Recently I've encountered a lot of network connectivity issues, where DNS will fail, even though the network connection is still made.
If I reboot my router, or network switch the problem briefly goes away. I've swapped out the router and switch but the issue still remains. I swapped out the NIC and it still remained.
When the issue occurs, no other machine of the network is affected.
I finally tied it down to my Online Armor Premium firewall. If I disable the OA firewall, the issue goes away. The HIPS components are I think still and the Windows Firewall is enabled when OA is disabled. I have a hardware firewall too, so still reasonably well protected, but it is frustrating and I wonder if anyone else has experience of this?
OA Premium version = 184.108.40.2066
In God we trust; all others must bring data.
- William Edwards Deming. 1900 - 1993
Subscribe to get a FREE chapter from Windows 7 The Missing Manual
This month, every Windows Secrets subscriber can download a one-chapter excerpt of Windows 7: The Missing Manual.Windows 7: The Missing Manual provides valuable information to help you overcome these difficulties in learning a new operating system. Subscribe today to download your free excerpt.
Yeah, turning logging on seems a good idea. Are any programs blocked?
Are you experiencing the CPU usage issue, as well? When you have the CPU usage issue, everything gets immensely slow, so fixing that may as well fix everything else. I haven't had it for a while, but I did have it a couple times. Afraid there was no solution for it other than reinstalling.
Turning the firewall back on immediately triggered the behaviour again. Slow web page loads, and yes, the CPU is loaded when it occurs: OAsrv.exe fully a loads core on the machine and pages frequently time out with a DNS error.
In the firewall log I see many entries that look ok:
19/06/12 16:43:33 UDP <- 192.168.1.9:64250, 192.168.1.254:53, C:\Windows\System32\svchost.exe(1244/0)
Passed by access list (128/130)
192.168.1.9 is the machine in question and my router is at 192.168.1.254. Port 53 is used by DNS, so these entries appear to be DNS lookups.
However, when the issue occurs, I also see many of these:
I think the CPU issue is key here. OA is simple rendered innefective by that. As I said, the only way to get around it is to uninstall OA and reinstall it. You can save settings and reload them on reinstall. The issue may reappear, though. I experience that, sporadically, with older versions. Since going Pro, it has stopped.
You may also resort to their tech support. Maybe with logs and all they can sort it for you.
Hmmm...backup settings, uninstall the program, re-boot twice as per Emsisoft recommendation, download and install OA, restore settings and reboot.
Then I get a BSOD every boot. Windbg reports a problem with ntoskrnl (yikes!). Uninstall in safe mode, reboot into normal mode and it's ok. Repeated the above 3 times just to be sure, each time a BSOD on normal boot.
I've uninstalled it completely right now and I'm in two minds about whether to restore an image backup or not - I don't feel completely comfortable seeing it generating BSOD after a new install. Even if I restored the system to what was installed earlier, there remains an unresolved issue and on a new installation it crashes the system.
I did notice on their website there is a known issue with VirtualBox, which I use extensively. I don't recall seeing that FAQ before and never had an issue with OA together with VirtualBox prior to this, so perhaps that is a new problem.
No apologies necessary Rui, I don't know how it was working before, but it's pretty clear from a bit a research tonight that OA does not play well with VirtualBox. Here, here and here for example.
Even if that wasn't the cause of the high CPU and DNS timeouts earlier it will rule out any realistic possibility of using both on the same system. Maybe an earlier version of VB was ok, but I didn't have any issues until recently.
Unfortunately, I need to keep the virtual machines. Will now start looking at other possibile HIPS firewall candidates as well as investigate possible migration from VBox to something else.
Yes, it's really weird how it was working before without BSODing. Shame, though. I really like OA as HIPS.
Not sure what other software can be used. Have the impression Comodo is not without issues, then you have the venerable ZA, which one my my supported users seems to be able to run without many issues (I moved to OA from ZA a few years ago). Maybe one of these can replace OA for a while.