Jump to content

ESET Internet Security 15.0.18.0 , Windows 10, LiveGrid Error, Firewall Not Working in Interavtive Mode


Recommended Posts

I have ESET Internet Security 15.0.18.0 (on Windows 10 21H1).  I’m having firewall (interactive setting) and LiveGrid issues.  I’m not sure if this started happening when I upgraded to 15 from 14, but I didn’t have the issues with 14 and it started and has gotten worse over the last approx. 3-4 weeks.    

It started with a lot of errors: “ESET LiveGrid Cannot be Reached”, “ESET IS has limited Direct Cloud connectivity”.  The suggested fix EIS indicated was to allow it on my firewall - but ESET is my firewall.  After a couple weeks I stopped receiving the Direct Cloud error but the LiveGrid errors persist.  I do not have internet/network issues outside of ESET (disconnections, etc).

The problem started getting progressively worse.  Since I bought ESET many iterations ago I’ve always had the firewall set to “interactive mode” and the firewall performed very well (I made no changes to permissions recently that would cause this or the following behaviour).  After receiving the errors above for a week or so, I stopped receiving prompts to allow / deny programs to connect to the internet after opening an app.  The problem has gotten so bad that now programs that were granted permanent access aren’t connecting (Firefox, Chrome, Thunderbird, etc.)  unless I disable the firewall.  In some cases, apps I specifically previously had ask for permission to access the internet are granted permission or open and don’t connect.

I use ExpressVPN with EIS and have for years with no issues.

Some of the troubleshooting I’ve tried:

-       - Turn off firewall – this works, but no firewall and program control!

-        - Set rules for individual apps in advanced set up / network.

-        - Reset ESET to default settings (no program control as it sets to automatic mode).  I don’t see rules for programs I prefer to control to modify to “ask”.  The only rules that will show are “built-in, predefined rules”.

-        - Switch modes to automatic, learning.

-       -  Uninstalled / Reinstalled EIS – both through add/uninstall and with ESET Removal tool.  ESET did not block CloudCar until after I uninstalled using the ESET removal tool.  Then, after I reinstalled ESET, it blocked it temporarily.  However, the ESET LiveGrid error returned within a couple hours and ESET failed the CloudCar test.

-        - Ran in depth antivirus, malware scans with EIS and ESET online scanner tool, Malwarebytes, etc.

-        - Rebooted.

-        - Checked firewall rules for possible “deny” actions for desired apps.

-        - Contacted / submitted request for support via email/online contact and was referred to chat (after waiting 6 days).  The limit of their troubleshooting was to reset to default and not use the interactive firewall.  I was very disappointed with the support.  I've also read through a number of others' posts with the same or similar problems.

These issues seem to be a pattern with ESET lately.  I’d love to keep the program and hope to resolve this, but this coupled with no customer service support resulting in looking for resolution in the forums to fix a problem that renders EIS useless is a deal breaker. 

I see Macros has replied to other posts regarding this and asks for different logging based on each users’ experience.  Sorry to make you repost redundant info if you’re the one to reply Macros.

Link to comment
Share on other sites

  • Administrators

Please temporarily use automatic firewall mode while troubleshooting the LiveGrid issue to avoid possible issues caused by interactive mode.

Please carry on as follows:

1, When VPN is off:
- enable advanced antispam logging and reboot the machine
- run:
nslookup i4.c.eset.com > without_VPN1.txt
ipconfig /all >without_VPN2.txt
 

2, Turn on VPN
- write down the system time
- after a while run:
nslookup i4.c.eset.com > with_VPN1.txt
ipconfig /all >with_VPN2.txt
- stop logging

3, Collect logs with ESET Log Collector. Add without_VPN1.txt, without_VPN2.txt, with_VPN1.txt and with_VPN2.txt to the archive. Provide me with the generated archive. Enclose also the time when you turned on VPN.

