Jump to content

LiveGrid servers cannot be reached


Recommended Posts

To satisfy my concern in regards to Eset cloud protection functionality, I uploaded the cloudcar.exe file to a file share. Upon attempted download, Eset detected it properly. Since it was prior established that Eset doesn't detect this file by signature, this test technically satisfies the requirement for cloud protection:

Eset_Cloudcar.thumb.png.4d6a9481e6b13a2a2d8204d91ec4d218.png

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
8/27/2021 2:40:27 PM;HTTP filter;file;https://www49.zippyshare.com/d/bJ6FwqEe/49497/cloudcar.exe;Suspicious Object;connection terminated;xxxxPC\xxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF).;F4053231135502B4E8EA2B4D2E32ABEFE3A08765;8/27/2021 9:26:31 AM

The question now is how is AMTSO performing this like testing? Appears however they are serving up the file to Firefox, it is first being detected by Chrome Safe Browser which is built-in. After overriding the Safe Browser detection, Eset just allows the file to download without inspecting its contents.

Link to comment
Share on other sites

Appears the AMTSO Cloudcar test issue has been resolved. Providing diagnostic logs showing all wordpress connections does wonders, doesn't it.

Link to comment
Share on other sites

  • 1 month later...

We're using Protect Cloud and have experienced the LiveGrid warning randomly across our client machines. ESET Endpoint Security is deployed out to all our client machines, which overrides Windows Defender Firewall. None of the servers have experienced the issue as Windows firewall doesn't get overridden by ESET.

Applying the firewall rule policy within the Protect Cloud portal to deploy out to all clients resolved the LiveGrid issue, which means ESET Endpoint Security firewall is blocking itself from accessing LiveGrid.

Edited by Scene
Link to comment
Share on other sites

  • Administrators
19 hours ago, Faizan Siddiuqi said:

Is there any solution? facing same live grid issue 

 

image.png.e404b1d38f1eca1d571fb67930be8a96.png

First of all please make sure that all IP addresses listed here are allowed and TCP and UDP port 53535 is open:

https://support.eset.com/en/kb332#esetlivegrid

Link to comment
Share on other sites

  • Administrators
10 minutes ago, Faizan Siddiuqi said:

Dear Marcos, all mention ip/ports are allowed at Firewall, systems are not accessible liveGrid server through proxy, while i have checked all proxy settings are correct, 

If you are able to reproduce it easily and relatively quickly, please enable advanced logging under Help and support -> Technical support, reproduce the issue, disable logging and collect logs with ESET Log Collector. When done, upload the generated archive here.

Link to comment
Share on other sites

  • Administrators

Since Oct 5 there are errors connecting to update servers logged. Even the engine was already 9 days old when logs were collected. The server has either no Internet connection or there is a problem causing ekrn to not be able to communicate with servers.

For maximum protection consider enabling the LiveGrid Feedback system, detection of pot. unsafe applications, SSL filtering as well as password protection.

Link to comment
Share on other sites

  • Administrators

Can you confirm that you are no longer getting update errors when you run update?

14. 10. 2021 9:02:14    Update    Could not connect to server.    SYSTEM    
14. 10. 2021 8:02:09    Update    Could not connect to server.    SYSTEM    

 

Link to comment
Share on other sites

  • Administrators
6 minutes ago, Faizan Siddiuqi said:

Dear, still getting the same error problem is why its unable to connect to the server  proxy settings are correct, ip/ports are allowed, what could be the issue?

Obviously something happened, e.g. a change was made in your network infrastructure, etc. between these times:

On Aug 5, 9:34 the product was able to update, however, since 12:02 all updates attempts have been failing:

5. 10. 2021 12:02:00    Update    Could not connect to server.    SYSTEM    
5. 10. 2021 9:34:33    ESET Kernel    Detection Engine was successfully updated to version 24073 (20211005).    SYSTEM    

I assume the problem could be with the proxy 172.xx.xx.xx1. Try updating directly from the Internet to confirm that there's something wrong with the proxy configuration.

Link to comment
Share on other sites

No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk.

Link to comment
Share on other sites

  • Administrators
22 minutes ago, Faizan Siddiuqi said:

No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk.

Did you try updating Endpoint directly, ie. not through the proxy?

Link to comment
Share on other sites

other pc's are connected directly to the internet  and they are working fine, problem is with servers (file security) we cannot allow internet on servers so they should get update through proxy which is not working.. can you tell us how can we troubleshoot proxy issue 

Link to comment
Share on other sites

  • Administrators

What proxy server do you use? If the Apache HTTP Proxy provided with ESET PROTECT All-In-One installer, then it would be pre-configured to allow access to ESET's servers. Or you use a different proxy? Is it a Linux or Windows machine?

Link to comment
Share on other sites

  • Administrators

Apache HTTP Proxy is not configured correctly.

Did you follow the instructions at https://help.eset.com/protect_install/81/en-US/?proxy_installation_linux.html? It seems that some directives are missing. You can download the HTTP Proxy for Windows installer from https://www.eset.com/int/business/download/eset-protect/#standalone and compare httpd.conf with yours.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...