Installation failed, we could not find internet connection

[Tynril 0]

Hi!

Since I've upgraded to a new PC, I'm unable to install ESET NOD32 Antivirus.

When using the Live Installer, the installation doesn't even start, and displays an error saying that my Internet connection hasn't been found. Every other program has a fine Internet connection, and I'm able to ping update.eset.com with no issue.

This is the error window:

I've also attempted to use the Offline installer. With it, the installation works, but then the antivirus never succeeds at updating its modules, even after several days of attempts.

The exact same behavior also occurs on my wife's computer, which we've upgraded to the same configuration at the same time. We're both running the latest version of Windows 10 (2004, OS build 19041.329).

I'm not sure what to do at this point. I'd appreciate help.

Thanks.

[Marcos 5,070]

Were you able to activate EAV after installation? If not, please provide:
- logs collected with ESET Log Collector
- a Wireshark pcap log from an activation or update attempt
 

[Tynril 0]

Using the offline installer, I'm able to complete the installation (including, I think, the activation?). But downloading the modules fail.

When attempting to collect logs with the Log Collector, the ESET SysInspector download seems to fail. I only was able to successfully collect the logs when unchecking "ESET SysInspector log". I've attached those logs.

I've also attached a Wireshark npcap log for a (failed) update attempt.

eav_logs.zip

Edited June 20, 2020 by Tynril

[Marcos 5,070]

Unfortunately the Wireshark log is not what I wanted. The pcap file you've sent is a local traffic at localhost. Please select your network adapter in Wireshark before you start capturing network communication.

[itman 1,659]

14 hours ago, Tynril said:

Since I've upgraded to a new PC, I'm unable to install ESET NOD32 Antivirus.

What anti-virus and/or other security solutions are currently installed on the device?

[Tynril 0]

My bad, I did the capture on the loopback adapter. I've attached a capture of a failed update attempt from the outbound network interface.

There is no other anti-virus or security solution installed on the devices, except the default Windows Defender.

eset-nod32-update-attempt-ethernet.zip

[itman 1,659]

1 hour ago, Tynril said:

There is no other anti-virus or security solution installed on the devices, except the default Windows Defender.

Have you been receiving WD virus signature updates w/o issue?

[Tynril 0]

Yes, Windows Defender is updating fine.

Edited June 20, 2020 by Tynril
Typo.

[Marcos 5,070]

There is some network issue. After we send the GET command, instead of the server sending ACK there are several duplicate ACKs and retransmissions which end with the client terminating the connection:

Since the issue is also on another machine in LAN, I'd try another router or connecting through a different ISP, if possible.

[Tynril 0]

Everything else on my network is the same as on our previous computer, down the the same ethernet cable. I didn't notice that issue back then.

I've just notice that a modules update just went through successfully, despite not having changed anything. I wonder if there's something with ISP congestion somewhere on the link between my network and the update servers. I'll run PingPlotter for a while and share results.

[itman 1,659]

Another possibility here is an issue with the ISP DNS servers for some reason.

You could try switching temporarily to use of third party DNS server provider; e.g. Cloudflare, Google, etc., and see if this resolves the Eset network connectivity issues.

[Tynril 0]

I'm running a PiHole on the network that uses CloudFlare & Google as upstream (again, same as before the PC upgrade).

[itman 1,659]

Based on what is posted here: https://www.andrewdenty.com/blog/2020/01/25/installing-pi-hole-on-windows-10.html , Pihole performs localhost; e.g. 127.0.0.x, proxy activities.

Quote

Note: DNS1 needs to be left as 127.17.0.1 in order for Pi-hole to work. If you’re curious, 127.17.0.1 is the IP address for Localhost (or in other words this computer).

Suspect this might be the problem since the initial Eset network connection alert referred to local proxy as a possible conflict source.

Additionally, Eset internally proxies Internet traffic to support its various Web Access protections. Overall, I would say PiHole has to be uninstalled to avoid conflicts with Eset. You can temporarily disable Pihole and see if all Eset issues are resolved.

Edited June 21, 2020 by itman

[Tynril 0]

The PiHole is a separate device on the network that is the DNS server for the PC that encounters the issue. It is not running directly on the same computer.

I've also tried overriding the DNS server on the Windows computer to point directly to 1.1.1.1/8.8.8.8 (bypassing the PiHole), but it did not change anything with the issue described in this thread. I've also had no issue resolving update.eset.com to an IP, so I don't think there's a DNS issue here.

[itman 1,659]

21 minutes ago, Tynril said:

The PiHole is a separate device on the network that is the DNS server for the PC that encounters the issue. It is not running directly on the same computer.

Temporarily disable PiHole on that device or the device itself. Your ISP DNS server IP address are hard-coded into the router if it is an ISP issued router. Any DNS settings specified within the Win OS are the ones the ISP uses to forward to from its own DNS servers.

The bottom line is something within your existing network configuration is interfering with communication to Eset servers. It might be an issue with how the router you use is configured. It also might an issue with the ISP you are using and how it forwards Internet traffic. 

Edited June 21, 2020 by itman

[itman 1,659]

There is a recent forum posting in regards to Eset and PiHole here: https://forum.eset.com/topic/23452-pihole-eset-smart-security/ . It appears Eset works fine with Pihole installed. However in this case, it appears the OP was inadvertently blocking necessary Eset server communication. Believe something along this line is the reason for Eset installer and other subsequent network connection issues.

[Tynril 0]

Disabling the PiHole did not change anything.

I've also tried installing ESET NOD32 on my laptop, which I use from the exact same network, and I had no issue on that machine. I've even plugged the laptop on a wired connection to make sure there was no difference between ethernet and Wi-Fi, and the laptop has no issue whatsoever.

There was no inadvertent blocking of the communication to Eset's server. Even connecting a PC straight to the ISP modem, bypassing the router, the Pihole, and everything else on the network, the issue remains. The Wireshark capture also shows that the communication isn't blocked.

[Marcos 5,070]

If you have a chance, try connecting to the Internet through another ISP.

[itman 1,659]

11 hours ago, Tynril said:

I've also tried installing ESET NOD32 on my laptop, which I use from the exact same network, and I had no issue on that machine.

Is Win 10 2004 installed on that device?

[itman 1,659]

11 hours ago, Tynril said:

The Wireshark capture also shows that the communication isn't blocked.

The issue on the Win 10 2004 devices is not about network traffic per se being blocked to the Eset servers. The above posted Wireshark log shows that the servers are being reached. The problem appears to be in the handshaking processing that occurs between the client and servers. That processing is failing and the communication session is being dropped. It appears that ACK request from the Eset servers is not being properly received on the Win 2004 devices.

It is starting to look like this issue is due to the Win 10 2004 upgrade which to date has been problematic. One way to verify this would be rollback one of the devices back to ver, 1909. Install Eset on that device and verify that it installs and updates w/o issue. If no problems surface, then again upgrade the device to ver. 2004.

My PC is currently being blocked from the Win 10 2004 Feature Upgrade via Win Update due to compatibility issues. And I am in no rush to upgrade to it.