Jump to content

ESET Smart Security Premium has limited direct cloud connectivity


Recommended Posts

Keep getting pop-up message 'ESET Smart Security Premium has limited direct cloud connectivity' which directs me to https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall that advises me to '... hosts in each ESET component must be made accessible ...

It seems like I need to download and configure something! but I don't understand what I'm suppose to download or configure :(.

Please advise what actions I need to take to resolve the issue. Cheers Craig

 

 

Link to comment
Share on other sites

Hi Marcos,

                 Thanks for your reply ... I'm running Windows and the Domain/Private/Public networks all show that Microsoft Defender Firewall is not active, and the ESET firewall is turned on. There is is no other Firewall software installed or enabled.  Hence I believe its  caused by something else. Any ideas please let me know. Thanks Craig

Edited by CraigN
Link to comment
Share on other sites

  • Administrators

Theoretically your ISP may be blocking communication on port 53535. Do you have an option to connect to the Internet via another ISP to rule out ISP blocking the communication?

Link to comment
Share on other sites

  • 4 weeks later...

I'm also having the same problem, it started happening last week, I don't have any other firewall on this PC and I have 3 other computers on the same network with the same version of ESET installed non of which are having any problems so its definitely not the ISP.

Link to comment
Share on other sites

I've been getting this as well for about two weeks. Have gotten it this morning as well. Both for direct cloud connectivity and the Live Grid. 

Link to comment
Share on other sites

  • Administrators
1 hour ago, eXult said:

I've been getting this as well for about two weeks. Have gotten it this morning as well. Both for direct cloud connectivity and the Live Grid. 

Please enable advanced logging under Help and support -> Details for customer care and reproduce the issue. Next disable logging, collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites

Good afternoon,

If this will help, I'm getting same thing for about 1-2 weeks.

For me it does not look like issue with blocked ports, as connectivity issue appears only for few minutes and then it works fine for few hours or even rest of the day. Sometimes it gives me 3 popups a day, it is random.

Link to comment
Share on other sites

23 hours ago, Marcos said:

Please enable advanced logging under Help and support -> Details for customer care and reproduce the issue. Next disable logging, collect logs with ESET Log Collector and upload the generated archive here.

Hi Marcos,

I am not aware of anything to trigger/replicate the issue on the spot, so I've had to leave it logging until it caught an event. Unfortunately after I was able to catch an event and create the archive, the file is sitting at 1.35GB, so I obviously can't upload it here. Let me know if there is anything I can do to get this over to you or if I can trim this log to contain just the info you need. 

Link to comment
Share on other sites

I'm also getting same thing with ESET Internet Security for about 1-2 weeks. Already did an uninstall and reinstall with no success. It's getting rather annoying. 

Link to comment
Share on other sites

  • Administrators

Those who experience this issue please carry on as follows:

- create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\"
- restart the machine
- reproduce the issue
- delete the file iris_force_enable_logs

Compress all files located in "C:\ProgramData\ESET\ESET Security\Diagnostics" with the name commencing with "iris" and upload the archive here.

Edited by Marcos
Instructions redacted
Link to comment
Share on other sites

  • Administrators
1 hour ago, rich56 said:

Marcos
Is this what you need?

Yes, that's it.

Do you get an error if you run "nslookup avcloud.e5.sk"?

If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response?

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.166.46
          91.228.166.52

 

Link to comment
Share on other sites

6 hours ago, Marcos said:

- create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\"

 

Hello, Marcos

What extension should this empty file have? What kind of file is this? How is created.

Thank you.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Oriol said:

What extension should this empty file have? What kind of file is this? How is created.

The file name will be iris.dc.0.log but if you keep logging enabled for a longer time another log with "1" instead "0" will be created, etc. You can try the nslookup commands that I listed above and let us know about the result.

Link to comment
Share on other sites

Hi there,

 

Same problem this morning. Read the web page related to the possibly blocked IP adresses but surely won't take time to test them all, it's a really long and boring trial test !

As other members, I don't have anything else that the Microsoft Firewall (which is active, actually). Didn't changed anything on my machine (Win 7 x64).