Link to comment
Share on other sites

@Nightowl  I was unable to get LiveGrid working consistently with or without the VPN on.  However, I created a split-tunnel for EIS and so far I haven't received the error again.  It's very possible I won't understand why this worked because according to ExpressVPN's site, "as long as you are connected to ExpressVPN, all of your DNS queries will go through ExpressVPN’s servers, no matter how you configure your split-tunneling settings".  I thought I had read in the forum DNS issues could be a cause of LiveGrid errors.

@macros I'll do this as soon as I can.  Assuming the above changes fix the LiveGrid issue, will this logging also capture what you need for the firewall issue? 

Link to comment
Share on other sites

  • Administrators
6 hours ago, Drew 2 said:

@macros I'll do this as soon as I can.  Assuming the above changes fix the LiveGrid issue, will this logging also capture what you need for the firewall issue? 

It will be necessary to reproduce the issue, ie. ensure that ESET's traffic goes through the VPN.

Link to comment
Share on other sites

  • Administrators

If anybody else is getting LiveGrid inaccessibility notifications after connecting through a VPN, we kindly ask you to supply us with logs created as per my instructions above as soon as possible.

Link to comment
Share on other sites

5 hours ago, Marcos said:

It will be necessary to reproduce the issue, ie. ensure that ESET's traffic goes through the VPN.

It seems the split-tunnel fixed the LiveGrid error and I don't have an issue assisting with troubleshooting the issue through the VPN later, the firewall issue is my primary concern right now.  If you suspect the firewall issue is also being caused by the VPN, please confirm.  The troubleshooting steps given for the firewall issue were different as seen here:

On 11/25/2021 at 9:41 AM, Marcos said:

In case somebody is able to reproduce the issue, please carry on as follows:

1, Enable advanced network protection logging under Tools -> Diagnostics in the advanced setup when interactive firewall dialogs appear.
2, When interactive fw dialogs don't appear and the communication is blocked, stop logging.
3, Create an ekrn dump via Tools -> Diagnostics -> Create in the advanced setup.
4, Disable logging.
5. Collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link.

 

Link to comment
Share on other sites

3 hours ago, Marcos said:

If anybody else is getting LiveGrid inaccessibility notifications after connecting through a VPN, we kindly ask you to supply us with logs created as per my instructions above as soon as possible.

Dear Marcos, I changed my VPN and now do not see the LiveGrid inaccessibility notifications.

However, I also disabled Livegrid feedback system. Is that okay? 

image.thumb.png.f951182a121e34a818be86ec6874b12e.png

Link to comment
Share on other sites

On 11/30/2021 at 7:04 AM, Marcos said:

If anybody else is getting LiveGrid inaccessibility notifications after connecting through a VPN, we kindly ask you to supply us with logs created as per my instructions above as soon as possible.

@macros While I haven't had time to gather the logs yet, but I am fairly confident the issue is between EIS and the VPN.  I hadn't updated to EIS 15 on my desktop, but when I did, I started getting the same errors.  So far split-tunneling fixed the LiveGrid and firewall issues on 2 computers.  I've read in some other posts this happened to others using ExpressVPN (my VPN) as well as other brand VPNs.

I'll update when I can for your troubleshooting, but I thought I'd post this in case it helps someone else in the meantime.

Link to comment
Share on other sites

  • Administrators
On 11/30/2021 at 4:09 PM, r1man said:

However, I also disabled Livegrid feedback system. Is that okay?

We strongly recommend to keep LiveGrid fully enabled, including the LG Feedback system. Disabling it may negatively affect protection and cleaning.

@Drew 2 please check if the issue still occurs without split-tunneling for ekrn.exe.

Link to comment
Share on other sites

On 12/4/2021 at 12:40 AM, Drew 2 said:

@macros While I haven't had time to gather the logs yet, but I am fairly confident the issue is between EIS and the VPN.  I hadn't updated to EIS 15 on my desktop, but when I did, I started getting the same errors.  So far split-tunneling fixed the LiveGrid and firewall issues on 2 computers.  I've read in some other posts this happened to others using ExpressVPN (my VPN) as well as other brand VPNs.

