried checking and un-checking it the result was the same.
To check with other security setup I loaded a clean system image without AV/firewall only MalwarebytesPro(I keep this image when I wanna try a new setup). Upon loading, I installed Avast IS Build 1426(default settings). Connected to the same conditions as what I try --dial-up connection/wired. It passed both GRC.
Now there was a suggestion that I should set protection mode to "Strict Protection". I am not permanently a part of a network and a pop-up appears when I click Advanced Settings>Rules and Zones>Setup. So I can't set it up there. See image.
Since I cannot set it there, what can I do to remedy that ping fail..?
I some reading of the manual of ESSv5 and I saw there was a lot of rules for Trusted Zone. So given the situation that I have "No active authentication zone detected...", what happens to the rules in the advanced setup that says, Allow communication / requests / incoming / outgoing /etc etc in Trusted Zone...?
If not applicable what rules does Eset firewall use...? What is the default rule applied if the pc is identified as "No active authentication zone detected..."...?
Is it different for Automatic mode and Interactive Mode? I am in interactive mode now because I wanna see those pop-ups. Is it different per mode if the pc is identified as "No active authentication zone detected..."...?
Earlier I had a pop-up of Outbound traffic for System trying to communicate to an IP address 192.88.99.1, I clicked DENY and I forgot to check the "Remember Action" button. See image. I checked it out in WhoIs but it was "Unknown". What is that pop-up? In Comodo and other firewalls I used I had seen that "System" is only 'Listening' at port 445 not trying to connect outbound. I also see it in "listen" mode in Process Hacker. Is that behavior bad? What should be done on that..?
In relation to that, I was searching for some logs from which I can refer to some of the previous pop-ups I have had. Review the events. The log files do not contain it. Even the alert pop-up I just posted. The firewall logs only contained the FF plugin-container.exe rule from April 10th! Does Eset log those alerts? If I want to modify and make a rule for that, what must I do..?
4/10/2012 2:46:39 AM Communication allowed by rule 10.xxx.7.9:1531 211.5.xxx.39:80 TCP Allow communication for plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe XXXXXXXX-PC\JXXXXXXXXX
4/10/2012 2:46:39 AM Communication allowed by rule 10.xxx.7.9:1531 211.5.1xx.39:80 TCP Allow communication for plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe XXXXXXXX-PC\JXXXXXXXXX
Can I terminate a connection with the Eset firewall..? I cannot see any documentation that says so. I use Process Hacker at the moment to do that.
Now I have used different firewall's before (Comodo/Emsisoft/Privatefirewall/Outpost) but I am no expert. I just learn from advices and I take it from there. This is the first time I had a ping fail and I do not know what to do really. This is my first spin with Eset firewall. I installed it to use a license I obtained from a blog win. I thought it will expire so I used it. It was only later that I knew that it doesn't have a shelf-life. So too late but good in the sense that I discovered that there are problems with it(as with all first time usages).
This is on a dial-up connection(the fail). The router I use from the ISP provider passed GRC. Now I use both depending on certain situations I am in so I need it to be safe whichever I use.
Can you guys help me understand what's going on here...? I seem to be getting confused using the firewall...Can you give me some ideas/advice/explanations on how to use the Eset firewall effectively...?
I already posted on the support forum pf Eset but it seems mods/support are busy there. I was advised by a forum friend to join and post here. Please help me.
Thank you so much.
Jason