CraigN 1 Posted November 8, 2020 Share Posted November 8, 2020 Keep getting pop-up message 'ESET Smart Security Premium has limited direct cloud connectivity' which directs me to https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall that advises me to '... hosts in each ESET component must be made accessible ... It seems like I need to download and configure something! but I don't understand what I'm suppose to download or configure :(. Please advise what actions I need to take to resolve the issue. Cheers Craig Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted November 8, 2020 Administrators Share Posted November 8, 2020 Most likely a firewall is blocking access to Parental Control or Antispam servers listed in the KB on port 53535. Link to comment Share on other sites More sharing options...
CraigN 1 Posted November 9, 2020 Author Share Posted November 9, 2020 (edited) Hi Marcos, Thanks for your reply ... I'm running Windows and the Domain/Private/Public networks all show that Microsoft Defender Firewall is not active, and the ESET firewall is turned on. There is is no other Firewall software installed or enabled. Hence I believe its caused by something else. Any ideas please let me know. Thanks Craig Edited November 9, 2020 by CraigN MaximillianC 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted November 10, 2020 Administrators Share Posted November 10, 2020 Theoretically your ISP may be blocking communication on port 53535. Do you have an option to connect to the Internet via another ISP to rule out ISP blocking the communication? Link to comment Share on other sites More sharing options...
Vyious 0 Posted December 6, 2020 Share Posted December 6, 2020 I'm also having the same problem, it started happening last week, I don't have any other firewall on this PC and I have 3 other computers on the same network with the same version of ESET installed non of which are having any problems so its definitely not the ISP. Link to comment Share on other sites More sharing options...
Oriol 0 Posted December 7, 2020 Share Posted December 7, 2020 I'm having the same problem too. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 7, 2020 Administrators Share Posted December 7, 2020 Are you still having the issues after the last Friday? Link to comment Share on other sites More sharing options...
eXult 0 Posted December 7, 2020 Share Posted December 7, 2020 I've been getting this as well for about two weeks. Have gotten it this morning as well. Both for direct cloud connectivity and the Live Grid. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 7, 2020 Administrators Share Posted December 7, 2020 1 hour ago, eXult said: I've been getting this as well for about two weeks. Have gotten it this morning as well. Both for direct cloud connectivity and the Live Grid. Please enable advanced logging under Help and support -> Details for customer care and reproduce the issue. Next disable logging, collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
Conano 0 Posted December 8, 2020 Share Posted December 8, 2020 Good afternoon, If this will help, I'm getting same thing for about 1-2 weeks. For me it does not look like issue with blocked ports, as connectivity issue appears only for few minutes and then it works fine for few hours or even rest of the day. Sometimes it gives me 3 popups a day, it is random. Link to comment Share on other sites More sharing options...
eXult 0 Posted December 8, 2020 Share Posted December 8, 2020 23 hours ago, Marcos said: Please enable advanced logging under Help and support -> Details for customer care and reproduce the issue. Next disable logging, collect logs with ESET Log Collector and upload the generated archive here. Hi Marcos, I am not aware of anything to trigger/replicate the issue on the spot, so I've had to leave it logging until it caught an event. Unfortunately after I was able to catch an event and create the archive, the file is sitting at 1.35GB, so I obviously can't upload it here. Let me know if there is anything I can do to get this over to you or if I can trim this log to contain just the info you need. Link to comment Share on other sites More sharing options...
rich56 0 Posted December 8, 2020 Share Posted December 8, 2020 I'm also getting same thing with ESET Internet Security for about 1-2 weeks. Already did an uninstall and reinstall with no success. It's getting rather annoying. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 8, 2020 Administrators Share Posted December 8, 2020 (edited) Those who experience this issue please carry on as follows: - create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\" - restart the machine - reproduce the issue - delete the file iris_force_enable_logs Compress all files located in "C:\ProgramData\ESET\ESET Security\Diagnostics" with the name commencing with "iris" and upload the archive here. Edited December 9, 2020 by Marcos Instructions redacted Link to comment Share on other sites More sharing options...
rich56 0 Posted December 8, 2020 Share Posted December 8, 2020 Marcos Is this what you need? iris.dc.0.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 9, 2020 Administrators Share Posted December 9, 2020 1 hour ago, rich56 said: Marcos Is this what you need? Yes, that's it. Do you get an error if you run "nslookup avcloud.e5.sk"? If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response? Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.166.46 91.228.166.52 Link to comment Share on other sites More sharing options...
Oriol 0 Posted December 9, 2020 Share Posted December 9, 2020 6 hours ago, Marcos said: - create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\" Hello, Marcos What extension should this empty file have? What kind of file is this? How is created. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 9, 2020 Administrators Share Posted December 9, 2020 1 hour ago, Oriol said: What extension should this empty file have? What kind of file is this? How is created. The file name will be iris.dc.0.log but if you keep logging enabled for a longer time another log with "1" instead "0" will be created, etc. You can try the nslookup commands that I listed above and let us know about the result. Link to comment Share on other sites More sharing options...