I'll update when I can for your troubleshooting, but I thought I'd post this in case it helps someone else in the meantime.

I agree with you @Drew 2 before and with version 14 of EIS I did not have this problem.

Link to comment
Share on other sites

11 minutes ago, Marcos said:

The issue was resolved on Friday with the release of the Advanced antispam module 7909.1.

Testing this today.

Link to comment
Share on other sites

4 minutes ago, Drew 2 said:

Within 30 minutes the LiveGrid error returns.

As a test, temporarily disable Anti-Spam protection setting in Eset GUI Internet Protection section and observe if that stops the LiveGrid alerts. After testing, re-enable Anti-Spam protection.

Link to comment
Share on other sites

1 hour ago, itman said:

As a test, temporarily disable Anti-Spam protection setting in Eset GUI Internet Protection section and observe if that stops the LiveGrid alerts. After testing, re-enable Anti-Spam protection.

I just tried this and within 2o minutes I was receiving the LiveGrid error again.

Link to comment
Share on other sites

  • Administrators
1 hour ago, Drew 2 said:

Within 30 minutes the LiveGrid error returns.

Please enable advanced antispam logging under Tools -> Diagnostics in the advanced setup, reproduce the issue, then stop logging and collect logs with ESET Log Collector. Does something change with the network during the period? E.g. you connected to a VPN or disconnected from it or if DNS servers changed for some reason.

Link to comment
Share on other sites

Hi @macros,

Nothing changes with the network and the VPN isn't disconnecting/reconnecting when this happens - DNS servers should all be express VPN's.  As soon as I can do the diagnostic with the log collector, I'll PM the log to you.

Thanks.

Link to comment
Share on other sites

Good evening.

Not sure if this helps but I am having the connection to LiveGrid server error, and I am NOT using a VPN.

The appears about 30 minutes after booting up. Disappears if I reboot, but then appears shortly after the reboot.

Link to comment
Share on other sites

16 hours ago, Baldrick said:

Good evening.

Not sure if this helps but I am having the connection to LiveGrid server error, and I am NOT using a VPN.

The appears about 30 minutes after booting up. Disappears if I reboot, but then appears shortly after the reboot.

Rebooting would temporarily help me too - but not for long.  I've been logging per @macros's directions, but amazingly have not had the error since I enabled logging.  Maybe follow the logging directions and submit?

Link to comment
Share on other sites

  • Administrators

In order to troubleshoot cloud connectivity issues, please enable advanced Direct cloud logging in the advanced setup -> tools -> diagnostics, reboot the machine, next reproduce the issue, then stop logging and collect logs with ESET Log Collector. If you can reproduce the issue quickly, you can also enable advanced network protection logging so that we can see all network communication as well.

Link to comment
Share on other sites

Hi Marcos

Many thanks for the guidance...I will certainly try what you have suggested. The challenge is that the occurrence of the issue seems to be even more sporadic than I thought it is. As such I do not really want to run logging for a while in the hope that the issue occurs.

So, is it possible/useful to carry out what you suggest once one notices that the issue has occurred? Will any data gathered this way be of any use?

Thanks in advance.

Baldrick

 

Link to comment
Share on other sites

In case anyone researches this issue later, my problem seemed to have resolved itself.  I don't know what changed.  I stopped using split-tunneling and was prepared to collect the info as directed by macros, but no errors or firewall problems returned.  No idea what changed.  If the problem resumes I'll submit the diagnostics as directed. 

Link to comment
Share on other sites

Hi Drew

Funny that you shoulkd mention this but whilst the issue has not disappeared completely on my systems it occurring has diminished significantly to such a point that it can be days rather than hours before another one might come around.

Like you say...not sure why...I have certainly done nothing at all to my systems that might be a factor...methinks something in the backoffice has changed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...