LiveGrid servers cannot be reached

[itman 1,659]

To satisfy my concern in regards to Eset cloud protection functionality, I uploaded the cloudcar.exe file to a file share. Upon attempted download, Eset detected it properly. Since it was prior established that Eset doesn't detect this file by signature, this test technically satisfies the requirement for cloud protection:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
8/27/2021 2:40:27 PM;HTTP filter;file;https://www49.zippyshare.com/d/bJ6FwqEe/49497/cloudcar.exe;Suspicious Object;connection terminated;xxxxPC\xxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF).;F4053231135502B4E8EA2B4D2E32ABEFE3A08765;8/27/2021 9:26:31 AM

The question now is how is AMTSO performing this like testing? Appears however they are serving up the file to Firefox, it is first being detected by Chrome Safe Browser which is built-in. After overriding the Safe Browser detection, Eset just allows the file to download without inspecting its contents.

[itman 1,659]

Appears the AMTSO Cloudcar test issue has been resolved. Providing diagnostic logs showing all wordpress connections does wonders, doesn't it.

[Scene 0]

We're using Protect Cloud and have experienced the LiveGrid warning randomly across our client machines. ESET Endpoint Security is deployed out to all our client machines, which overrides Windows Defender Firewall. None of the servers have experienced the issue as Windows firewall doesn't get overridden by ESET.

Applying the firewall rule policy within the Protect Cloud portal to deploy out to all clients resolved the LiveGrid issue, which means ESET Endpoint Security firewall is blocking itself from accessing LiveGrid.

Edited October 8, 2021 by Scene

[Faizan Siddiuqi 1]

Is there any solution? facing same live grid issue 

 

[Marcos 5,074]

19 hours ago, Faizan Siddiuqi said:

Is there any solution? facing same live grid issue 

 

First of all please make sure that all IP addresses listed here are allowed and TCP and UDP port 53535 is open:

https://support.eset.com/en/kb332#esetlivegrid

[Faizan Siddiuqi 1]

Dear Marcos, all mention ip/ports are allowed at Firewall, systems are not accessible liveGrid server through proxy, while i have checked all proxy settings are correct, 

[Marcos 5,074]

10 minutes ago, Faizan Siddiuqi said:

Dear Marcos, all mention ip/ports are allowed at Firewall, systems are not accessible liveGrid server through proxy, while i have checked all proxy settings are correct, 

If you are able to reproduce it easily and relatively quickly, please enable advanced logging under Help and support -> Technical support, reproduce the issue, disable logging and collect logs with ESET Log Collector. When done, upload the generated archive here.

[Marcos 5,074]

Since Oct 5 there are errors connecting to update servers logged. Even the engine was already 9 days old when logs were collected. The server has either no Internet connection or there is a problem causing ekrn to not be able to communicate with servers.

For maximum protection consider enabling the LiveGrid Feedback system, detection of pot. unsafe applications, SSL filtering as well as password protection.

[Faizan Siddiuqi 1]

ESET server have internet connection,  have restarted the ekrn. exe services of client, but still same alerts. what is the solution now?

 

 

[Marcos 5,074]

Can you confirm that you are no longer getting update errors when you run update?

14. 10. 2021 9:02:14    Update    Could not connect to server.    SYSTEM    
14. 10. 2021 8:02:09    Update    Could not connect to server.    SYSTEM    

 

[Faizan Siddiuqi 1]

Dear, still getting the same error problem is why its unable to connect to the server  proxy settings are correct, ip/ports are allowed, what could be the issue?

[Marcos 5,074]

6 minutes ago, Faizan Siddiuqi said:

Dear, still getting the same error problem is why its unable to connect to the server  proxy settings are correct, ip/ports are allowed, what could be the issue?

Obviously something happened, e.g. a change was made in your network infrastructure, etc. between these times:

On Aug 5, 9:34 the product was able to update, however, since 12:02 all updates attempts have been failing:

5. 10. 2021 12:02:00    Update    Could not connect to server.    SYSTEM    
5. 10. 2021 9:34:33    ESET Kernel    Detection Engine was successfully updated to version 24073 (20211005).    SYSTEM    

I assume the problem could be with the proxy 172.xx.xx.xx1. Try updating directly from the Internet to confirm that there's something wrong with the proxy configuration.

[Faizan Siddiuqi 1]

No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk.

[Marcos 5,074]

22 minutes ago, Faizan Siddiuqi said:

No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk.

Did you try updating Endpoint directly, ie. not through the proxy?

[Faizan Siddiuqi 1]

other pc's are connected directly to the internet  and they are working fine, problem is with servers (file security) we cannot allow internet on servers so they should get update through proxy which is not working.. can you tell us how can we troubleshoot proxy issue 

[Marcos 5,074]

What proxy server do you use? If the Apache HTTP Proxy provided with ESET PROTECT All-In-One installer, then it would be pre-configured to allow access to ESET's servers. Or you use a different proxy? Is it a Linux or Windows machine?

[Faizan Siddiuqi 1]

using Apache HTTP Proxy provided with ESET PROTECT, linux VM on windows server

[Faizan Siddiuqi 1]

hello marcos, waiting for your response 

[Marcos 5,074]

1 hour ago, Faizan Siddiuqi said:

hello marcos, waiting for your response 

Please provide httpd.conf for a check.

[Faizan Siddiuqi 1]

2 hours ago, Marcos said:

httpd.conf for a check.

how to get this file from CLI?

[Marcos 5,074]

45 minutes ago, Faizan Siddiuqi said:

how to get this file from CLI?

/etc/httpd/conf/httpd.conf

[Faizan Siddiuqi 1]

httpd.rar

[Faizan Siddiuqi 1]

Just now, Faizan Siddiuqi said:

httpd.rar 4.66 kB · 0 downloads

please check 

[Marcos 5,074]

Apache HTTP Proxy is not configured correctly.

Did you follow the instructions at https://help.eset.com/protect_install/81/en-US/?proxy_installation_linux.html? It seems that some directives are missing. You can download the HTTP Proxy for Windows installer from https://www.eset.com/int/business/download/eset-protect/#standalone and compare httpd.conf with yours.

[Faizan Siddiuqi 1]

proxy.rar please check this, compared with the installer configuration  no any change found.