PiHole & ESET Smart Security

[WhoisUS 0]

Good evening, I use a PiHole in connection with Eset Smart Security.

Recently I have noticed again and again that ESET wants to establish a connection with the following domains (see photos). Eset Cloud is deactivated, as well as any Eset analysis.

I tried to check via Wireshark which data is sent there, but unfortunately (thank good?) It is encrypted. Request for Info.

When I uninstall Eset, these requests no longer come

 

 

[Marcos 5,070]

By ESS do you mean ESET Smart Security Premium? The latest version 13.1?

According to the screen shot you have Parental Control enabled.

Quote

Eset Cloud is deactivated, as well as any Eset analysis.

If you have the ESET LiveGrid Reputation system disabled, we strongly recommend enabling it since it's an important protection feature affecting detection / protection, cleaning as well as scan performance. We also recommend enabling the LiveGrid Feedback system.

[WhoisUS 0]

Thanks for the fast respond.

ESS is currently in use (last version 13.1) - It doesn't matter which ESET version I use (Antivirus or Internet Security)

Parent Control is deactivated.

Edited May 1, 2020 by WhoisUS

[micky_aurthor 0]

As you said most services are disabled than why you are using ESS?. 

[NewbyUser 72]

That could likely be the problem, PiHole is for Linux. ESS would seem to me to be the wrong version to be using.

Edited May 1, 2020 by NewbyUser

[Marcos 5,070]

While Windows is not officially supported, perhaps it runs on Windows as well according to this statement:

It was originally designed to run on Raspberry Pis. So, unless you had a Raspberry Pi, or a computer running Linux, you were out of luck. However, it's now available for Docker. This means it can be installed on any device which will run Docker, such as Windows PCs or Macs.

Anyways, ignoring the fact that it's Pi-hole, the DNS requests might have originated from antispam. Do you use MS Outlook or any of the supported email clients that ESET can integrate with?

[WhoisUS 0]

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

[NewbyUser 72]

2 hours ago, WhoisUS said:

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

The domain doesn't exist. What makes you think it;s related to or coming from ESS? While you're certainly free to do whatever you wish, if you're disabling all of the features of ESS, and don't seem to trust it, why use it? Why have a computer with no other software except ESS, and then disable most,  if not all it's functionality. You're essentially wasting money and time. 

[Marcos 5,070]

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

[NewbyUser 72]

15 minutes ago, Marcos said:

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

Oh, sorry. I relied on Who is, which came back to nothing, because i put an extra ".". lol

 

https://whois.domaintools.com/jhxwv5pp63xu7mn3uw5weyhff4bqeaqbaeaq.a.e.e5.s.k

 

[WhoisUS 0]

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me!

[NewbyUser 72]

18 minutes ago, WhoisUS said:

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me!

No worries. Your English is fine. Since you had most functions disabled, my guess would be some type of activation or licensing check perhaps relating to updates or product activation. If it puts your mind at ease, I'm not aware of any reason not to trust Eset or it's products. They're one of the better companies out there..