fixide 0 Posted July 14, 2018 Share Posted July 14, 2018 Hello, This morning I noticed that my connection was not stopping sending data to the eset server. I made hundreds of mo, rebooted my computer but eset continues to take all my upload. I tried to disable livesense without success. What are the data sent to? Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 14, 2018 Administrators Share Posted July 14, 2018 What operating system do you use? If Windows XP, any http(s), pop3(s) and imap(s) communication appears to the system and other applications as it was coming from ekrn since it works as a local proxy for filtering the communication. Link to comment Share on other sites More sharing options...
fixide 0 Posted July 14, 2018 Author Share Posted July 14, 2018 (edited) Windows 10 build 1803. My adsl connection was really used in full upload. So I could not load the web pages for 30 min the time that is finished to send I do not know what to eset servers :(. Edited July 14, 2018 by fixide Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 14, 2018 Administrators Share Posted July 14, 2018 Sometimes ESET can upload files with a suspicious behavior or characteristics to LiveGrid. However, it should upload dozens of MB and exhaust the bandwidth for a longer time. Do you know by chance what server it was connected to? Link to comment Share on other sites More sharing options...
fixide 0 Posted July 14, 2018 Author Share Posted July 14, 2018 Yes, ive done a screenshot of network connection eset tab : Server was : 91-228-166-150.ptr.eset.com:443 with full upload speed of my connection (100kb/s). During the upload I deactivated livegrid but the upload continued. The only way to stop it was to block all the traffic with the firewall but it started again right after. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 14, 2018 Share Posted July 14, 2018 Well that IP address is associated with LiveGrid servers. Go to this directory, C:\ProgramData\ESET\ESET Security\Charon, and note if files other than CACHE.NDB exist. If other files exist, how many are there approximately. Link to comment Share on other sites More sharing options...
fixide 0 Posted July 14, 2018 Author Share Posted July 14, 2018 Only cache.ndb. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 14, 2018 Share Posted July 14, 2018 (edited) -EDIT- Skip the below check unless you have enabled the logging option in Eset's Cloud-based Protection section. Check your Eset Event log for entries with the wording "sent to Eset for analysis." Are there a large number of like entries with today's date? Edited July 14, 2018 by itman Link to comment Share on other sites More sharing options...
fixide 0 Posted July 14, 2018 Author Share Posted July 14, 2018 Nothing except updates of the eset kernel. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 14, 2018 Share Posted July 14, 2018 (edited) At this point, I would reboot and see if the behavior persists. The best theory I can come up with is there was a large number of files that existed in the C:\ProgramData\ESET\ESET Security\Charon from yesterday. When you booted initially this morning, Eset Livegrid was in essense "resolving" those detections. As each was resolved, it was then deleted from the directory. As to why such a number of files existed to affect your network connection in the matter it did, I have no idea. -EDIT- One possibility is there was a "glitch" in the LiveGrid network this morning in that it kept sending the same data repeatedly. This probably would have only impacted Eset installations where files had been previously submitted. However, no one else has reported like issue. This might be because they just didn't notice the problem or attributed it to something else. Edited July 14, 2018 by itman Link to comment Share on other sites More sharing options...
Recommended Posts