Orionz 0 Posted June 30, 2021 Share Posted June 30, 2021 Hi, I did update few PC's from v8.0 to v8.1 and those updated PC's report error connecting to LiveGrid. Did anything changed with this in those two versions? Or they connect to some other servers? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 30, 2021 Administrators Share Posted June 30, 2021 If you use a firewall, make sure that outbound TCP and UDP traffic on port 53535 is allowed. Link to comment Share on other sites More sharing options...
rockshox 5 Posted June 30, 2021 Share Posted June 30, 2021 Marcos - Is TCP/UDP 53535 a new requirement for version 8.1? We have never had that port open on our firewall previously and ESET Live Grid has always been functional. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted June 30, 2021 Administrators Share Posted June 30, 2021 1 hour ago, rockshox said: Marcos - Is TCP/UDP 53535 a new requirement for version 8.1? We have never had that port open on our firewall previously and ESET Live Grid has always been functional. I recall there was no change between Endpoint 8.0 and Endpoint 8.1. However, there were changes in communication between older Endpoint and v8.x. The TCP & UDP ports 53535 are listed also in the LiveGrid section of the KB https://support.eset.com/en/kb332. Link to comment Share on other sites More sharing options...
Orionz 0 Posted July 1, 2021 Author Share Posted July 1, 2021 Are we able to force the connection via old ports 80/443? Or turn off notification about disabled LiveGrid? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 1, 2021 Administrators Share Posted July 1, 2021 1, LiveGrid is an essential cloud security feature that substantially affects detection and cleaning, therefore we strongly recommend making sure that it works well and that both the LiveGrid reputation and feedback systems are enabled. Of course, it's possible to disable LiveGrid, antispam and Web Control at your risk but it will deteriorate protection against new borne threats. 2, The communication is possible only via TCP and UDP port 53535. Peter Randziak 1 Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted July 7, 2021 Share Posted July 7, 2021 Hello Folks, I also have this notification (warning) since I proceed with the update from 8.0 to 8.1 on some PCs. So something changed between the two versions. It's quite annoying and was better before. Regards, DeltaSM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 7, 2021 Administrators Share Posted July 7, 2021 The last change in v8.x LiveGrid communication happened in February 2021. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,168 Posted July 7, 2021 ESET Moderators Share Posted July 7, 2021 Hello guys, yes the new version utilizes the new protocol only. So as said, we definitely advise to enable communication on port 53535 UDP and TCP. In case that is not possible, using a proxy server is an option... Peter Link to comment Share on other sites More sharing options...
mrlsmithiii 0 Posted July 16, 2021 Share Posted July 16, 2021 I have been having this problem here lately as well. It seems to be intermittent. I will get a notification. Sometimes the app will say all is fine when I check it. Some times it will say it can't reach the server. Eset is the only firewall I use. I do use a VPN. I think my router has a built in firewall as well. Do I need to mess with my router settings to fix this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 16, 2021 Administrators Share Posted July 16, 2021 4 hours ago, mrlsmithiii said: I have been having this problem here lately as well. It seems to be intermittent. I will get a notification. Sometimes the app will say all is fine when I check it. Some times it will say it can't reach the server. Eset is the only firewall I use. I do use a VPN. I think my router has a built in firewall as well. Do I need to mess with my router settings to fix this? It is important that ekrn.exe can communicate on both TCP and UDP port 53535. You can try temporarily shutting down the firewall and see if the connection errors go away then. Link to comment Share on other sites More sharing options...
swb371 0 Posted July 16, 2021 Share Posted July 16, 2021 On 7/7/2021 at 8:14 AM, Peter Randziak said: Hello guys, yes the new version utilizes the new protocol only. So as said, we definitely advise to enable communication on port 53535 UDP and TCP. In case that is not possible, using a proxy server is an option... Peter does the ESET Apache Proxy not handle the live grid traffic? None of our desktop computers has direct internet access and we did not get this error until upgrading from 8.0 to 8.1. All proxy policies in ESMC point the agent and software to the internal ESET apache proxy, still getting the error. Link to comment Share on other sites More sharing options...
