ESET Insiders stackz 112 Posted October 14, 2019 ESET Insiders Share Posted October 14, 2019 FYI, the last TCPView pic shows explorer.exe connected to Microsoft - 40.67.254.36 Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 14, 2019 Share Posted October 14, 2019 1 hour ago, stackz said: FYI, the last TCPView pic shows explorer.exe connected to Microsoft - 40.67.254.36 I was referring to the screenshot here: https://forum.eset.com/topic/21131-eset-sending-large-amount-of-data/?do=findComment&comment=102915 Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 15, 2019 Author Share Posted October 15, 2019 I guess I will not be getting a response from ESET on the issues raised on my last post. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 15, 2019 Administrators Share Posted October 15, 2019 I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 15, 2019 Share Posted October 15, 2019 30 minutes ago, Marcos said: f you are asking about the TCP connections by ekrn.exe, I believe the OP is asking about the number of ekrn.exe UDP connections although they have nothing to do with bandwidth usage since the connections are all internal local network related. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 15, 2019 Author Share Posted October 15, 2019 The bandwith usage problem is solved thanks to ITMan; ESET is not gobbling away my network resources anymore. Yes, one of the questions was the number of udp connections. I understand it is high. Today at one point there were 9 udp and one tcp connections. What to make of it? The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them? Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted October 15, 2019 Most Valued Members Share Posted October 15, 2019 5 hours ago, Marcos said: I'm sorry but I don't understand what the question is. If you are asking about the TCP connections by ekrn.exe, I assume it would be possible to reduce them by disabling LiveGrid, IPM, streamed updates, etc. mostly at the cost of deteriorating protection capabilities, however, the product would still attempt to communicate with licensing / activation servers. I know this may be a little off topic but could there be a more similar to windows that can be activated on eset for people with limited connectivity e.g. a limited bandwidth or does eset usually not use a lot of data Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 15, 2019 Share Posted October 15, 2019 (edited) 2 hours ago, Fatih said: The other two questions were related to suspicious activities observed while struggling with the bandwidth problem. What to make of them? The explorer.exe outbound activity on second thought is most likely due to Win 10 Cortana activities. I never see any like activity since I am using a third party product to block most of its outbound activities. Ref.: https://support.microsoft.com/en-us/help/4028014/windows-manage-cortana-settings FYI. Win 10 settings has a Data Usage section where parameters can be set to limit bandwidth activities in case you were not aware of this. Of the 4.68 GB data usage shown in the below screen, 4.2 GB was due to FireFox. Like I stated previously, it is a real "pig" when it comes to data usage. Edited October 15, 2019 by itman Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 15, 2019 Author Share Posted October 15, 2019 I am still on Windows 8.1, though thinking of moving over to 10. The information will be handy then; thank you. Which third party toll are you using? Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 15, 2019 Share Posted October 15, 2019 1 hour ago, Fatih said: Which third party toll are you using? None. I have an unlimited DSL 1 GB fiber connection. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 16, 2019 Author Share Posted October 16, 2019 I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. " I almost exclusively deal with office documents and do informational browsing, so was fine with a 6GB/month limit. That is why I noticed when ESET started using 1GB a day!!! Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 16, 2019 Share Posted October 16, 2019 3 hours ago, Fatih said: I meant this: " I never see any like activity since I am using a third party product to block most of its outbound activities. " I assumed you were running Win 10. The reference was to Win 10's Cortana feature which is the major source of Microsoft's telemetry activities most find objectionable. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 21, 2019 Author Share Posted October 21, 2019 Hello Marcos, With so far no recurrence, I can safely say that the problem of ESET gobbling up my network resources has been solved, thanks to ITMan. But I am left will couple of months' excess service provider bills and days lost wrestling with this problem. What is ESET's compensation policy in such cases? I would understand ESET not assuming responsibility related to malware as its work is probably on "best effort" bases, but in rare situations where ESET itself directly causes damage to the user, there should be a compensation. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 23, 2019 Author Share Posted October 23, 2019 A response would be appreciated... Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted October 23, 2019 Most Valued Members Share Posted October 23, 2019 1 hour ago, Fatih said: A response would be appreciated... Hi - sorry to hear about your issues but you may find opening up a support ticket or calling eset if possible might get a better response. The forum is handy but it appears emailing is still the preferred and recommended method. Hopefully you can get something sorted Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 23, 2019 Author Share Posted October 23, 2019 Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 23, 2019 Administrators Share Posted October 23, 2019 1, The total size of submitted suspicious files from your machine within this year is 498,920 bytes. What could cause higher traffic is statistics sent by Connected Home Monitor (CHM). This feature is supposed to be used only in home networks. In corporate networks you should get a warning first. According to the files that were left in the charon folder it appears that you ran CHM in a network with approx. 9600 devices. However, 900 MB in 2 days is really too much, such amount of data might be collected in a few weeks time in big networks. As of the upcoming version of the CHM module, it will substantially reduce the amount of anonymous statistics that is sent, if sending of statistics is allowed. 2, You can ask for a license refund. However, we hope that you'll stay with us and enjoy exceptional protection that ESET offers to our users. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 23, 2019 Author Share Posted October 23, 2019 I have never heard of CHM and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??) As his solution has solved the problem,ITMan's diagnosis is proven to be correct. According to which, my network resources were being consumed because ESET was trying to deliver Charon files in an infinite loop. So, it is a good idea to follow up on the above mentioned mystery case, but further assessment of the situation should be based on this diagnosis. And this diagnosis says ESET used my network resources because of a previously encountered, known bug. Under this conditions ESET naturally should offer to compensate for the losses, rather than offering to refund the license fee. Link to comment Share on other sites More sharing options...
itman 1,659 Posted October 23, 2019 Share Posted October 23, 2019 (edited) 2 hours ago, Fatih said: I have never heard of CHM and have not run it; this is a pc used for personal activities. If it seems I have, can this be the result of a malicious activity in my computer. (Or being connected to a school network at times??) The school network would be my best guess. You should switch to the Eset firewall Public profile when you are connected to a public network. -EDIT- The above assumes you were directly connected to the school network via Wi-Fi connection or Ethernet connection on the school premises. Edited October 23, 2019 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 23, 2019 Administrators Share Posted October 23, 2019 I see, you might not have scanned the network and simply having the firewall enabled would generate the stats. However, as I mentioned 900 MB in 2 days is far too much. Should you encounter it again, please enable logging of submitted files and monitor the event logs as well as the content of the charon folder for a while which will shed more light into what's being sent out. You can prevent extensive CHM stats from being gathered and sent by temporarily disabling submission of statistics. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 23, 2019 Author Share Posted October 23, 2019 Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted October 23, 2019 Administrators Share Posted October 23, 2019 1 minute ago, Fatih said: Thank you for the suggestions. As I have said, ITMan solution has worked; problem is solved on this client's side. Kindly solve it on the server side; and assume responsibility for the damages until that is done. As I wrote, we will substantially reduce the amount of statistics data from CHM. We are not aware of any issues with LiveGrid servers. Link to comment Share on other sites More sharing options...
Fatih 0 Posted October 23, 2019 Author Share Posted October 23, 2019 Then how do you explain the fact that the ITMan solution worked? Link to comment Share on other sites More sharing options...
Recommended Posts