arialtypes

Thank you. I was worried because i saw in eset tools (network conections) that svchost was sending 4MB and after i disabled SSDP discovery service and UPnP at router it stop sending so much data. Also, my pc got faster. Is this normal? Thank you @itman

Hello again... The problem fixes for some minutes and get back again... So the problem is basically - i log in my computer and when it loads that notification popps up. (before i connect to wifi and when i do, it disappers) Anyone knows how to fix it and why is this happening?

I stopped the SSDP Discovery service and the blocked comms stopped showing at troubleshooting. My intetion with this post is to understand if this is a normal thing or if it is something related to malicous attacks. Thank you for your time. if it helps: - my internet use if 80% educational and 20% (Twitch, Netflix..) - i dont use VPNs - my software is always updated with the most recent updates (windows and eset) - my internet driver seems to be updated - besides my laptop i just have the TV box and Router connected.

Hello everyone once again. So, yesterday i started to have some connections problems again.. I connected to my wifi and after 20s less or more, my wifi disconnected and that happened 4 times yesterday and a few times last months. After that i decided to set my home network as public in eset configuration, after that i get 2 comms blocked every 5min. SSDP Discovery - Blocked (UPnP requests, svchost.exe) My router - Blocked (UPnP requests, svchost.exe as well) Today, the wifi drop thing happened and to be honest i thought that was something related to energy management but after taking a quick look at that it doesnt seems to be that. I checked DNS leaks by doing a online test and i only saw my ISP servers. Proxies were not detected as well by those online tests. IP reputation looks good. How can i tell that this is something malicous or just something normal being blocked by eset since i dont marked my internet as safe?

Thank you again Marcos. So, can that internet outage be related to the fact that i dont have my wifi to connect automaticly? I dont start my system with wifi connected, i always connect before i log in. If i its not related, can you tell me what is the reason? thank you. @Marcos

@Marcosi've collected the logs from eset log colletor. Im ready to send it to you. you only want the txt or the whole zipped file?

hello again @Marcos i just logged in my computer for the first time today and it shows a new error "couldnt reach firewall push servers" once again, connected to my internet and in a minute got normal... What should i do? Im a complete noobie with this kind of stuff..

@Marcosi checked the eset event log, its shows something related with "cant connect to the server". can this be useful?

@Marcos i also have this alerts in that eset page that i sent, i dont if shows to everyone but they kept showing. (i) Use the latest ESET product versions. Find out if your ESET product is affected by End of Life (EoL) Alert: MDM Server is unable to start

Hello @Marcos! Now i cant reproduce the error again. The notification popped up everytime i opened my laptop. I logged in my user and before i connect to my Wifi that notification instantly appears. Then, i connected to my Wifi, open ESET and clicked on that notification link that i posted. After that, automatically updates and says that everything is fine (takes 1min max time) .. Only popped up when i wasnt connected to WIFI but now even if i dont connect to my wifi, it doesnt shows up anymore... I dont get that error anymore and the only thing that i did was the spybot scan that didnt found anything malicous, just some errors that i selected to fix. I checked dns leaks by doing online tests and everthying seemed to be fine, ip reputation looks good too. No proxies detected aswell. (This was all made with online tests) p.s - this happens with every internet connection

Hello. So a few days i started to receive a windows notification telling my that ESET couldnt acess to Live Grid servers. When i log in my laptop its always with the WI-FI offline and when i connect to my Wi-Fi i click in that notification that takes me to this ESET website - [KB332] Ports and addresses required to use your ESET product with a third-party firewall Today i finally found some time to try to understand why is this happening because when i first installed ESET this was doing just fine and i couldnt find an answer but after i made a scan with Spybot, if found some things (all green reputation, not malicous) and i "fixed selected" , after that i restarted my laptop and didnt happened again. The page information talks about firewall problems but i was always using ESET firewall instead of windows defender firewall.. Can anyone tell me why that error kept popping up? Because basicly i just scanned with Spybot and that solved the problem regarding the notification, im worried about the information that ESET gave me about the error. Can i have my firewall compromised or something? Thank you.

The thing is, all this IPs are showing up at CMD, and im finding them it those commands (netstat, netstat -a -b), not ESET. From ESET i just get comunications blocked, that must be because of the IP like u refered. @itman

How is that? ESET can support me in my Country? If not, should i show this reports to the store (honest and trust worthy people) once again? Im still waiting for my ISP, could take hours or days.. @itman I really dont know any other kind of service that i can contact, you have been one of the biggest helps that ive had so far. Thank you for that.

