Jump to content

Archived

This topic is now archived and is closed to further replies.

WhoisUS

PiHole & ESET Smart Security

Recommended Posts

Good evening, I use a PiHole in connection with Eset Smart Security.

Recently I have noticed again and again that ESET wants to establish a connection with the following domains (see photos). Eset Cloud is deactivated, as well as any Eset analysis.

I tried to check via Wireshark which data is sent there, but unfortunately (thank good?) It is encrypted. Request for Info.

When I uninstall Eset, these requests no longer come

 

 

grafik.png

grafik.png

Share this post


Link to post
Share on other sites

By ESS do you mean ESET Smart Security Premium? The latest version 13.1?

According to the screen shot you have Parental Control enabled.

Quote

Eset Cloud is deactivated, as well as any Eset analysis.

If you have the ESET LiveGrid Reputation system disabled, we strongly recommend enabling it since it's an important protection feature affecting detection / protection, cleaning as well as scan performance. We also recommend enabling the LiveGrid Feedback system.

Share this post


Link to post
Share on other sites

Thanks for the fast respond.

ESS is currently in use (last version 13.1) - It doesn't matter which ESET version I use (Antivirus or Internet Security)

Parent Control is deactivated.

Share this post


Link to post
Share on other sites

As you said most services are disabled than why you are using ESS?. 

Share this post


Link to post
Share on other sites

That could likely be the problem, PiHole is for Linux. ESS would seem to me to be the wrong version to be using.

Share this post


Link to post
Share on other sites

While Windows is not officially supported, perhaps it runs on Windows as well according to this statement:

It was originally designed to run on Raspberry Pis. So, unless you had a Raspberry Pi, or a computer running Linux, you were out of luck. However, it's now available for Docker. This means it can be installed on any device which will run Docker, such as Windows PCs or Macs.

Anyways, ignoring the fact that it's Pi-hole, the DNS requests might have originated from antispam. Do you use MS Outlook or any of the supported email clients that ESET can integrate with?

Share this post


Link to post
Share on other sites

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

Share this post


Link to post
Share on other sites
2 hours ago, WhoisUS said:

My Pihole runs on a Rasperry Pi - I wonder where exactly does this DNS request come from? The domain looks at least a little dubious...

Nope - MS Outlook and/or Thunderbird are not installed and no other mail client. It was Clean Windows Installation - no other software is installed - just ESS.

The domain doesn't exist. What makes you think it;s related to or coming from ESS? While you're certainly free to do whatever you wish, if you're disabling all of the features of ESS, and don't seem to trust it, why use it? Why have a computer with no other software except ESS, and then disable most,  if not all it's functionality. You're essentially wasting money and time. 

Share this post


Link to post
Share on other sites

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

Share this post


Link to post
Share on other sites
15 minutes ago, Marcos said:

The domain is indeed correct. As you can see in https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall, there are several features in ESET that query *.e5.sk.

However, as you wrote disabling protection features just to avoid this DNS communication makes no sense. If one wants to be protected to the maximum extent, all protection features must be enabled and work.

Oh, sorry. I relied on Who is, which came back to nothing, because i put an extra ".". lol

 

https://whois.domaintools.com/jhxwv5pp63xu7mn3uw5weyhff4bqeaqbaeaq.a.e.e5.s.k

 

Share this post


Link to post
Share on other sites

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me! :D

Share this post


Link to post
Share on other sites
18 minutes ago, WhoisUS said:

I don't want to avoid DNS communication, I want to understand this dns query ..
I temporarily disabled the functions in Eset to find out which Eset component produces this DNS entry.
Thanks for the link, @Marcos ! 

My english is not so good - i hope everbody understand me! :D

No worries. Your English is fine. Since you had most functions disabled, my guess would be some type of activation or licensing check perhaps relating to updates or product activation. If it puts your mind at ease, I'm not aware of any reason not to trust Eset or it's products. They're one of the better companies out there..

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...