Eset Antivirus Blocking Websites
Lien Kocurek
We haven't been reported any such issues. Do you mean that even pinging a particular domain didn't work? ESET NOD32 Antivirus doesn't contain a firewall driver that might be involved in an issue when the communication is blocked completely. Does temporarily disabling web protection or protocol filtering make a difference?
I've had a similar experience with the last two Windows 10 fast-ring insider builds, although in my case it wasn't all connectivity that was lost, just https connections didn't work until I uninstalled and reinstalled. Maybe related. Maybe not. I don't expect eset to do anything about it in my case since I knowingly opted for the fast ring, so anything that breaks is my responsibility to deal with myself.
the problem started this morning, as soon as i started the computer, but yesterday as i close down the computer windows 10 did do an update, so maybe this is a compatibility issue? still if it is you should look into it becuase the problem will prevent any affected users from getting a fix downloaded without uninstalling nod32 first
Does the problem occur with any browser? And with both http and https websites? If so, enable advanced protocol filtering logging in the advanced setup -> Tools -> Diagnostics, reproduce the issue and then pm me the 2 pcapng files from the Diagnostics folder. Also enclose the output from ESET Log Collector as per the instructions at hxxp://support.eset.com/kb3466/.
I have the same problem in a domain environment with Era server, after about 12:00 on 24 Mar 2016, some users started to complain about no internet access on https sites. Can ping sites etc, so tested it on one pc, after eset is uninstalled pc restarted, the https sites work, when installing again and updating, it is again blocking https sites.
but once nod32 had been succesfully installed again the problem didn't occure, i have saved your instructions for what to do, so if it should happen again i should be able to give you those filles right away
Please try the following and let us know about your findings:
1. Temporarily disable SSL/TLS filtering
2. In Internet Explorer -> Internet options -> Advanced, disable all SSL and TLS versions and leave only TLS 1.2 selected.
3. In Internet Explorer try to open and let us know if it opens alright
4. Revert the SSL/TLS changes back.
I have the same problem. New computers with NOD32 Antivirus new installed. After reboot, no InternetAccess,. I Uninstalled NOD32 Antivirus and all works fine again. Installing Antivirus again, works. After reboot, NOT working!
If somebody continues to encounter issues with http or https communication even with Internet protection module 1226.26 installed, please uninstall EAV v9 and install it from scratch. We've found a bug which occurs during a major system upgrade that would cause http / https communication to stop working. If you have Windows 10 and are on the fast ring, temporarily switch to slow ring until the issue is fixed by a newer Internet protection module. ESS nor any other products are not affected.
I too have the same problem but it seems to be related to v8, I disabled the Web Access Protection under the Advanced Options and it seems to work now (windows 10). BTW it only started happening recently with a win10 machine that I hadn't used for a while, so it's running through quite a few updates which may fix the problem, but for now disabling WAP seems to be a temporary way forward. What's the implication of doing this in terms of overall security on the machine??
Disabling web access protection from gui should work only in case when a particular url is blocked and an alert is displayed. If you don't get any alert, rather disabling protocol filtering should help.
If you are really using ESET NOD32 Antivirus, there's no chance that ESET would block all network communication as it doesn't contain a firewall. Only HTTP(S), POP3(S) and IMAP(S) communication can be blocked. Please clarify what communication is blocked. If http, is also https blocked or vice-versa?
No internet access, no email on all laptops and 1 desktop that have ESET installed, heck even ESET can't update the database. I know I have access though, my iPad connects like a charm. Last program update from ESET (not the database update mind you), made everything go wonky.
[ 2 ]
We need to get information from this machine in order to have the proper detail to help you forward.
NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.
Download Malwarebytes Support Tool
Once the file is downloaded, open your Downloads folder/location of the downloaded file
Double-click mb-support-1.4.0.615.exe to run the report
You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
Place a checkmark next to Accept License Agreement and click Next
You will be presented with a page stating, "Get Started!"
Adwcleaner picked up something called Rogue.ForcedExtension. Firefox has anti-ad and anti-tracking add-ons, so I was a bit surprised to be honest. I had a couple of sites whitelisted that I thought were safe, but they've now had their privileges revoked.
I looked up Rogue.ForcedExtension and your website says it's a Chrome infection, so I've deleted Chrome too (I rarely use it anyway). Would the Rogue thing still explain why Malwarebytes told me that Firefox is trying to visit those sites I asked about? Just to check I'm understanding, does the Rogue thing basically sit on your computer and try to access websites by itself without you actually going to the website?
I would like for you to run a fresh report from this machine, so that I can re-review the information. The report tool FRSTENGLISH is already on this machine on the Downloads folder. Use Windows File Explorer to go to the Downloads folder.
Just had another trojan blocked report. Same password website, also Firefox. Nothing showing up on the Adwcleaner, Malwarebytes threat scan, McAfee virus scan or Kapersky. Currently running full scans with Malwarebytes and McAfee.
The FRSTENGLISH is a report tool. It is placed there by the support tool. I need s fresh run just like I listed in post # 9 so I can have fresh information so that I can help you further,
I am sending a custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.
Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads folder
The tool named FRSTENGLISH.exe is already on the Downloads folder.
PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.
When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.
Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.
About the "block event notice"....it is NOT a indication of something infectious on your machine. It is typically the contrary. The web protection is keeping the pc safe from potential harm.
The block may be a false positive, maybe. A lot depends on what web browser is in use + plus in addition, What exact website it was ON ( the website address on the address bar of that browser, + plus also all the content of that last notice message.
I just managed to replicate the block. This is weird AF. I remembered I was using the address bar to search for something re: Windows last time, so I typed "win" into the address bar on Firefox. Firefox's suggested site is that password website (I hadn't noticed before because I usually ignore the recommended site). I didn't click on the website, I carried on with what I was actually searching for, but Malwarebytes pops up that block notice. Malwarebytes seems to be responding to Firefox just suggesting that website.
Just tried again in case I was imagining it. I type the "wi" and it recommends wikihow, no issue. As soon as I type the "n" and it recommends the password website, up pops Malwarebytes. This is very weird.
I am listing 4 help articles at Mozilla.org / Firefox help.
I suggest that you clear all history of search-auto-fill suggestions, and turn off the search auto-fill option ( at least for now ), and also delete all Cache, and browsing history
See the 4th section titled "Clearing form history" -US/kb/control-whether-firefox-automatically-fills-forms
Thanks. I already have Firefox set to clear everything on closing, but I went through the list of stuff anyway. Malwarebytes is now saying the password site is "malware" instead of "trojan". I've added the report.
Just to confirm, the site suggestion isn't something that I've previously visited or something from my bookmarks, it's part of Firefox or Google's site suggestion thing that's part of the address bar software (I'm not sure which of them decides which websites to suggest to people when they start typing in the address bar). None of the changes above turned these suggestions off.
I've also just turned off "Provide search suggestions" under Default Search Engine (Google) in the Search options. It's still suggesting websites to me when I start typing in the address bar. Does that mean these suggestions are part of Firefox rather than Google?
c80f0f1006