Jump to content

Apache Proxy trying to send anonymous data


greyjoy99
 Share

Recommended Posts

Hi all,

I have a question regarding ESET Live Grid Feedback system. Anonymous reporting is disabled by our policy which is forced to all computers, however Apache HTTP Proxy Logs are showing connection attempts to ESET's threat lab servers all the time. Do we have to disable anything else to avoid this?

No connection could be made because the target machine actively refused it.  : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.166.150:443 (ts.eset.com) failed
No connection could be made because the target machine actively refused it.  : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.167.146:443 (ts.eset.com) failed
No connection could be made because the target machine actively refused it.  : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.167:151:443 (ts.eset.com) failed
No connection could be made because the target machine actively refused it.  : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.166.11:443 (ts.eset.com) failed


image.png.119824081f3206f7c29e049f6511f8c2.png

Thanks.
Regards, M

Link to comment
Share on other sites

  • Administrators

Is it just one computer attempting to communicate with ts.eset.com? Have you had the LG feedback system enabled until recently? Are there any files in the "C:\ProgramData\ESET\ESET Security\Charon" folder besides cache.ndb?

Was that client activated properly and has no problem downloading module updates from ESET's servers?

Link to comment
Share on other sites

Several computers are attempting to communicate ( 583 unique ones in the last hour ).
LG feedback was always disabled, however, until 5 hours ago, there were settings for Submission of Samples enabled and greyed out (screenshot attached).
Charon folder contains cache.ndb file only. All clients are activated and don't have problems with updates.
image.png.1e011985767242329e11098f646e4b67.png

Link to comment
Share on other sites

  • 4 weeks later...
  • Administrators

I would check the settings of Endpoint on the client that appears in the logs to make sure that the LiveGrid feedback system is disabled. You can also monitor the folder "C:\ProgramData\ESET\ESET Security\Charon" on the client. It should be empty or contain only cache.ndb if the LG feedback system is disabled. What is the size of the file? You could run Procmon with a filter for that folder with dropping of filtered events enabled so that it can run for a longer time and monitor its content.

Also please keep in mind that this forum is not a substitute to contacting customer care. Complex issues that need further investigation need to be tracked properly so creating a support ticket with your local customer care is inevitable in such case.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...