Jump to content

Online Armor Helper Driver


Recommended Posts

I came across http://support.emsisoft.com/topic/8540-oa-virtualbox-with-bridged-connection as I was looking for a solution for my problems with VirtualBox.

My VMs in VirtualBox work fine in XP, but don't totally work in Windows 7. In Windows 7, DNS queries fail, but pinging the IP address of the site directly works in bridged mode, which means that I can get internet access, but OA is blocking my DNS.

My question is what is Online Armor Helper Driver and is it required for OA to work? If so, why isn't it required in XP?

Link to post
Share on other sites

Both the Windows XP and Windows 7 are running version 5.5.0.1616 . However, I don't see the helper driver on my XP adapter settings. This is the case on 5 different XP machines.

I have removed OA on one of my Windows 7 machine and used another free firewall and they have no problem with Virtualbox. Its not that OA is blocking internet traffic, just DNS queries as ping works, and only on Windows 7. I don't believe it is a Virtualbox problem as they work with other firewalls and only DNS is not working with OA.

Link to post
Share on other sites

Both the Windows XP and Windows 7 are running version 5.5.0.1616 . However, I don't see the helper driver on my XP adapter settings. This is the case on 5 different XP machines.

I have removed OA on one of my Windows 7 machine and used another free firewall and they have no problem with Virtualbox. Its not that OA is blocking internet traffic, just DNS queries as ping works, and only on Windows 7. I don't believe it is a Virtualbox problem as they work with other firewalls and only DNS is not working with OA.

OA works in different ways on XP and Vista (and above) systems.

On XP OA does not require a network component to be installed per adapter (that's what shown in adapters' settings as "OA helper driver"), though the

actual driver is in place on both systems. It just works in a different way.

Link to post
Share on other sites

I have removed OA on one of my Windows 7 machine and used another free firewall and they have no problem with Virtualbox. Its not that OA is blocking internet traffic, just DNS queries as ping works, and only on Windows 7. I don't believe it is a Virtualbox problem as they work with other firewalls and only DNS is not working with OA.

Would you be willing to reinstall Online Armor and gather some debug logs for us, so that Andrey can see what is happening?

Link to post
Share on other sites

The logs are not showing any indication that Online Armor is interfering with DNS, nor are the showing anything to suggest that Online Armor is interfering with Virtual Box's networking drivers. Andrey says that the logs show ICMP packets passing through the firewall, as well as UDP packets on port 53 (which would be your DNS).

Are you currently experiencing this issue with your fresh install of Online Armor?

Link to post
Share on other sites

Are you currently experiencing this issue with your fresh install of Online Armor?

There is a screen capture in the file attached previously which shows "Bad addresss" when I ping Yahoo.com, so yes the issue is there.

I proceeded to install wireshark on the PC running OA and also on another PC acting as DNS (using dnsmasq) to the first PC with OA on it. When I ping yahoo.com on the OA PC, I can see outgoing TCP requests to the DNS but nothing comes back according to wireshark. On the dnsmasq PC, wireshark shows both the incoming DNS requests and the reply from the DNS.

The only conclusion I can make from the above experiment is that OA is discarding DNS replies leading to the virtual machine not being able to resolve addresses.

I am attaching the wireshark captures from both PCs, as well as screen shots of the wireshark screen if you are interested in looking at them. Perhaps there is something in the dns reply packets which OA doesn't agree with and is discarding.

Link to post
Share on other sites

Assuming that you have not yet turned on Debug Mode in Online Armor, please put Online Armor in Advanced Mode, and in the Firewall options select Enable logging, Additional debug info, and All activity like in the screenshot below (if it's too small to read then you can click on it to make it bigger):

After that, please restart your computer, and then try to reproduce your DNS issue again. Once you are confident that it has been successfully reproduced, please ZIP the logs folder and attach it to a private message for me to send to our developers.

If you had already enabled Debug Mode, then please disable it, restart the computer, and delete the contents of the logs folder before following the instructions above. If you are not able to delete the contents of the logs folder, then you can shut down Online Armor to release any file locks that are preventing you from deleting files.

Link to post
Share on other sites

and how would that be any different from what I attached in the post 4 posts earlier? I have no problem with any further tests you may want, but to ask me to keep repeating the same tests again seems quite pointless.

I'm sure your developers can reproduce the problem, since it was acknowledged in another thread that there was a problem with OA and VirtualBox. I have even attached Wincap files so your developers can look at possibly why the DNS replies are discarded.

Anyway, I have moved on to another firewall. Its a shame since I really liked OA, but I'm not going back to Virtual PC to develop my programs, and given a choice between OA and Virtual Box, OA goes since there are plenty of other alternative firewalls.

All the best in your future endeavors

Link to post
Share on other sites

and how would that be any different from what I attached in the post 4 posts earlier?

I thought you were testing with a new OS, Virtual Box, and Online Armor install now? Our developers just want to see a new firewall log from that new setup.

I'm sure your developers can reproduce the problem, since it was acknowledged in another thread that there was a problem with OA and VirtualBox.

Actually, there is a well known problem with Virtual Box that was caused by their network driver, and which we could not do anything about. So far, none of the data you have given us has shown Online Armor is the cause of the issue, which is why our developers wanted to see those firewall logs again.

I have even attached Wincap files so your developers can look at possibly why the DNS replies are discarded.

All they show is the DNS traffic not making it to the virtual machine. They don't actually show the cause. This will only be found in OA logs with debug information.

... I'm not going back to Virtual PC to develop my programs...

Virtual PC is rather old. Have you considered a solution from VMware? Their software does not usually have issues with Online Armor, and if your development is open source (or at least not-for-profit) then VMware Player would be usable for free (although it is missing snapshots, which can be an essential feature for testing). ;)

Link to post
Share on other sites

and how would that be any different from what I attached in the post 4 posts earlier?

As an addendum to my previous reply to this particular question, please note that Andrey has contacted me to further explain why he wanted to see the logs that I asked you for. Apparently the firewall logs did not contain the "Additional debug information", which Andrey needs to see in order to confirm a theory about why this might be happening. ;)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...