Jump to content

PiHole & ESET Smart Security


Recommended Posts

Good evening, I use a PiHole in connection with Eset Smart Security.

Recently I have noticed again and again that ESET wants to establish a connection with the following domains (see photos). Eset Cloud is deactivated, as well as any Eset analysis.

I tried to check via Wireshark which data is sent there, but unfortunately (thank good?) It is encrypted. Request for Info.

When I uninstall Eset, these requests no longer come

 

 

grafik.png

grafik.png

Link to comment
Share on other sites

  • Administrators

By ESS do you mean ESET Smart Security Premium? The latest version 13.1?

According to the screen shot you have Parental Control enabled.

Quote

Eset Cloud is deactivated, as well as any Eset analysis.

If you have the ESET LiveGrid Reputation system disabled, we strongly recommend enabling it since it's an important protection feature affecting detection / protection, cleaning as well as scan performance. We also recommend enabling the LiveGrid Feedback system.

Link to comment
Share on other sites

Thanks for the fast respond.

ESS is currently in use (last version 13.1) - It doesn't matter which ESET version I use (Antivirus or Internet Security)

Parent Control is deactivated.

Edited by WhoisUS
Link to comment
Share on other sites

  • ESET Insiders

That could likely be the problem, PiHole is for Linux. ESS would seem to me to be the wrong version to be using.

Edited by NewbyUser
Link to comment
Share on other sites

  • Administrators

While Windows is not officially supported, perhaps it runs on Windows as well according to this statement:

It was originally designed to run on Raspberry Pis. So, unless you had a Raspberry Pi, or a computer running Linux, you were out of luck. However, it's now available for Docker. This means it can be installed on any device which will run Docker, such as Windows PCs or Macs.

Anyways, ignoring the fact that it's Pi-hole, the DNS requests might have originated from antispam. Do you use MS Outlook or any of the supported email clients that ESET can integrate with?

Link to comment
Share on other sites

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

Link to comment
Share on other sites

  • ESET Insiders
2 hours ago, WhoisUS said:

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

The domain doesn't exist. What makes you think it;s related to or coming from ESS? While you're certainly free to do whatever you wish, if you're disabling all of the features of ESS, and don't seem to trust it, why use it? Why have a computer with no other software except ESS, and then disable most,  if not all it's functionality. You're essentially wasting money and time. 

Link to comment
Share on other sites

  • Administrators

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

Link to comment
Share on other sites

  • ESET Insiders
15 minutes ago, Marcos said:

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

Oh, sorry. I relied on Who is, which came back to nothing, because i put an extra ".". lol

 

https://whois.domaintools.com/jhxwv5pp63xu7mn3uw5weyhff4bqeaqbaeaq.a.e.e5.s.k

 

Link to comment
Share on other sites

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me! :D

Link to comment
Share on other sites

  • ESET Insiders
18 minutes ago, WhoisUS said:

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me! :D

No worries. Your English is fine. Since you had most functions disabled, my guess would be some type of activation or licensing check perhaps relating to updates or product activation. If it puts your mind at ease, I'm not aware of any reason not to trust Eset or it's products. They're one of the better companies out there..

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...