Results 1 to 10 of 10
  1. #1
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts

    Online Armor DNS issues?

    Recently I've encountered a lot of network connectivity issues, where DNS will fail, even though the network connection is still made.

    If I reboot my router, or network switch the problem briefly goes away. I've swapped out the router and switch but the issue still remains. I swapped out the NIC and it still remained.

    When the issue occurs, no other machine of the network is affected.

    I finally tied it down to my Online Armor Premium firewall. If I disable the OA firewall, the issue goes away. The HIPS components are I think still and the Windows Firewall is enabled when OA is disabled. I have a hardware firewall too, so still reasonably well protected, but it is frustrating and I wonder if anyone else has experience of this?

    OA Premium version = 5.5.0.1616
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I am using the same version of OA as you are and have no issues. Does OA history show anything that could account for that?

  3. #3
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Not at the moment, but my firewall log was set for blocked events. I'll set it to all events and re-enable the firewall, see what it says.

    There is a thread on the Emsisoft forum here which sounds very similar, especially at post #31 where he talks about DNS fail and one core being loaded by OA.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Yeah, turning logging on seems a good idea. Are any programs blocked?

    Are you experiencing the CPU usage issue, as well? When you have the CPU usage issue, everything gets immensely slow, so fixing that may as well fix everything else. I haven't had it for a while, but I did have it a couple times. Afraid there was no solution for it other than reinstalling.

  5. #5
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Turning the firewall back on immediately triggered the behaviour again. Slow web page loads, and yes, the CPU is loaded when it occurs: OAsrv.exe fully a loads core on the machine and pages frequently time out with a DNS error.

    In the firewall log I see many entries that look ok:

    Code:
    19/06/12 16:43:33  	 UDP <- 192.168.1.9:64250, 192.168.1.254:53, C:\Windows\System32\svchost.exe(1244/0)
    		 Passed by access list (128/130)
    192.168.1.9 is the machine in question and my router is at 192.168.1.254. Port 53 is used by DNS, so these entries appear to be DNS lookups.

    However, when the issue occurs, I also see many of these:
    Code:
    19/06/12 16:43:31  	 [TDI] UDP, Connect, 0.0.0.0:62771 -> 192.168.1.254:53, C:\Windows\System32\svchost.exe(1244/8364)
    		 [TDI] Passed by rule: "UDP, --> svchost.exe, [53,67,1900,3702,5355,51560], +(*)"
    Notice the IP address 0.0.0.0 making a DNS request to the router. No other alerts or issues in the firewall that I can see

    Page loads are almost instant and no DNS issues when the firewall is disabled.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I think the CPU issue is key here. OA is simple rendered innefective by that. As I said, the only way to get around it is to uninstall OA and reinstall it. You can save settings and reload them on reinstall. The issue may reappear, though. I experience that, sporadically, with older versions. Since going Pro, it has stopped.

    You may also resort to their tech support. Maybe with logs and all they can sort it for you.

  7. #7
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Hmmm...backup settings, uninstall the program, re-boot twice as per Emsisoft recommendation, download and install OA, restore settings and reboot.

    Then I get a BSOD every boot. Windbg reports a problem with ntoskrnl (yikes!). Uninstall in safe mode, reboot into normal mode and it's ok. Repeated the above 3 times just to be sure, each time a BSOD on normal boot.

    I've uninstalled it completely right now and I'm in two minds about whether to restore an image backup or not - I don't feel completely comfortable seeing it generating BSOD after a new install. Even if I restored the system to what was installed earlier, there remains an unresolved issue and on a new installation it crashes the system.

    I did notice on their website there is a known issue with VirtualBox, which I use extensively. I don't recall seeing that FAQ before and never had an issue with OA together with VirtualBox prior to this, so perhaps that is a new problem.

    One for the Emsisoft tech support team I think.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  8. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Sorry about that. I do think you need to involve them, maybe they can even give you access to a beta that solves the issues. It's very discomforting when it ends up like that.

  9. #9
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    No apologies necessary Rui, I don't know how it was working before, but it's pretty clear from a bit a research tonight that OA does not play well with VirtualBox. Here, here and here for example.

    Even if that wasn't the cause of the high CPU and DNS timeouts earlier it will rule out any realistic possibility of using both on the same system. Maybe an earlier version of VB was ok, but I didn't have any issues until recently.

    Unfortunately, I need to keep the virtual machines. Will now start looking at other possibile HIPS firewall candidates as well as investigate possible migration from VBox to something else.

    Oh well, we live and learn.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  10. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Yes, it's really weird how it was working before without BSODing. Shame, though. I really like OA as HIPS.
    Not sure what other software can be used. Have the impression Comodo is not without issues, then you have the venerable ZA, which one my my supported users seems to be able to run without many issues (I moved to OA from ZA a few years ago). Maybe one of these can replace OA for a while.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •