Jump to content

Archived

This topic is now archived and is closed to further replies.

Fatih

ESET sending large amount of data

Recommended Posts

I guess I will not be getting a response from ESET on the issues raised on my last post.

 

Share this post


Link to post
Share on other sites

I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers.

Share this post


Link to post
Share on other sites
30 minutes ago, Marcos said:

f you are asking about the TCP connections by ekrn.exe,

I believe the OP is asking about the number of ekrn.exe UDP connections although they have nothing to do with bandwidth usage since the connections are all internal local network related.

Share this post


Link to post
Share on other sites

The bandwith usage problem is solved thanks to ITMan; ESET is not gobbling away my network resources anymore.

Yes, one of the questions was the number of udp connections. I understand it is high. Today at one point there were 9 udp and one tcp connections. What to make of it?

The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them?

Share this post


Link to post
Share on other sites
5 hours ago, Marcos said:

I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers.

I know this may be a little off topic but could there be a more similar to windows that can be activated on eset for people with limited connectivity e.g. a limited bandwidth or does eset usually not use a lot of data

Share this post


Link to post
Share on other sites
2 hours ago, Fatih said:

The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them?

The explorer.exe outbound activity on second thought is most likely due to Win 10 Cortana activities. I never see any like activity since I am using a third party product to block most of its outbound activities. Ref.: https://support.microsoft.com/en-us/help/4028014/windows-manage-cortana-settings

FYI. Win 10 settings has a Data Usage section where parameters can be set to limit bandwidth activities in case you were not aware of this. Of the 4.68 GB data usage shown in the below screen, 4.2 GB was due to FireFox. Like I stated previously, it is a real "pig" when it comes to data usage.

Eset_Data_Usage.thumb.png.4fefb5c787cd3a1bdd7564564d281a91.png

 

Share this post


Link to post
Share on other sites

 

I am still on Windows 8.1, though thinking of moving over to 10. The information will be handy then; thank you.

Which third party toll are you using?

Share this post


Link to post
Share on other sites
1 hour ago, Fatih said:

Which third party toll are you using?

None. I have an unlimited DSL 1 GB fiber connection.

Share this post


Link to post
Share on other sites

I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. "

I almost exclusively deal with office documents and do informational browsing, so was fine with a 6GB/month limit. That is why I noticed when ESET started using 1GB a day!!!

Share this post


Link to post
Share on other sites
3 hours ago, Fatih said:

I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. "

I assumed you were running Win 10. The reference was to Win 10's Cortana feature which is the major source of Microsoft's telemetry activities most find objectionable.

Share this post


Link to post
Share on other sites

Hello Marcos,

With so far no recurrence, I can safely say that the problem of ESET gobbling up my network resources has been solved, thanks to ITMan.

But I am left will couple of months' excess service provider bills and days lost wrestling with this problem.

What is ESET's compensation policy in such cases? I would understand ESET not assuming responsibility related to malware as its work is probably on "best effort" bases, but in rare situations where ESET itself directly causes damage to the user, there should be a compensation.

Share this post


Link to post
Share on other sites

A response would be appreciated...

Share this post


Link to post
Share on other sites
1 hour ago, Fatih said:

A response would be appreciated...

Hi - sorry to hear about your issues but you may find opening up a support ticket or calling eset if possible might get a better response. The forum is handy but it appears emailing is still the preferred and recommended method. Hopefully you can get something sorted

Share this post


Link to post
Share on other sites

1, The total size of submitted suspicious files from your machine within this year is 498,920 bytes. What could cause higher traffic is statistics sent by Connected Home Monitor (CHM). This feature is supposed to be used only in home networks. In corporate networks you should get a warning first. According to the files that were left in the charon folder it appears that you ran CHM in a network with approx. 9600 devices. However, 900 MB in 2 days is really too much, such amount of data might be collected in a few weeks time in big networks. As of the upcoming version of the CHM module, it will substantially reduce the amount of anonymous statistics that is sent, if sending of statistics is allowed.

2, You can ask for a license refund. However, we hope that you'll stay with us and enjoy exceptional protection that ESET offers to our users.

Share this post


Link to post
Share on other sites

I have never heard of CHM  and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??)

As his solution has solved the problem,ITMan's diagnosis is proven to be correct. According to which, my network resources were being consumed because ESET was trying to deliver Charon files in an infinite loop. So, it is a good idea to follow up on the above mentioned mystery case, but further assessment of the situation should be based on this diagnosis.

And this diagnosis says ESET used my network resources because of a previously encountered, known bug. Under this conditions ESET naturally should offer to compensate for the losses, rather than offering to refund the license fee.

Share this post


Link to post
Share on other sites
2 hours ago, Fatih said:

I have never heard of CHM  and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??)

The school network would be my best guess.

You should switch to the Eset firewall Public profile when you are connected to a public network.

-EDIT- The above assumes you were directly connected to the school network via Wi-Fi connection or Ethernet connection on the school premises.

Share this post


Link to post
Share on other sites

I see, you might not have scanned the network and simply having the firewall enabled would generate the stats. However, as I mentioned 900 MB in 2 days is far too much. Should you encounter it again, please enable logging of submitted files and monitor the event logs as well as the content of the charon folder for a while which will shed more light into what's being sent out. You can prevent extensive CHM stats from being gathered and sent by temporarily disabling submission of statistics.

image.png

Share this post


Link to post
Share on other sites

Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done.

Share this post


Link to post
Share on other sites
1 minute ago, Fatih said:

Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done.

As I wrote, we will substantially reduce the amount of statistics data from CHM. We are not aware of any issues with LiveGrid servers.

Share this post


Link to post
Share on other sites

Then how do you explain the fact that the  ITMan solution worked?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...