mrlsmithiii 0 Posted July 19, 2021 Share Posted July 19, 2021 I set a rule in eset to let ekrn in and out of port 53535 in both tcp and udp. I am still getting the error. The only other thing I can think of is it might be my router. I don't know what settings I need to mess with in my router. I have Port filtering, port forwarding, and port triggers. I don't think any of those are causing the problem. Did an ESET update cause this problem or is this something caused by a resent Windows update? Link to comment Share on other sites More sharing options...
IT-KAV 1 Posted July 19, 2021 Share Posted July 19, 2021 I can confirm this problem with version 8.1 (we never had this problem before). We had to set exclusions for livegrid on main firewall acording to the FAQ, but almost every day "test" computers reports limited cloud connectivity, even after restart. But flushdns command works almost immediately. We stopped deployment to our computers until we know whats happening (we have 400 computers). Stormin Ben 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 19, 2021 Administrators Share Posted July 19, 2021 4 minutes ago, IT-KAV said: I can confirm this problem with version 8.1 (we never had this problem before). We had to set exclusions for livegrid on main firewall acording to the FAQ, but almost every day "test" computers reports limited cloud connectivity, even after restart. But flushdns command works almost immediately. We stopped deployment to our computers until we know whats happening (we have 400 computers). Please carry on as follows: - enable advanced logging under Help and support -> Technical support - reboot the machine - quit any network-aware applications that may generate network communication - wait until a warning about limited LG connectivity pops up - disable logging - collect logs with ESET Log Collector. When done, upload the generated archive to a safe location and drop me a personal message with a download link. Link to comment Share on other sites More sharing options...
IT-KAV 1 Posted July 19, 2021 Share Posted July 19, 2021 Hi, I will try, it is very random during day, so it may take me some time. Just took care of it on mine machine right before my previous post. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 19, 2021 Administrators Share Posted July 19, 2021 34 minutes ago, IT-KAV said: Hi, I will try, it is very random during day, so it may take me some time. Just took care of it on mine machine right before my previous post. The actual issue may start occurring about 30 minutes earlier before it's reported by a pop-up notification. The program tries to re-connect several times with delays between attempts. Does the issue occur on computers that connect to the Internet directly or through a proxy server? Are they behind a firewall which should allow TCP and UDP communication on port 53535? Link to comment Share on other sites More sharing options...
IT-KAV 1 Posted July 19, 2021 Share Posted July 19, 2021 1 hour ago, Marcos said: The actual issue may start occurring about 30 minutes earlier before it's reported by a pop-up notification. The program tries to re-connect several times with delays between attempts. Does the issue occur on computers that connect to the Internet directly or through a proxy server? Are they behind a firewall which should allow TCP and UDP communication on port 53535? Computers connect directly, we have only ESET proxy for PCs without internet access (but they are in version 8 now). TCP UDP 53535 are allowed for ESET ip adresses for live grid and antispam from FAQ. We are curently testing Whalebone (1,5 month), but without issues, all started with 8.1. we had to add 53535 livegrid firewall exclusions whitch helped (it was constant without them) and since then it is random. Link to comment Share on other sites More sharing options...