Tried the nslookup command without the DNS IP in the end, immediately got a correct response :

C:\Users\Chris>nslookup avcloud.e5.sk
Serveur :   dns1.proxad.net
Address:  212.27.40.240

Réponse ne faisant pas autorité :
Nom :    avcloud.e5.sk
Addresses:  91.228.167.137
          91.228.166.52

 

I can help with the log thing, if it can help, I'm in the IT since I'm 9 yo.

 

Cheers,

Chris

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

- create an empty file named iris_force_enable_logs in "C:\ProgramData\ESET\ESET Security\Diagnostics\"
- restart the machine
- reproduce the issue
- delete the file iris_force_enable_logs

Compress all files located in "C:\ProgramData\ESET\ESET Security\Diagnostics" with the name commencing with "iris" and upload the archive here.

Link to comment
Share on other sites

13 hours ago, Marcos said:

If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response?

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.166.46
          91.228.166.52

Of note:

Eset_nslookup.png.b68698f4082f4f76cfe0a6a10f0dc837.png

Link to comment
Share on other sites

8 minutes ago, eXult said:

Same response here. 

Per the below Rotex screen shot, appears Eset uses geographically dispersed Internet staging servers. My suspicion is any internet LiveGrid connectivity issues lie with whatever source (highlighted) that is doing the hosting. My short duration issue occurred on Sunday. Assumed in this incident the hosting source was probably doing maintenance on the server/s.

Persistent LiveGrid connectivity issues however would be indicative of a problem with whatever hosting source Eset is using for that given geographic area.

Eset_USA.thumb.png.21bdf43dfa5130b14cb5dc5fc969839a.png

 

Link to comment
Share on other sites

I will also add that there is a current unpatched DNS vulnerability affecting all Win Server OSes: https://www.bleepingcomputer.com/news/security/microsoft-issues-guidance-for-dns-cache-poisoning-vulnerability/  that can lead to a DNS poisoning attack unless Microsoft recommended mitigation in deployed. Assumed this vulnerability is being actively exploited. Also assumed is this vulnerability could be targeted against Internet DNS relay servers.

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders

I also have this problem on two machines. One is my real computer which has occurred only twice (once I had the internet adapter installed, which would make sense) and the other one it was random (I was playing a MMO at that point I think), both these errors happened in the same day, but at approx. 5 hours difference. The second one is a VM, this one is giving the error every time I start it or randomly during the usage. The VM is mostly used for work, so the internet is working every time I use the VM.

Also this is the lookup:

  • nslookup avcloud.e5.sk (Host)
Server:  router.asus.com
Address:  192.168.0.1

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.167.103
          91.228.165.44
  • nslookup avcloud.e5.sk 8.8.8.8 (Host)
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.166.46
          91.228.166.52

Sometimes it also gives this

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Address:  38.90.226.12
  • nslookup avcloud.e5.sk (VM)
Server:  HOST-NAME.mshome.net
Address:  172.22.80.1

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.167.46
          91.228.165.44
          91.228.165.117
          91.228.167.16
          38.90.226.53
  • nslookup avcloud.e5.sk 8.8.8.8 (VM)
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Address:  38.90.226.11

Another run I can also get this

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.166.46
          91.228.166.52

Or also this

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    dnsj.e5.sk
Address:  38.90.226.12
Aliases:  avcloud.e5.sk

The problem with VM started to appear from 04 December 2020 and it continue.

I attached iris logs (from VM) below. I couldn't reproduce this problem on the host PC, maybe as @itman said, on the host it occurred only once or twice when I was connected to the internet so they might have done maintenance.

Both Windows installations are using ESET Internet Security, version 14.0.22.0.

iris_logs.zip

Edited by WopsS
Wording
Link to comment
Share on other sites

19 hours ago, Marcos said:

Yes, that's it.

Do you get an error if you run "nslookup avcloud.e5.sk"?

If you run "nslookup avcloud.e5.sk 8.8.8.8" do you get the following response?

Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    avcloud.e5.sk
Addresses:  91.228.166.46
          91.228.166.52

 

 

commandprompt.png

Untitled.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...