Hmmm ok... i really conserned about this. Rn it doesnt shows up those ips but its showing a ipv6 adress that i took print screen and this time connection its established. My pc just "crashed" or something, it was like he reboot but kept on... everything disappeard, right side icons... just like a transition you know? went to check the cmd netstat command again, it wasnt there. when it was i used netstat -a -b to see where he was connected, it was connected to spoolsv.exe, i dont have a printer. I saw the file in w32 folder, so i dont really understand why this is happening. @itman

@itman For real? So why does IPQualityScore.com says that those IPs are very dangerous? they rate them above 90 in a scale of 0-100? Also, ive seen a website that shows reports from users in last days. And why im i being connected to a USA ISP? (Windows Related?) Sorry for my ignorance on this topic. Thank you once again.

@itman @Marcos quick update about this topic : Went to the pc store that installed ESET on my machine, they saw the events and i showed them your replys about this situation. They told me as well that this might the problem. We checked some IPs that were showing up at CMD using "netsat" and nothing was wrong. It was so much things to talk about that i forgot to check 2 IPs with them that i saw bad info about that online. Those are the IPs that i found in CMD : 151.139.128.14 (timewait) 152.199.19.160 (timewait) They come back to some Verizon company and another one called Stackpath, but theres also information and reports about malicious activity so i dont know what to trust at this point. After that, i called my ISP services talking about the situation that we both discussed about DHCPv4, they told me that they are going to see if something is wrong with the router and conection and they will call me later. I also referred those 2 IPs that i found in CMD, they recommended me to informe the authorities and they also said that they are going to check those IPs. So, i dont think that theres need to call the authorities and talk about this situation because, first - they told me from the beggining that my IP was changed when the devices were changed. second - i dont have any kind of information about the problem so i dont know really what to say besides that i found some IPs adresses in my CMD because im waiting for the ISP to call me and inform me about this situation. Does anyone knows if this IPs are safe and should i be worried? Thank you all.

Ok, thank you for your support and time! I will contact my ISP to check this situations. @itman

really? thank you for that! does that means that i might have something malicious in my network that changed those informations? Imma call my ISP tomorrow talking about this information.

Sorry! Dont know why that wrote in Portuguese. So, about the 169.254.xxx ive seen a post that says that is a normal thing. Thank you for that! About DHCP, everything that i saw is that DHCP is a protocol that allows PC connect to each other in the same network. right? The thing is, this is my home network and besides the ISP devices, theres nothing else connected. Ive seen the DHCP option in the admin page of my router and everything that i saw was my Laptop and my Box. About the other logs (uPnP, Netbios, etc...) is this a dangerous problem? Im thinking about calling to my ISP to see if they can solve this problems because im not qualified for this. @itman

Obrigado pela sua atenção Senhor! Então, cerca de 169.254.xxx ive já vi um post que diz que é uma coisa normal, obrigado por isso também! Sobre o DHCP, tudo o que vi é que é um protocolo que permite que os computadores se conectem entre si (certo?) Acontece que esta é a minha rede doméstica e, além dos dispositivos ISP, não há mais nada conectado. Eu vi a opção DHCP na página de administração do meu roteador, tudo que eu vi é meu laptop e a caixa de TV. Podem ser eles tentando se conectar? Sobre os outros logs (uPnP , Netbios , etc...) este é um problema perigoso? Estou pensando em ligar para o ISP para ver se eles podem consertar esses problemas porque não estou qualificado para essas coisas. Obrigado novamente pelo seu tempo, paciência e ajuda! @ itman

ps - it only pops up at troubleshooting when i connect to my network and i can keep using it that it doesnt shows up unless i disconnect and connect again.

Obrigado pela sua resposta! É o seguinte: ano passado, tive um acesso indesejado no meu roteador e acho que ele estava infectado. Eu mudei de roteador duas vezes, novo laptop, coisas de ISP e etc ... Então, estou supondo que meu IP e DNS foram alterados quando eles (ISP) instalaram um novo dispositivo (roteador) e eles me dizem que fizeram isso, então estou confiante nele. Acabei de instalar o ESET na semana passada, não sei realmente como ler algumas coisas e não sou um especialista em rede .. Resumindo, isso é normal? Eu deveria estar preocupado com esse coms bloqueado? Mais uma vez obrigado pelo seu tempo. @marcos

Hello guys. A few days i posted something related with a ICMPv6 blocked from my router and i keep getting this blocked comunications. ESET doesnt detect any kind of malware or problem with my network. Can someone tell me what this blocked coms mean? The mac adresses and ips are hidden but they belong in my network. (my router and my pc) The big question that i have is - Is someone tracking something from my router besides my ISP? I dont use VPN but i checked my DNS leaks and its all conected with servers from my ISP. (Dont know if its important, im a noob in this stuff) 1st picture - Service Host from Windows 2nd - DNS Client 3rd - Router 4th - Kernel 5th - SSDP Detection.

@itman i really dont know if IPv6 is the type of conectivity of my pc. Yes, Vodafone is my ISP. Yes the TV is from the ISP also. (TV Box)

@itman should i worry about it? its some kind of malware or some kind of attack to my router? im a noobie in this kind of stuff and i just installed ESET 3 days ago. Thank you for your reply!