Jump to content

ESET server, packet discards, and large amounts of traffic


spfister
 Share

Recommended Posts

I'm a network engineer trying to figure out why our ESET server is seeing a large amount of discarded incoming packets. It's also see an unusually large amount of traffic for what I've been told is only doing anti-virus. For example, Monday at 9pm local time through Tuesday at noon, I see incoming traffic of a little over 600GB. Currently, every time I do a packet capture at our firewall looking at incoming traffic to this server, I see a pretty constant inbound stream. It's trying to download a file called update.ver.signed over and over again. Sometimes, this download results in an HTTP error code 401 (authorization required). 

Link to comment
Share on other sites

  • Administrators

ESET should attempt to download update.ver.signed only once during update, ie. once an hour by default unless you have configured update to run more frequently in scheduler. Please provide some screen shot to illustrate the issue.

Link to comment
Share on other sites

I'm not sure what to post. I'm doing a large amount of packet captures at our firewall examining traffic going to the ESET server. It looks like the server does a GET /eset_upd/ep7/dll/update.ver.signed about every five minutes. Before every GET, there is a HEAD command for the same path. This gets a 401 (authorization needed) response from the server. So far, about half past the hour, it appears to do this 2 or 3 times in a row, about a second apart.

I'm not the person who administers this server, but I can ask him about settings. I'm just trying to figure out why there's such a large amount of traffic to and from this server at all hours.

Link to comment
Share on other sites

  • Administrators

You could provide logs for perusal as follows:
- enable advanced update engine logging
- after some time (e.g. 1 hour) disable logging
- collect logs with ESET Log Collector and provide the generated archive.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...