Jump to content

Archived

This topic is now archived and is closed to further replies.

fixide

Ekrn upload to eset servers

Recommended Posts

Hello,

This morning I noticed that my connection was not stopping sending data to the eset server. I made hundreds of mo, rebooted my computer but eset continues to take all my upload.
I tried to disable livesense without success.
What are the data sent to?

Thank you

Share this post


Link to post
Share on other sites

What operating system do you use? If Windows XP, any http(s), pop3(s) and imap(s) communication appears to the system and other applications as it was coming from ekrn since it works as a local proxy for filtering the communication.

Share this post


Link to post
Share on other sites

Windows 10 build 1803.

 
My adsl connection was really used in full upload. So I could not load the web pages for 30 min the time that is finished to send I do not know what to eset servers :(.

Share this post


Link to post
Share on other sites

Sometimes ESET can upload files with a suspicious behavior or characteristics to LiveGrid. However, it should upload dozens of MB and exhaust the bandwidth for a longer time. Do you know by chance what server it was connected to?

Share this post


Link to post
Share on other sites

Yes, ive done a screenshot of network connection eset tab :
Server was : 91-228-166-150.ptr.eset.com:443 with full upload speed of my connection (100kb/s).

During the upload I deactivated livegrid but the upload continued. The only way to stop it was to block all the traffic with the firewall but it started again right after.

Share this post


Link to post
Share on other sites

Well that IP address is associated with LiveGrid servers.

Go to this directory, C:\ProgramData\ESET\ESET Security\Charon, and note if files other than CACHE.NDB exist. If other files exist, how many are there approximately.

Share this post


Link to post
Share on other sites

Only cache.ndb.

Share this post


Link to post
Share on other sites

-EDIT- Skip the below check unless you have enabled the logging option in Eset's Cloud-based Protection section.

Check your Eset Event log for entries with the wording "sent to Eset for analysis." Are there a large number of like entries with today's date?

Share this post


Link to post
Share on other sites

Nothing except updates of the eset kernel.

Share this post


Link to post
Share on other sites

At this point, I would reboot and see if the behavior persists.

The best theory I can come up with is there was a large number of files that existed in the C:\ProgramData\ESET\ESET Security\Charon from yesterday. When you booted initially this morning, Eset Livegrid was in essense "resolving" those detections. As each was resolved, it was then deleted from the directory.

As to why such a number of files existed to affect your network connection in the matter it did, I have no idea.

-EDIT- One possibility is there was a "glitch" in the LiveGrid network this morning in that it kept sending the same data repeatedly. This probably would have only impacted Eset installations where files had been previously submitted. However, no one else has reported like issue. This might be because they just didn't notice the problem or attributed it to something else.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×