Version 15.0.21.0

[SlashRose 25]

 

In the above version, the Live Grid does not work at all, with every new build, new surprises and once again the question, what is going on with you? From build to build bug, at some point it's enough!!!

[Marcos 5,071]

There were no changes in LiveGrid made in recent versions. Please carry  on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reproduce the issue
3. Disable logging
4. Collect logs with ESET Log Collector and provide the generated archive.

[SlashRose 25]

Here please Marcos, have not changed anything on the settings, neither on Windows nor on Eset!

eis_logs.zip

[Marcos 5,071]

Please try to run ELC once again, for some reason it looks like the archive was split into multiple volumes but ELC generates only a single-volume archive:

If I skip this, many files are empty.

[itman 1,659]

Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses:

Quote

To use the online reputation database (ESET LiveGrid):

Ensure the following ports are open: TCP 80, TCP 53535, UDP 53535

The IP addresses below have to be enabled for HTTP port 80

Access to your local DNS server is required for DNS queries on UDP port 53

Hostnames

h1-c01.eset.com

h1-c02.eset.com

h1-c03.eset.com

h1-c04.eset.com

h1-c05.eset.com

h3-c01.eset.com

h3-c02.eset.com

h3-c03.eset.com

h3-c04.eset.com

h5-c01.eset.com, 38-90-226-11.ptr.eset.com

h5-c02.eset.com, 38-90-226-12.ptr.eset.com

h5-c03.eset.com, 38-90-226-13.ptr.eset.com

IP addresses

91.228.166.45

91.228.166.46

91.228.165.43

91.228.165.44

91.228.166.52

91.228.167.137

91.228.167.43

91.228.167.46

91.228.167.103

38.90.226.11

38.90.226.12

38.90.226.13

Domains used by ESET LiveGrid:

Hostnames

a.cwip.eset.com

ae.cwip.eset.com

avcloud.e5.sk

c.cwip.eset.com

ce.cwip.eset.com

dnsj.e5.sk

dnsje.e5.sk

i1.cwip.eset.com

i1e.cwip.eset.com

i3.cwip.eset.com

i4.cwip.eset.com

i4e.cwip.eset.com

u.cwip.eset.com

ue.cwip.eset.com

c.eset.com

a.c.eset.com

u.eset.com

i1.c.eset.com

i3.c.eset.com

i4.c.eset.com

i5.c.eset.com

These IP addresses need to be enabled for HTTP port 80. Also, access to your local DNS server is required for DNS queries on UDP port 53.

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid

Edited December 18, 2021 by itman

[SlashRose 25]

Here Marcos.

 

https://1drv.ms/u/s!Av0lEm2Gh_QfvXY22i0n1HF5hwcT?e=aYpZxi

[SlashRose 25]

2 hours ago, itman said:

Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses:

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid

Itman the ports are all released, since the firewall will probably be a bit spinning, even that is nothing new!

 

Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported.

Edited December 18, 2021 by SlashRose

[Marcos 5,071]

Diagnostic logging didn't show any issues with LiveGrid:

18.12.2021 17:31	ESET Kernel	Anonymous statistical data was transferred to ESET.
18.12.2021 17:31	ESET Kernel	Detection Engine was successfully updated to version 24477 (20211218).
18.12.2021 16:54	ESET Kernel	Anonymous statistical data was transferred to ESET.
18.12.2021 16:54	ESET Kernel	Detection Engine was successfully updated to version 24476 (20211218).
18.12.2021 10:52	ESET Kernel	Extended logging stopped and logs were created.
18.12.2021 10:51	Update	Updater: retval = 0x5003, failures: 0, profile: @My profile, trigger: ConfigChange
18.12.2021 10:51	ESET Kernel	Extended logging started.
18.12.2021 10:51	Update	Updater: Switch modules type retval = 0x00005007 [NOT NEED]
18.12.2021 9:50	ESET Kernel	Anonymous statistical data was transferred to ESET.
18.12.2021 9:50	ESET Kernel	Detection Engine was successfully updated to version 24475 (20211218).
16.12.2021 16:45	ESET Kernel	Detection Engine was successfully updated to version 24466 (20211216).
16.12.2021 13:32	ESET Kernel	Anonymous statistical data was transferred to ESET.
16.12.2021 13:32	ESET Kernel	Detection Engine was successfully updated to version 24465 (20211216).
16.12.2021 12:48	ESET Kernel	Anonymous statistical data was transferred to ESET.

