Tynril 0 Posted June 20, 2020 Share Posted June 20, 2020 Hi! Since I've upgraded to a new PC, I'm unable to install ESET NOD32 Antivirus. When using the Live Installer, the installation doesn't even start, and displays an error saying that my Internet connection hasn't been found. Every other program has a fine Internet connection, and I'm able to ping update.eset.com with no issue. This is the error window: I've also attempted to use the Offline installer. With it, the installation works, but then the antivirus never succeeds at updating its modules, even after several days of attempts. The exact same behavior also occurs on my wife's computer, which we've upgraded to the same configuration at the same time. We're both running the latest version of Windows 10 (2004, OS build 19041.329). I'm not sure what to do at this point. I'd appreciate help. Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted June 20, 2020 Administrators Share Posted June 20, 2020 Were you able to activate EAV after installation? If not, please provide: - logs collected with ESET Log Collector - a Wireshark pcap log from an activation or update attempt Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 20, 2020 Author Share Posted June 20, 2020 (edited) Using the offline installer, I'm able to complete the installation (including, I think, the activation?). But downloading the modules fail. When attempting to collect logs with the Log Collector, the ESET SysInspector download seems to fail. I only was able to successfully collect the logs when unchecking "ESET SysInspector log". I've attached those logs. I've also attached a Wireshark npcap log for a (failed) update attempt. eav_logs.zip Edited June 20, 2020 by Tynril Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted June 20, 2020 Administrators Share Posted June 20, 2020 Unfortunately the Wireshark log is not what I wanted. The pcap file you've sent is a local traffic at localhost. Please select your network adapter in Wireshark before you start capturing network communication. Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 20, 2020 Share Posted June 20, 2020 14 hours ago, Tynril said: Since I've upgraded to a new PC, I'm unable to install ESET NOD32 Antivirus. What anti-virus and/or other security solutions are currently installed on the device? Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 20, 2020 Author Share Posted June 20, 2020 My bad, I did the capture on the loopback adapter. I've attached a capture of a failed update attempt from the outbound network interface. There is no other anti-virus or security solution installed on the devices, except the default Windows Defender. eset-nod32-update-attempt-ethernet.zip Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 20, 2020 Share Posted June 20, 2020 1 hour ago, Tynril said: There is no other anti-virus or security solution installed on the devices, except the default Windows Defender. Have you been receiving WD virus signature updates w/o issue? Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 20, 2020 Author Share Posted June 20, 2020 (edited) Yes, Windows Defender is updating fine. Edited June 20, 2020 by Tynril Typo. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted June 21, 2020 Administrators Share Posted June 21, 2020 There is some network issue. After we send the GET command, instead of the server sending ACK there are several duplicate ACKs and retransmissions which end with the client terminating the connection: Since the issue is also on another machine in LAN, I'd try another router or connecting through a different ISP, if possible. Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 21, 2020 Author Share Posted June 21, 2020 Everything else on my network is the same as on our previous computer, down the the same ethernet cable. I didn't notice that issue back then. I've just notice that a modules update just went through successfully, despite not having changed anything. I wonder if there's something with ISP congestion somewhere on the link between my network and the update servers. I'll run PingPlotter for a while and share results. Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 21, 2020 Share Posted June 21, 2020 Another possibility here is an issue with the ISP DNS servers for some reason. You could try switching temporarily to use of third party DNS server provider; e.g. Cloudflare, Google, etc., and see if this resolves the Eset network connectivity issues. Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 21, 2020 Author Share Posted June 21, 2020 I'm running a PiHole on the network that uses CloudFlare & Google as upstream (again, same as before the PC upgrade). Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 21, 2020 Share Posted June 21, 2020 (edited) Based on what is posted here: https://www.andrewdenty.com/blog/2020/01/25/installing-pi-hole-on-windows-10.html , Pihole performs localhost; e.g. 127.0.0.x, proxy activities. Quote Note: DNS1 needs to be left as 127.17.0.1 in order for Pi-hole to work. If you’re curious, 127.17.0.1 is the IP address for Localhost (or in other words this computer). Suspect this might be the problem since the initial Eset network connection alert referred to local proxy as a possible conflict source. Additionally, Eset internally proxies Internet traffic to support its various Web Access protections. Overall, I would say PiHole has to be uninstalled to avoid conflicts with Eset. You can temporarily disable Pihole and see if all Eset issues are resolved. Edited June 21, 2020 by itman Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 21, 2020 Author Share Posted June 21, 2020 The PiHole is a separate device on the network that is the DNS server for the PC that encounters the issue. It is not running directly on the same computer. I've also tried overriding the DNS server on the Windows computer to point directly to 1.1.1.1/8.8.8.8 (bypassing the PiHole), but it did not change anything with the issue described in this thread. I've also had no issue resolving update.eset.com to an IP, so I don't think there's a DNS issue here. Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 21, 2020 Share Posted June 21, 2020 (edited) 21 minutes ago, Tynril said: The PiHole is a separate device on the network that is the DNS server for the PC that encounters the issue. It is not running directly on the same computer. Temporarily disable PiHole on that device or the device itself. Your ISP DNS server IP address are hard-coded into the router if it is an ISP issued router. Any DNS settings specified within the Win OS are the ones the ISP uses to forward to from its own DNS servers. The bottom line is something within your existing network configuration is interfering with communication to Eset servers. It might be an issue with how the router you use is configured. It also might an issue with the ISP you are using and how it forwards Internet traffic. Edited June 21, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 21, 2020 Share Posted June 21, 2020 There is a recent forum posting in regards to Eset and PiHole here: https://forum.eset.com/topic/23452-pihole-eset-smart-security/ . It appears Eset works fine with Pihole installed. However in this case, it appears the OP was inadvertently blocking necessary Eset server communication. Believe something along this line is the reason for Eset installer and other subsequent network connection issues. Link to comment Share on other sites More sharing options...
Tynril 0 Posted June 22, 2020 Author Share Posted June 22, 2020 Disabling the PiHole did not change anything. I've also tried installing ESET NOD32 on my laptop, which I use from the exact same network, and I had no issue on that machine. I've even plugged the laptop on a wired connection to make sure there was no difference between ethernet and Wi-Fi, and the laptop has no issue whatsoever. There was no inadvertent blocking of the communication to Eset's server. Even connecting a PC straight to the ISP modem, bypassing the router, the Pihole, and everything else on the network, the issue remains. The Wireshark capture also shows that the communication isn't blocked. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted June 22, 2020 Administrators Share Posted June 22, 2020 If you have a chance, try connecting to the Internet through another ISP. Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 22, 2020 Share Posted June 22, 2020 11 hours ago, Tynril said: I've also tried installing ESET NOD32 on my laptop, which I use from the exact same network, and I had no issue on that machine. Is Win 10 2004 installed on that device? Link to comment Share on other sites More sharing options...
itman 1,627 Posted June 22, 2020 Share Posted June 22, 2020 11 hours ago, Tynril said: The Wireshark capture also shows that the communication isn't blocked. The issue on the Win 10 2004 devices is not about network traffic per se being blocked to the Eset servers. The above posted Wireshark log shows that the servers are being reached. The problem appears to be in the handshaking processing that occurs between the client and servers. That processing is failing and the communication session is being dropped. It appears that ACK request from the Eset servers is not being properly received on the Win 2004 devices. It is starting to look like this issue is due to the Win 10 2004 upgrade which to date has been problematic. One way to verify this would be rollback one of the devices back to ver, 1909. Install Eset on that device and verify that it installs and updates w/o issue. If no problems surface, then again upgrade the device to ver. 2004. My PC is currently being blocked from the Win 10 2004 Feature Upgrade via Win Update due to compatibility issues. And I am in no rush to upgrade to it. Link to comment Share on other sites More sharing options...
Recommended Posts