Jump to content

Why Is Eset Connecting To Server In Russia?

itman
 Share

Recommended Posts

  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted

Hello guys,

it does not necessary means that ekrn is connecting to it.

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

So we would need to know the version of OS used, version of our product and ideally the packet capture,...

Regards, P.R.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
46 minutes ago, Peter Randziak said:

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

This is true for Windows XP and Windows Server 2003 which is not the case of itman.

Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted (edited)
5 hours ago, Peter Randziak said:

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

I believe this might be part explanation since I was blocking connections to that IP address at the time.

Here's the issue. Connections to that IP address started showing up yesterday in ways that didn't look just right to me. BTW - I am running Win 10 x(64) Home 1809 fully patched.

Well low and behold, today when I start IE11 and immediately browse to the Eset forum web site, the same IP addresses show again. The port 443 connection is OK since it shows Eset is performing SSL scanning on the packets.

Perhaps this connection is related to Eset's web site Cloudfront usage? 

Eset_Russia.thumb.png.16b507ac4282d60e7efb8d2a4a998a57.png

Edited by itman
Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted (edited)

Connections to 195.201.191.2 are definitely related to Eset forum web site. Appears to be related to some type of capcha processing it's using; perhaps in conjunction with Cloudfront. The IP address shown in the below screenshot also equates to German same cloud server but this time in Germany. As long as I only see 195.201.191.2 in use by Eset forum, I am not going to worry about it anymore.

Eset_keycaptcha.thumb.png.a702fa8e541c4a858c3cea25053ebc4e.png

Newer and slightly different variation:

Eset_capcha2.thumb.png.fddc332fa061798c8a2fdc10627fbb05.png

 

Edited by itman
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...