Jump to content

ESET sending large amount of data


Recommended Posts

  • Administrators

I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers.

Link to comment
Share on other sites

30 minutes ago, Marcos said:

f you are asking about the TCP connections by ekrn.exe,

I believe the OP is asking about the number of ekrn.exe UDP connections although they have nothing to do with bandwidth usage since the connections are all internal local network related.

Link to comment
Share on other sites

The bandwith usage problem is solved thanks to ITMan; ESET is not gobbling away my network resources anymore.

Yes, one of the questions was the number of udp connections. I understand it is high. Today at one point there were 9 udp and one tcp connections. What to make of it?

The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them?

Link to comment
Share on other sites

  • Most Valued Members
5 hours ago, Marcos said:

I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers.

I know this may be a little off topic but could there be a more similar to windows that can be activated on eset for people with limited connectivity e.g. a limited bandwidth or does eset usually not use a lot of data

Link to comment
Share on other sites

2 hours ago, Fatih said:

The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them?

The explorer.exe outbound activity on second thought is most likely due to Win 10 Cortana activities. I never see any like activity since I am using a third party product to block most of its outbound activities. Ref.: https://support.microsoft.com/en-us/help/4028014/windows-manage-cortana-settings

FYI. Win 10 settings has a Data Usage section where parameters can be set to limit bandwidth activities in case you were not aware of this. Of the 4.68 GB data usage shown in the below screen, 4.2 GB was due to FireFox. Like I stated previously, it is a real "pig" when it comes to data usage.

Eset_Data_Usage.thumb.png.4fefb5c787cd3a1bdd7564564d281a91.png

 

Edited by itman
Link to comment
Share on other sites

 

I am still on Windows 8.1, though thinking of moving over to 10. The information will be handy then; thank you.

Which third party toll are you using?

Link to comment
Share on other sites

I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. "

I almost exclusively deal with office documents and do informational browsing, so was fine with a 6GB/month limit. That is why I noticed when ESET started using 1GB a day!!!

Link to comment
Share on other sites

3 hours ago, Fatih said:

I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. "

I assumed you were running Win 10. The reference was to Win 10's Cortana feature which is the major source of Microsoft's telemetry activities most find objectionable.

Link to comment
Share on other sites

Hello Marcos,

With so far no recurrence, I can safely say that the problem of ESET gobbling up my network resources has been solved, thanks to ITMan.

But I am left will couple of months' excess service provider bills and days lost wrestling with this problem.

What is ESET's compensation policy in such cases? I would understand ESET not assuming responsibility related to malware as its work is probably on "best effort" bases, but in rare situations where ESET itself directly causes damage to the user, there should be a compensation.

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Fatih said:

A response would be appreciated...

Hi - sorry to hear about your issues but you may find opening up a support ticket or calling eset if possible might get a better response. The forum is handy but it appears emailing is still the preferred and recommended method. Hopefully you can get something sorted

Link to comment
Share on other sites

  • Administrators

1, The total size of submitted suspicious files from your machine within this year is 498,920 bytes. What could cause higher traffic is statistics sent by Connected Home Monitor (CHM). This feature is supposed to be used only in home networks. In corporate networks you should get a warning first. According to the files that were left in the charon folder it appears that you ran CHM in a network with approx. 9600 devices. However, 900 MB in 2 days is really too much, such amount of data might be collected in a few weeks time in big networks. As of the upcoming version of the CHM module, it will substantially reduce the amount of anonymous statistics that is sent, if sending of statistics is allowed.

2, You can ask for a license refund. However, we hope that you'll stay with us and enjoy exceptional protection that ESET offers to our users.

Link to comment
Share on other sites

I have never heard of CHM  and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??)

As his solution has solved the problem,ITMan's diagnosis is proven to be correct. According to which, my network resources were being consumed because ESET was trying to deliver Charon files in an infinite loop. So, it is a good idea to follow up on the above mentioned mystery case, but further assessment of the situation should be based on this diagnosis.

And this diagnosis says ESET used my network resources because of a previously encountered, known bug. Under this conditions ESET naturally should offer to compensate for the losses, rather than offering to refund the license fee.

Link to comment
Share on other sites

2 hours ago, Fatih said:

I have never heard of CHM  and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??)

The school network would be my best guess.

You should switch to the Eset firewall Public profile when you are connected to a public network.

-EDIT- The above assumes you were directly connected to the school network via Wi-Fi connection or Ethernet connection on the school premises.

Edited by itman
Link to comment
Share on other sites

  • Administrators

I see, you might not have scanned the network and simply having the firewall enabled would generate the stats. However, as I mentioned 900 MB in 2 days is far too much. Should you encounter it again, please enable logging of submitted files and monitor the event logs as well as the content of the charon folder for a while which will shed more light into what's being sent out. You can prevent extensive CHM stats from being gathered and sent by temporarily disabling submission of statistics.

image.png

Link to comment
Share on other sites

Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done.

Link to comment
Share on other sites

  • Administrators
1 minute ago, Fatih said:

Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done.

As I wrote, we will substantially reduce the amount of statistics data from CHM. We are not aware of any issues with LiveGrid servers.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...