Jump to content

Eset Endpoint v8.1 LiveGrid connection problem


Orionz

Recommended Posts

Hi,

I did update few PC's from v8.0 to v8.1 and those updated PC's report error connecting to LiveGrid.

Did anything changed with this in those two versions? Or they connect to some other servers?

Link to comment
Share on other sites

Marcos - Is TCP/UDP 53535 a new requirement for version 8.1? We have never had that port open on our firewall previously and ESET Live Grid has always been functional.

Link to comment
Share on other sites

  • Administrators
1 hour ago, rockshox said:

Marcos - Is TCP/UDP 53535 a new requirement for version 8.1? We have never had that port open on our firewall previously and ESET Live Grid has always been functional.

I recall there was no change between Endpoint 8.0 and Endpoint 8.1. However, there were changes in communication between older Endpoint and v8.x.

The TCP & UDP ports 53535 are listed also in the LiveGrid section of the KB https://support.eset.com/en/kb332.

Link to comment
Share on other sites

Are we able to force the connection via old ports 80/443?
Or turn off notification about disabled LiveGrid?

Link to comment
Share on other sites

  • Administrators

1, LiveGrid is an essential cloud security feature that substantially affects detection and cleaning, therefore we strongly recommend making sure that it works well and that both the LiveGrid reputation and feedback systems are enabled.

Of course, it's possible to disable LiveGrid, antispam and Web Control at your risk but it will deteriorate protection against new borne threats.

2, The communication is possible only via TCP and UDP port 53535.

Link to comment
Share on other sites

Hello Folks,

I also have this notification (warning) since I proceed with the update from 8.0 to 8.1 on some PCs. So something changed between the two versions.

It's quite annoying and was better before.

Regards,

DeltaSM

Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

yes the new version utilizes the new protocol only.

So as said, we definitely advise to enable communication on port 53535 UDP and TCP.

In case that is not possible, using a proxy server is an option...

Peter

Link to comment
Share on other sites

  • 2 weeks later...

I have been having this problem here lately as well. It seems to be intermittent. I will get a notification. Sometimes the app will say all is fine when I check it. Some times it will say it can't reach the server. Eset is the only firewall I use. I do use a VPN. I think my router has a built in firewall as well. Do I need to mess with my router settings to fix this?

Link to comment
Share on other sites

  • Administrators
4 hours ago, mrlsmithiii said:

I have been having this problem here lately as well. It seems to be intermittent. I will get a notification. Sometimes the app will say all is fine when I check it. Some times it will say it can't reach the server. Eset is the only firewall I use. I do use a VPN. I think my router has a built in firewall as well. Do I need to mess with my router settings to fix this?

It is important that ekrn.exe can communicate on both TCP and UDP port 53535. You can try temporarily shutting down the firewall and see if the connection errors go away then.

Link to comment
Share on other sites

On 7/7/2021 at 8:14 AM, Peter Randziak said:

Hello guys,

yes the new version utilizes the new protocol only.

So as said, we definitely advise to enable communication on port 53535 UDP and TCP.

In case that is not possible, using a proxy server is an option...

Peter

does the ESET Apache Proxy not handle the live grid traffic? None of our desktop computers has direct internet access and we did not get this error until upgrading from 8.0 to 8.1. All proxy policies in ESMC point the agent and software to the internal ESET apache proxy, still getting the error.

Link to comment
Share on other sites

I set a rule in eset to let ekrn in and out of port 53535 in both tcp and udp. I am still getting the error. The only other thing I can think of is it might be my router. I don't know what settings I need to mess with in my router. I have Port filtering, port forwarding, and port triggers. I don't think any of those are causing the problem. Did an ESET update cause this problem or is this something caused by a resent Windows update? 

Link to comment
Share on other sites

I can confirm this problem with version 8.1 (we never had this problem before).
We had to set exclusions for livegrid on main firewall acording to the FAQ, but almost every day "test" computers reports limited cloud connectivity, even after restart. But flushdns command works almost immediately.
We stopped deployment to our computers until we know whats happening (we have 400 computers).

Link to comment
Share on other sites

  • Administrators
4 minutes ago, IT-KAV said:

I can confirm this problem with version 8.1 (we never had this problem before).
We had to set exclusions for livegrid on main firewall acording to the FAQ, but almost every day "test" computers reports limited cloud connectivity, even after restart. But flushdns command works almost immediately.
We stopped deployment to our computers until we know whats happening (we have 400 computers).

Please carry on as follows:

- enable advanced logging under Help and support -> Technical support
- reboot the machine
- quit any network-aware applications that may generate network communication
- wait until a warning about limited LG connectivity pops up
- disable logging
- collect logs with ESET Log Collector. When done, upload the generated archive to a safe location and drop me a personal message with a download link.

Link to comment
Share on other sites

Hi,

I will try, it is very random during day, so it may take me some time.

Just took care of it on mine machine right before my previous post.

Link to comment
Share on other sites

  • Administrators
34 minutes ago, IT-KAV said:

Hi,

I will try, it is very random during day, so it may take me some time.

Just took care of it on mine machine right before my previous post.

The actual issue may start occurring about 30 minutes earlier before it's reported by a pop-up notification. The program tries to re-connect several times with delays between attempts.