How does the issue manifest?

[itman 1,659]

1 hour ago, SlashRose said:

Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported.

Are you stating that Eset GUI shows no alert about LiveGrid not accessible, but you see no Eset submission entries to LiveGrid in Eset Event log?

Or, you have LiveGrid submission Event log entries, but you are not receiving any Eset popup notifications for these submissions?

There was an issue in the initial release of ver. 15 about the LiveGrid submission popup notifications not being shown which I reported in the forum. It has been subsequently fixed and I am now receiving submission popup notifications.

Edited December 18, 2021 by itman

[SlashRose 25]

Here the Screenshot! And do you notice Marcos, no matter what, it always comes that everything is ok, for what then the constant creation of the logs?

 

Edited December 18, 2021 by SlashRose

[itman 1,659]

2 hours ago, SlashRose said:

Here the Screenshot! 

This doesn't show anything related to your problem. You didn't answer my previously posted questions.

As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly.

Edited December 19, 2021 by itman

[Marcos 5,071]

Just to make sure, did you continue as follows?

- enabled advanced logging
- opened Running processes
- after a while disabled adv. logging ?

In case when there's a problem with LG communication (e.g. if network is disconnected), the following is logged:
"encrypted Http LiveGrid request to c.eset.com ended up with error 21202"

Also the SysInspector log that you generated with ELC contains LiveGrid data so it doesn't look like a communication problem. Please let us know if the CloudCar test file is detected upon download as itman asked.

[Minimalist 16]

8 hours ago, itman said:

This doesn't show anything related to your problem. You didn't answer my previously posted questions.

As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly.

Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.

[Marcos 5,071]

21 minutes ago, Minimalist said:

Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.

You should get an alert like this upon downloading CloudCar from http://amtso.eicar.org/cloudcar.exe

[SlashRose 25]

The file as seen in the screenshot is recognized, but why time LiveGrid this image from the previous post????

Marcos I had as from the log yes to be seen, the extended logging activated!

 

@Itman, No Itman, I get as above written, neither in the Gui a warning displayed, nor in the event log, Itman you can see from the screenshot but that something is going wrong in Live Grid, but what is the question now?

Edited December 19, 2021 by SlashRose

[SlashRose 25]

Again, you can see that it doesn't really work.

[itman 1,659]

1 hour ago, SlashRose said:

Again, you can see that it doesn't really work.

OK. I now understand your issue.

Eset is not populating LiveGrid reputation status data; on the Connected Network Connections display, or on any other display it appears. Aside from that issue, it appears LiveGrid is functional as evidenced by your installation detecting AMTSO Cloudcar test.

Refer to the below screen shot and verify the highlighted setting is enabled:

If this setting is enabled, you might have to reinstall Eset to get this feature working again.

[SlashRose 25]

And also on this screenshot you can see the Live Grid does not work!

[SlashRose 25]

Again, this is natural all the time, it only occurs since the new build.

[itman 1,659]

2 minutes ago, itman said:

If this setting is enabled, you might have to reinstall Eset to get this feature working again.

Another factor here is it appears you are using a VPN and that might be interfering with the LiveGrid data download. As a test, disable VPN and determine if LiveGrid reputation data is now being populated in your installation.

[SlashRose 25]

The VPN has been off for 5 days.

Edited December 19, 2021 by SlashRose

[Marcos 5,071]

Do you get the file reputation if you right-click an executable and select Check file reputation?

[SlashRose 25]

Nein.

Edited December 19, 2021 by SlashRose

[SlashRose 25]

And now?

[itman 1,659]

At this point, it appears to me something is corrupted with your ver. 15.0.21 installation. I again recommend uninstalling it after exporting your existing settings, then reinstall it and import your previously saved settings.