itman 1,743 Posted August 27, 2021 Share Posted August 27, 2021 To satisfy my concern in regards to Eset cloud protection functionality, I uploaded the cloudcar.exe file to a file share. Upon attempted download, Eset detected it properly. Since it was prior established that Eset doesn't detect this file by signature, this test technically satisfies the requirement for cloud protection: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 8/27/2021 2:40:27 PM;HTTP filter;file;https://www49.zippyshare.com/d/bJ6FwqEe/49497/cloudcar.exe;Suspicious Object;connection terminated;xxxxPC\xxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (6E6C61A9F8A1D1C96B17E310A48AEAA49545C0EF).;F4053231135502B4E8EA2B4D2E32ABEFE3A08765;8/27/2021 9:26:31 AM The question now is how is AMTSO performing this like testing? Appears however they are serving up the file to Firefox, it is first being detected by Chrome Safe Browser which is built-in. After overriding the Safe Browser detection, Eset just allows the file to download without inspecting its contents. Link to comment Share on other sites More sharing options...
itman 1,743 Posted August 27, 2021 Share Posted August 27, 2021 Appears the AMTSO Cloudcar test issue has been resolved. Providing diagnostic logs showing all wordpress connections does wonders, doesn't it. Link to comment Share on other sites More sharing options...
Scene 0 Posted October 8, 2021 Share Posted October 8, 2021 (edited) We're using Protect Cloud and have experienced the LiveGrid warning randomly across our client machines. ESET Endpoint Security is deployed out to all our client machines, which overrides Windows Defender Firewall. None of the servers have experienced the issue as Windows firewall doesn't get overridden by ESET. Applying the firewall rule policy within the Protect Cloud portal to deploy out to all clients resolved the LiveGrid issue, which means ESET Endpoint Security firewall is blocking itself from accessing LiveGrid. Edited October 8, 2021 by Scene Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 15, 2021 Share Posted October 15, 2021 Is there any solution? facing same live grid issue Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 16, 2021 Administrators Share Posted October 16, 2021 19 hours ago, Faizan Siddiuqi said: Is there any solution? facing same live grid issue First of all please make sure that all IP addresses listed here are allowed and TCP and UDP port 53535 is open: https://support.eset.com/en/kb332#esetlivegrid Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 18, 2021 Share Posted October 18, 2021 Dear Marcos, all mention ip/ports are allowed at Firewall, systems are not accessible liveGrid server through proxy, while i have checked all proxy settings are correct, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 10 minutes ago, Faizan Siddiuqi said: Dear Marcos, all mention ip/ports are allowed at Firewall, systems are not accessible liveGrid server through proxy, while i have checked all proxy settings are correct, If you are able to reproduce it easily and relatively quickly, please enable advanced logging under Help and support -> Technical support, reproduce the issue, disable logging and collect logs with ESET Log Collector. When done, upload the generated archive here. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 Since Oct 5 there are errors connecting to update servers logged. Even the engine was already 9 days old when logs were collected. The server has either no Internet connection or there is a problem causing ekrn to not be able to communicate with servers. For maximum protection consider enabling the LiveGrid Feedback system, detection of pot. unsafe applications, SSL filtering as well as password protection. Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 18, 2021 Share Posted October 18, 2021 ESET server have internet connection, have restarted the ekrn. exe services of client, but still same alerts. what is the solution now? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 Can you confirm that you are no longer getting update errors when you run update? 14. 10. 2021 9:02:14 Update Could not connect to server. SYSTEM 14. 10. 2021 8:02:09 Update Could not connect to server. SYSTEM Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 18, 2021 Share Posted October 18, 2021 Dear, still getting the same error problem is why its unable to connect to the server proxy settings are correct, ip/ports are allowed, what could be the issue? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 6 minutes ago, Faizan Siddiuqi said: Dear, still getting the same error problem is why its unable to connect to the server proxy settings are correct, ip/ports are allowed, what could be the issue? Obviously something happened, e.g. a change was made in your network infrastructure, etc. between these times: On Aug 5, 9:34 the product was able to update, however, since 12:02 all updates attempts have been failing: 5. 10. 2021 12:02:00 Update Could not connect to server. SYSTEM 5. 10. 2021 9:34:33 ESET Kernel Detection Engine was successfully updated to version 24073 (20211005). SYSTEM I assume the problem could be with the proxy 172.xx.xx.xx1. Try updating directly from the Internet to confirm that there's something wrong with the proxy configuration. Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 18, 2021 Share Posted October 18, 2021 No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 22 minutes ago, Faizan Siddiuqi said: No any change performed in network and ESET policy settings, all configuration is same as before, can you please tell us how can we fix this? as you know engine is too old now, we are at risk. Did you try updating Endpoint directly, ie. not through the proxy? Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 18, 2021 Share Posted October 18, 2021 other pc's are connected directly to the internet and they are working fine, problem is with servers (file security) we cannot allow internet on servers so they should get update through proxy which is not working.. can you tell us how can we troubleshoot proxy issue Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 18, 2021 Administrators Share Posted October 18, 2021 What proxy server do you use? If the Apache HTTP Proxy provided with ESET PROTECT All-In-One installer, then it would be pre-configured to allow access to ESET's servers. Or you use a different proxy? Is it a Linux or Windows machine? Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 19, 2021 Share Posted October 19, 2021 using Apache HTTP Proxy provided with ESET PROTECT, linux VM on windows server Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 22, 2021 Share Posted October 22, 2021 hello marcos, waiting for your response Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 22, 2021 Administrators Share Posted October 22, 2021 1 hour ago, Faizan Siddiuqi said: hello marcos, waiting for your response Please provide httpd.conf for a check. Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 22, 2021 Share Posted October 22, 2021 2 hours ago, Marcos said: httpd.conf for a check. how to get this file from CLI? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 22, 2021 Administrators Share Posted October 22, 2021 45 minutes ago, Faizan Siddiuqi said: how to get this file from CLI? /etc/httpd/conf/httpd.conf Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 23, 2021 Share Posted October 23, 2021 httpd.rar Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 23, 2021 Share Posted October 23, 2021 Just now, Faizan Siddiuqi said: httpd.rar 4.66 kB · 0 downloads please check Link to comment Share on other sites More sharing options...
Administrators Marcos 5,241 Posted October 23, 2021 Administrators Share Posted October 23, 2021 Apache HTTP Proxy is not configured correctly. Did you follow the instructions at https://help.eset.com/protect_install/81/en-US/?proxy_installation_linux.html? It seems that some directives are missing. You can download the HTTP Proxy for Windows installer from https://www.eset.com/int/business/download/eset-protect/#standalone and compare httpd.conf with yours. Link to comment Share on other sites More sharing options...
Faizan Siddiuqi 1 Posted October 23, 2021 Share Posted October 23, 2021 proxy.rar please check this, compared with the installer configuration no any change found. Link to comment Share on other sites More sharing options...
Recommended Posts