Does the issue occur on computers that connect to the Internet directly or through a proxy server? Are they behind a firewall which should allow TCP and UDP communication on port 53535?

Link to comment
Share on other sites

1 hour ago, Marcos said:

The actual issue may start occurring about 30 minutes earlier before it's reported by a pop-up notification. The program tries to re-connect several times with delays between attempts.

Does the issue occur on computers that connect to the Internet directly or through a proxy server? Are they behind a firewall which should allow TCP and UDP communication on port 53535?

Computers connect directly, we have only ESET proxy for PCs without internet access (but they are in version 8 now).

TCP UDP 53535 are allowed for ESET ip adresses for live grid and antispam from FAQ.

We are curently testing Whalebone (1,5 month), but without issues, all started with 8.1. we had to add 53535 livegrid firewall exclusions whitch helped (it was constant without them) and since then it is random.

Link to comment
Share on other sites

Hi, we're receiving this warning notification intermittently too.

52 endpoints at one site updated to 8.1.2031.0.

I've had at least 5 users reach out to me regarding it, probably more that haven't.

These endpoints have unrestricted access to the internet.

We didn't receive this warning at all prior to the update.

Thanks,

 

Link to comment
Share on other sites

  • Administrators
12 minutes ago, IT-KAV said:

TCP UDP 53535 are allowed for ESET ip adresses for live grid and antispam from FAQ.

Is ekrn.exe granted access to all these IP addresses listed in https://support.eset.com/en/kb332 ?

Hostname
h1-c01.eset.com
h1-c02.eset.com
h1-c03.eset.com
h1-c04.eset.com
h1-c05.eset.com
h3-c01.eset.com
h3-c02.eset.com
h3-c03.eset.com
h3-c04.eset.com
h5-c01.eset.com, 38-90-226-11.ptr.eset.com
h5-c02.eset.com, 38-90-226-12.ptr.eset.com
h5-c03.eset.com, 38-90-226-13.ptr.eset.com
IP address
91.228.166.45
91.228.166.46
91.228.165.43
91.228.165.44
91.228.166.52
91.228.167.137
91.228.167.43
91.228.167.46
91.228.167.103
38.90.226.11
38.90.226.12
38.90.226.13

 

Domains used by ESET Live Grid:

 

Hostnames
a.cwip.eset.com
ae.cwip.eset.com
avcloud.e5.sk
c.cwip.eset.com
ce.cwip.eset.com
dnsj.e5.sk
dnsje.e5.sk
i1.cwip.eset.com
i1e.cwip.eset.com
i3.cwip.eset.com
i4.cwip.eset.com
i4e.cwip.eset.com
u.cwip.eset.com
ue.cwip.eset.com
c.eset.com
a.c.eset.com
u.eset.com
i1.c.eset.com
i3.c.eset.com
i4.c.eset.com
i5.c.eset.com

 

These IP addresses need to be enabled for HTTP port 80. Also, an access to your local DNS server is required for DNS queries on UDP port 53.

Link to comment
Share on other sites

Yes, we allowed 53535 for all adresses from this list. Port 80 is open too.

DNS is resolving all hostnames except dnsje.e5.sk (not even google dns knows this one).

Link to comment
Share on other sites

Just to add my two penceworth

We pushed out the 8.1 update to 250+ computers across 13 different customers

Prior to this we had had no reported incidents
Post update we have customers reporting ESET pop-ups across all sites
The firewall rules on all sites have no restriction on outbound traffic so it is 100% not the firewall producing the issue

I would like to suggest ESET support stop trying to blame the issue on end users and take a look at the overall picture!
We have been using ESET for nearly a decade and have been incredibly pleased with it
But this issue is affecting EVERYBODY and is causing serious customer unease -nobody likes getting a frequent pop up telling them their system protection has an issue

Link to comment
Share on other sites

  • Administrators

With Endpoint 8.1 the communication with LiveGrid has changed and instead of DNS it is now carried out via TCP and UDP on port 53535. In case of using an http proxy, you don't need to open communication on port 53535 but the proxy needs to have http tunnel to avcloud.eset.sk:53535 allowed.

Link to comment
Share on other sites

  • Administrators
17 minutes ago, Stormin Ben said:

I would like to suggest ESET support stop trying to blame the issue on end users and take a look at the overall picture!

We don't blame users. We have been telling that the communication with ESET's servers has changed as of Endpoint v8.1 and communication on UDP and TCP port 53535 must be allowed on a firewall in order for LiveGrid, Antispam and Web Control to work.

Link to comment
Share on other sites

34 minutes ago, Marcos said:

We don't blame users. We have been telling that the communication with ESET's servers has changed as of Endpoint v8.1 and communication on UDP and TCP port 53535 must be allowed on a firewall in order for LiveGrid, Antispam and Web Control to work.

Thanks for the quick response Marcos.
Attached screenshots show the two firewalls currently in use -as you ca nsee neither would have ben blocking 53535 traffic (the specific rule on the Vigor was a later addition)

The reason for the frustration is that this is an intermittent issue. The customer gets a pop up and 20 mins later when we jump on their machine to investigate, the message has disappeared and ESET is happy.
The cycle then continues for various machines across all sites.
If it were a firewall issue, access would be blocked and it would NEVER work
But this seems like an issue with the LiveGrid servers themselves

Firewall1.jpg

Firewall2.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...