greyjoy99 0 Posted June 3, 2019 Posted June 3, 2019 Hi all, I have a question regarding ESET Live Grid Feedback system. Anonymous reporting is disabled by our policy which is forced to all computers, however Apache HTTP Proxy Logs are showing connection attempts to ESET's threat lab servers all the time. Do we have to disable anything else to avoid this? No connection could be made because the target machine actively refused it. : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.166.150:443 (ts.eset.com) failed No connection could be made because the target machine actively refused it. : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.167.146:443 (ts.eset.com) failed No connection could be made because the target machine actively refused it. : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.167:151:443 (ts.eset.com) failed No connection could be made because the target machine actively refused it. : [client xx.xx.xx.xx] AH00939: CONNECT: attempt to connect to 91.228.166.11:443 (ts.eset.com) failed Thanks. Regards, M
Administrators Marcos 5,455 Posted June 3, 2019 Administrators Posted June 3, 2019 Is it just one computer attempting to communicate with ts.eset.com? Have you had the LG feedback system enabled until recently? Are there any files in the "C:\ProgramData\ESET\ESET Security\Charon" folder besides cache.ndb? Was that client activated properly and has no problem downloading module updates from ESET's servers?
greyjoy99 0 Posted June 3, 2019 Author Posted June 3, 2019 Several computers are attempting to communicate ( 583 unique ones in the last hour ). LG feedback was always disabled, however, until 5 hours ago, there were settings for Submission of Samples enabled and greyed out (screenshot attached). Charon folder contains cache.ndb file only. All clients are activated and don't have problems with updates.
greyjoy99 0 Posted June 27, 2019 Author Posted June 27, 2019 Hi, any update on this issue? Apache logs are still filled with failed connection attempts. Thank you.
Administrators Marcos 5,455 Posted June 27, 2019 Administrators Posted June 27, 2019 I would check the settings of Endpoint on the client that appears in the logs to make sure that the LiveGrid feedback system is disabled. You can also monitor the folder "C:\ProgramData\ESET\ESET Security\Charon" on the client. It should be empty or contain only cache.ndb if the LG feedback system is disabled. What is the size of the file? You could run Procmon with a filter for that folder with dropping of filtered events enabled so that it can run for a longer time and monitor its content. Also please keep in mind that this forum is not a substitute to contacting customer care. Complex issues that need further investigation need to be tracked properly so creating a support ticket with your local customer care is inevitable in such case.
Recommended Posts