Jump to content
itman

Why Is Eset Connecting To Server In Russia?

Recommended Posts

Hello guys,

it does not necessary means that ekrn is connecting to it.

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

So we would need to know the version of OS used, version of our product and ideally the packet capture,...

Regards, P.R.

Share this post


Link to post
Share on other sites
46 minutes ago, Peter Randziak said:

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

This is true for Windows XP and Windows Server 2003 which is not the case of itman.

Share this post


Link to post
Share on other sites
5 hours ago, Peter Randziak said:

On some systems ekrn is used as a proxy to be able to scan the traffic so it may be attributed to it than.

I believe this might be part explanation since I was blocking connections to that IP address at the time.

Here's the issue. Connections to that IP address started showing up yesterday in ways that didn't look just right to me. BTW - I am running Win 10 x(64) Home 1809 fully patched.

Well low and behold, today when I start IE11 and immediately browse to the Eset forum web site, the same IP addresses show again. The port 443 connection is OK since it shows Eset is performing SSL scanning on the packets.

Perhaps this connection is related to Eset's web site Cloudfront usage? 

Eset_Russia.thumb.png.16b507ac4282d60e7efb8d2a4a998a57.png

Edited by itman

Share this post


Link to post
Share on other sites

Connections to 195.201.191.2 are definitely related to Eset forum web site. Appears to be related to some type of capcha processing it's using; perhaps in conjunction with Cloudfront. The IP address shown in the below screenshot also equates to German same cloud server but this time in Germany. As long as I only see 195.201.191.2 in use by Eset forum, I am not going to worry about it anymore.

Eset_keycaptcha.thumb.png.a702fa8e541c4a858c3cea25053ebc4e.png

Newer and slightly different variation:

Eset_capcha2.thumb.png.fddc332fa061798c8a2fdc10627fbb05.png

 

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...