paulderdash

EIS with Heimdal Pro - DNS query

Recommended Posts

I am using Heimdal Pro which uses it's own SecureDNS via 127.0.0.1 to filter traffic.

However I see a frequent flip-flop to 192.168.1.1 and back to 127.0.0.1 via Glasswire (see attached).

I am using EIS - could the firewall or Surf Protection be causing this - see: http://blog.emsisoft.com/2013/02/18/tec130218/ ?

If so, is there a way to get EIS and Heimdal to play together? I have added eimdal processes to EIS process whitelist.

I can't think of another program on my setup that could be 'competing' for the DNS (maybe Adguard, I have posted on their forum too) ... see my signature for other softs on my Win 8.1 x64 machine.

 

@Peter2150 I know you use both EIS and Heimdal Pro - have you made any settings changes to either?

post-36462-0-66484300-1465479744_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

I have just deleted the other post you made paulderdash.  (it was at the end of the thread you linked to )

 

That way there are no double posts :)

  • Upvote 1

Share this post


Link to post
Share on other sites

We don't recommend using EIS with other third-party firewall software, as firewall drivers often don't play nice together. We also don't officially support using EIS with another software that uses a WFP driver. If you'd like us to convert your license key to an Emsisoft Anti-Malware license key, then please let me know.

My first recommendation is to try uninstalling EIS, and restart your computer twice. This is probably the only way to know for certain whether or not EIS is related to the issue you are seeing.

Share this post


Link to post
Share on other sites

Thanks Arthur.

 

Not sure if Heimdal Pro is firewall software per se, just that it uses its own DNS - but network-related stuff is generally a bit of a mystery to me. smile.png

 

Also - can you enlighten me as to how one can determine if a software uses a WFP driver (other than contacting the devs)?

 

I have EAM on my second machine, and EIS on this one. Maybe I'll swap them around to test for now.

 

Edit: Btw I see Adguard can / does also use a WFP driver to filter Modern UI applications traffic in Win 8+, so that may also conflict with EIS.

Share this post


Link to post
Share on other sites

My first recommendation is to try uninstalling EIS, and restart your computer twice.

I did this then installed EAM, but it says I am unprotected and I need to contact support. See attachments.

 

Windows Action Center says both WD and EAM are not active. Even though I try to start EAM and trust publisher, situation remains the same.

 

What is the trick to get EAM going?

post-36462-0-45575500-1465562761_thumb.jpg
Download Image

post-36462-0-65227000-1465562778_thumb.jpg
Download Image

post-36462-0-17138700-1465562796_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

From what I see Heimdal Pro has nothing showing that say it's a firewall.   It just changes the DNS so it can route traffic thru it's server where they check the traiffic for problems, and also do filter sites they have ranked as bad and block.

 

Again no conflicts here

Share this post


Link to post
Share on other sites

From what I see Heimdal Pro has nothing showing that say it's a firewall.   It just changes the DNS so it can route traffic thru it's server where they check the traiffic for problems, and also do filter sites they have ranked as bad and block.

 

Again no conflicts here

The DNS flip-flop still occurs with EIS removed. I am starting to think it may be to do with Adguard. Edit: Don't think you have that in you armoury :)

 

@GT500 - will you still give me a FRST fix file or should I just do a sc delete epp to fix my EAM install problem?

Share this post


Link to post
Share on other sites

However I see a frequent flip-flop to 192.168.1.1 and back to 127.0.0.1 via Glasswire (see attached).

GlassWire is a firewall. I'm not seeing any drivers for it in the FRST logs though.

Also - can you enlighten me as to how one can determine if a software uses a WFP driver (other than contacting the devs)?

The Drivers section in the FRST log can be used to see if a WFP driver is in use on the system, although it does take some research to figure out what each driver is. Here's what I'm finding in the log:

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [58952 2016-03-29] ()
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
The first letter tells you if the driver is running or not.

R = Running

S = Stopped

U = Unknown

So the driver from MBAM shouldn't be a problem, since it isn't running. If you don't have the WFP option turned on in Adguard, then I assume it wouldn't be a problem either, however you may want to test and see if that is correct just to be sure.

I'm also finding drivers from ShadowDefender, HitmanPro.Alert, one or more Zemana products (Zemana AntiMalware and maybe Zemana AntiLogger), NoVirusThanks EXE Radar Pro, and Webroot SecureAnywhere. If you had uninstalled these softwares, then I can write a fixlist for FRST that can remove these drivers for you.

@GT500 - will you still give me a FRST fix file or should I just do a sc delete epp to fix my EAM install problem?

sc delete epp will fix the issue. The EPP driver wasn't unregistered when EIS was uninstalled, and that command is all you need to unregister it.

Share this post


Link to post
Share on other sites

Hi Paul

 

You are correct.  My other secret, WIn x64 Pro.  Also if I were you I'd drop Mbam.  It's too much in my opinion

 

Pete

Probably. I have a lifetime Premium license. I just run a scheduled daily scan, no real time.

Share this post


Link to post
Share on other sites

GlassWire is a firewall. I'm not seeing any drivers for it in the FRST logs though.

It just uses the Windows firewall.

The Drivers section in the FRST log can be used to see if a WFP driver is in use on the system, although it does take some research to figure out what each driver is. Here's what I'm finding in the log:

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [58952 2016-03-29] ()
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
The first letter tells you if the driver is running or not.

R = Running

S = Stopped

U = Unknown

So the driver from MBAM shouldn't be a problem, since it isn't running. If you don't have the WFP option turned on in Adguard, then I assume it wouldn't be a problem either, however you may want to test and see if that is correct just to be sure.

I do have the Adguard WFP option turned on. I'll switch it off and see if that stops the DNS switching ... I have posted on their forum also.

I'm also finding drivers from ShadowDefender, HitmanPro.Alert, one or more Zemana products (Zemana AntiMalware and maybe Zemana AntiLogger), NoVirusThanks EXE Radar Pro, and Webroot SecureAnywhere. If you had uninstalled these softwares, then I can write a fixlist for FRST that can remove these drivers for you.

I do have SD, HMPA, and NVT ERP. ZAM and WSA have been uninstalled, so these could go. But no need to write a fixlist, but thanks!

sc delete epp will fix the issue. The EPP driver wasn't unregistered when EIS was uninstalled, and that command is all you need to unregister it.

Thanks Arthur! Will do.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.