spfister 0 Posted March 11, 2020 Share Posted March 11, 2020 I'm a network engineer trying to figure out why our ESET server is seeing a large amount of discarded incoming packets. It's also see an unusually large amount of traffic for what I've been told is only doing anti-virus. For example, Monday at 9pm local time through Tuesday at noon, I see incoming traffic of a little over 600GB. Currently, every time I do a packet capture at our firewall looking at incoming traffic to this server, I see a pretty constant inbound stream. It's trying to download a file called update.ver.signed over and over again. Sometimes, this download results in an HTTP error code 401 (authorization required). Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 11, 2020 Administrators Share Posted March 11, 2020 ESET should attempt to download update.ver.signed only once during update, ie. once an hour by default unless you have configured update to run more frequently in scheduler. Please provide some screen shot to illustrate the issue. Link to comment Share on other sites More sharing options...
spfister 0 Posted March 12, 2020 Author Share Posted March 12, 2020 I'm not sure what to post. I'm doing a large amount of packet captures at our firewall examining traffic going to the ESET server. It looks like the server does a GET /eset_upd/ep7/dll/update.ver.signed about every five minutes. Before every GET, there is a HEAD command for the same path. This gets a 401 (authorization needed) response from the server. So far, about half past the hour, it appears to do this 2 or 3 times in a row, about a second apart. I'm not the person who administers this server, but I can ask him about settings. I'm just trying to figure out why there's such a large amount of traffic to and from this server at all hours. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted March 12, 2020 Administrators Share Posted March 12, 2020 You could provide logs for perusal as follows: - enable advanced update engine logging - after some time (e.g. 1 hour) disable logging - collect logs with ESET Log Collector and provide the generated archive. Link to comment Share on other sites More sharing options...
Recommended Posts