SeanusT 1 Posted July 19, 2021 Share Posted July 19, 2021 Hi, we're receiving this warning notification intermittently too. 52 endpoints at one site updated to 8.1.2031.0. I've had at least 5 users reach out to me regarding it, probably more that haven't. These endpoints have unrestricted access to the internet. We didn't receive this warning at all prior to the update. Thanks, Stormin Ben 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 19, 2021 Administrators Share Posted July 19, 2021 12 minutes ago, IT-KAV said: TCP UDP 53535 are allowed for ESET ip adresses for live grid and antispam from FAQ. Is ekrn.exe granted access to all these IP addresses listed in https://support.eset.com/en/kb332 ? Hostname h1-c01.eset.com h1-c02.eset.com h1-c03.eset.com h1-c04.eset.com h1-c05.eset.com h3-c01.eset.com h3-c02.eset.com h3-c03.eset.com h3-c04.eset.com h5-c01.eset.com, 38-90-226-11.ptr.eset.com h5-c02.eset.com, 38-90-226-12.ptr.eset.com h5-c03.eset.com, 38-90-226-13.ptr.eset.com IP address 91.228.166.45 91.228.166.46 91.228.165.43 91.228.165.44 91.228.166.52 91.228.167.137 91.228.167.43 91.228.167.46 91.228.167.103 38.90.226.11 38.90.226.12 38.90.226.13 Domains used by ESET Live Grid: Hostnames a.cwip.eset.com ae.cwip.eset.com avcloud.e5.sk c.cwip.eset.com ce.cwip.eset.com dnsj.e5.sk dnsje.e5.sk i1.cwip.eset.com i1e.cwip.eset.com i3.cwip.eset.com i4.cwip.eset.com i4e.cwip.eset.com u.cwip.eset.com ue.cwip.eset.com c.eset.com a.c.eset.com u.eset.com i1.c.eset.com i3.c.eset.com i4.c.eset.com i5.c.eset.com These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53. Link to comment Share on other sites More sharing options...
IT-KAV 1 Posted July 19, 2021 Share Posted July 19, 2021 Yes, we allowed 53535 for all adresses from this list. Port 80 is open too. DNS is resolving all hostnames except dnsje.e5.sk (not even google dns knows this one). Link to comment Share on other sites More sharing options...
Stormin Ben 1 Posted July 19, 2021 Share Posted July 19, 2021 Just to add my two penceworth We pushed out the 8.1 update to 250+ computers across 13 different customers Prior to this we had had no reported incidents Post update we have customers reporting ESET pop-ups across all sites The firewall rules on all sites have no restriction on outbound traffic so it is 100% not the firewall producing the issue I would like to suggest ESET support stop trying to blame the issue on end users and take a look at the overall picture! We have been using ESET for nearly a decade and have been incredibly pleased with it But this issue is affecting EVERYBODY and is causing serious customer unease -nobody likes getting a frequent pop up telling them their system protection has an issue JoeP 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 19, 2021 Administrators Share Posted July 19, 2021 With Endpoint 8.1 the communication with LiveGrid has changed and instead of DNS it is now carried out via TCP and UDP on port 53535. In case of using an http proxy, you don't need to open communication on port 53535 but the proxy needs to have http tunnel to avcloud.eset.sk:53535 allowed. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,274 Posted July 19, 2021 Administrators Share Posted July 19, 2021 17 minutes ago, Stormin Ben said: I would like to suggest ESET support stop trying to blame the issue on end users and take a look at the overall picture! We don't blame users. We have been telling that the communication with ESET's servers has changed as of Endpoint v8.1 and communication on UDP and TCP port 53535 must be allowed on a firewall in order for LiveGrid, Antispam and Web Control to work. Link to comment Share on other sites More sharing options...
Stormin Ben 1 Posted July 19, 2021 Share Posted July 19, 2021 34 minutes ago, Marcos said: We don't blame users. We have been telling that the communication with ESET's servers has changed as of Endpoint v8.1 and communication on UDP and TCP port 53535 must be allowed on a firewall in order for LiveGrid, Antispam and Web Control to work. Thanks for the quick response Marcos. Attached screenshots show the two firewalls currently in use -as you ca nsee neither would have ben blocking 53535 traffic (the specific rule on the Vigor was a later addition) The reason for the frustration is that this is an intermittent issue. The customer gets a pop up and 20 mins later when we jump on their machine to investigate, the message has disappeared and ESET is happy. The cycle then continues for various machines across all sites. If it were a firewall issue, access would be blocked and it would NEVER work But this seems like an issue with the LiveGrid servers themselves Link to comment Share on other sites More sharing options...
Recommended Posts