Zer0 Gee 0 Posted December 9, 2020 Share Posted December 9, 2020 Hi there, Same problem this morning. Read the web page related to the possibly blocked IP adresses but surely won't take time to test them all, it's a really long and boring trial test ! As other members, I don't have anything else that the Microsoft Firewall (which is active, actually). Didn't changed anything on my machine (Win 7 x64). Tried the nslookup command without the DNS IP in the end, immediately got a correct response : C:\Users\Chris>nslookup avcloud.e5.sk Serveur : dns1.proxad.net Address: 212.27.40.240 Réponse ne faisant pas autorité : Nom : avcloud.e5.sk Addresses: 91.228.167.137 91.228.166.52 I can help with the log thing, if it can help, I'm in the IT since I'm 9 yo. Cheers, Chris Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted December 9, 2020 Administrators Share Posted December 9, 2020 Please carry on as follows: - create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\" - restart the machine - reproduce the issue - delete the file iris_force_enable_logs Compress all files located in "C:\ProgramData\ESET\ESET Security\Diagnostics" with the name commencing with "iris" and upload the archive here. Link to comment Share on other sites More sharing options...
itman 1,741 Posted December 9, 2020 Share Posted December 9, 2020 13 hours ago, Marcos said: If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response? Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.166.46 91.228.166.52 Of note: Link to comment Share on other sites More sharing options...
eXult 0 Posted December 9, 2020 Share Posted December 9, 2020 17 minutes ago, itman said: Of note: Same response here. Link to comment Share on other sites More sharing options...
itman 1,741 Posted December 9, 2020 Share Posted December 9, 2020 8 minutes ago, eXult said: Same response here. Per the below Rotex screen shot, appears Eset uses geographically dispersed Internet staging servers. My suspicion is any internet LiveGrid connectivity issues lie with whatever source (highlighted) that is doing the hosting. My short duration issue occurred on Sunday. Assumed in this incident the hosting source was probably doing maintenance on the server/s. Persistent LiveGrid connectivity issues however would be indicative of a problem with whatever hosting source Eset is using for that given geographic area. Link to comment Share on other sites More sharing options...
itman 1,741 Posted December 9, 2020 Share Posted December 9, 2020 (edited) I will also add that there is a current unpatched DNS vulnerability affecting all Win Server OSes: https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/ that can lead to a DNS poisoning attack unless Microsoft recommended mitigation in deployed. Assumed this vulnerability is being actively exploited. Also assumed is this vulnerability could be targeted against Internet DNS relay servers. Edited December 9, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders WopsS 0 Posted December 9, 2020 ESET Insiders Share Posted December 9, 2020 (edited) I also have this problem on two machines. One is my real computer which has occurred only twice (once I had the internet adapter installed, which would make sense) and the other one it was random (I was playing a MMO at that point I think), both these errors happened in the same day, but at approx. 5 hours difference. The second one is a VM, this one is giving the error every time I start it or randomly during the usage. The VM is mostly used for work, so the internet is working every time I use the VM. Also this is the lookup: nslookup avcloud.e5.sk (Host) Server: router.asus.com Address: 192.168.0.1 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.167.103 91.228.165.44 nslookup avcloud.e5.sk 8.8.8.8 (Host) Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.166.46 91.228.166.52 Sometimes it also gives this Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Address: 38.90.226.12 nslookup avcloud.e5.sk (VM) Server: HOST-NAME.mshome.net Address: 172.22.80.1 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.167.46 91.228.165.44 91.228.165.117 91.228.167.16 38.90.226.53 nslookup avcloud.e5.sk 8.8.8.8 (VM) Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Address: 38.90.226.11 Another run I can also get this Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.166.46 91.228.166.52 Or also this Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: dnsj.e5.sk Address: 38.90.226.12 Aliases: avcloud.e5.sk The problem with VM started to appear from 04 December 2020 and it continue. I attached iris logs (from VM) below. I couldn't reproduce this problem on the host PC, maybe as @itman said, on the host it occurred only once or twice when I was connected to the internet so they might have done maintenance. Both Windows installations are using ESET Internet Security, version 14.0.22.0. iris_logs.zip Edited December 9, 2020 by WopsS Wording Link to comment Share on other sites More sharing options...
rich56 0 Posted December 9, 2020 Share Posted December 9, 2020 19 hours ago, Marcos said: Yes, that's it. Do you get an error if you run "nslookup avcloud.e5.sk"? If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response? Server: dns.google Address: 8.8.8.8 Non-authoritative answer: Name: avcloud.e5.sk Addresses: 91.228.166.46 91.228.166.52 Link to comment Share on other sites More sharing options...
Recommended Posts