ESET Insiders SlashRose 25 Posted December 18, 2021 ESET Insiders Posted December 18, 2021 In the above version, the Live Grid does not work at all, with every new build, new surprises and once again the question, what is going on with you? From build to build bug, at some point it's enough!!!
Administrators Marcos 5,469 Posted December 18, 2021 Administrators Posted December 18, 2021 There were no changes in LiveGrid made in recent versions. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Reproduce the issue Disable logging Collect logs with ESET Log Collector and provide the generated archive.
ESET Insiders SlashRose 25 Posted December 18, 2021 Author ESET Insiders Posted December 18, 2021 Here please Marcos, have not changed anything on the settings, neither on Windows nor on Eset! eis_logs.zip
Administrators Marcos 5,469 Posted December 18, 2021 Administrators Posted December 18, 2021 Please try to run ELC once again, for some reason it looks like the archive was split into multiple volumes but ELC generates only a single-volume archive: If I skip this, many files are empty.
itman 1,811 Posted December 18, 2021 Posted December 18, 2021 (edited) Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses: Quote To use the online reputation database (ESET LiveGrid): Ensure the following ports are open: TCP 80, TCP 53535, UDP 53535 The IP addresses below have to be enabled for HTTP port 80 Access to your local DNS server is required for DNS queries on UDP port 53 Hostnames h1-c01.eset.com h1-c02.eset.com h1-c03.eset.com h1-c04.eset.com h1-c05.eset.com h3-c01.eset.com h3-c02.eset.com h3-c03.eset.com h3-c04.eset.com h5-c01.eset.com, 38-90-226-11.ptr.eset.com h5-c02.eset.com, 38-90-226-12.ptr.eset.com h5-c03.eset.com, 38-90-226-13.ptr.eset.com IP addresses 91.228.166.45 91.228.166.46 91.228.165.43 91.228.165.44 91.228.166.52 91.228.167.137 91.228.167.43 91.228.167.46 91.228.167.103 38.90.226.11 38.90.226.12 38.90.226.13 Domains used by ESET LiveGrid: Hostnames a.cwip.eset.com ae.cwip.eset.com avcloud.e5.sk c.cwip.eset.com ce.cwip.eset.com dnsj.e5.sk dnsje.e5.sk i1.cwip.eset.com i1e.cwip.eset.com i3.cwip.eset.com i4.cwip.eset.com i4e.cwip.eset.com u.cwip.eset.com ue.cwip.eset.com c.eset.com a.c.eset.com u.eset.com i1.c.eset.com i3.c.eset.com i4.c.eset.com i5.c.eset.com These IP addresses need to be enabled for HTTP port 80. Also, access to your local DNS server is required for DNS queries on UDP port 53. https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid Edited December 18, 2021 by itman W-S-K 1
ESET Insiders SlashRose 25 Posted December 18, 2021 Author ESET Insiders Posted December 18, 2021 Here Marcos. https://1drv.ms/u/s!Av0lEm2Gh_QfvXY22i0n1HF5hwcT?e=aYpZxi
ESET Insiders SlashRose 25 Posted December 18, 2021 Author ESET Insiders Posted December 18, 2021 (edited) 2 hours ago, itman said: Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses: https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid Itman the ports are all released, since the firewall will probably be a bit spinning, even that is nothing new! Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported. Edited December 18, 2021 by SlashRose
Administrators Marcos 5,469 Posted December 18, 2021 Administrators Posted December 18, 2021 Diagnostic logging didn't show any issues with LiveGrid: 18.12.2021 17:31 ESET Kernel Anonymous statistical data was transferred to ESET. 18.12.2021 17:31 ESET Kernel Detection Engine was successfully updated to version 24477 (20211218). 18.12.2021 16:54 ESET Kernel Anonymous statistical data was transferred to ESET. 18.12.2021 16:54 ESET Kernel Detection Engine was successfully updated to version 24476 (20211218). 18.12.2021 10:52 ESET Kernel Extended logging stopped and logs were created. 18.12.2021 10:51 Update Updater: retval = 0x5003, failures: 0, profile: @My profile, trigger: ConfigChange 18.12.2021 10:51 ESET Kernel Extended logging started. 18.12.2021 10:51 Update Updater: Switch modules type retval = 0x00005007 [NOT NEED] 18.12.2021 9:50 ESET Kernel Anonymous statistical data was transferred to ESET. 18.12.2021 9:50 ESET Kernel Detection Engine was successfully updated to version 24475 (20211218). 16.12.2021 16:45 ESET Kernel Detection Engine was successfully updated to version 24466 (20211216). 16.12.2021 13:32 ESET Kernel Anonymous statistical data was transferred to ESET. 16.12.2021 13:32 ESET Kernel Detection Engine was successfully updated to version 24465 (20211216). 16.12.2021 12:48 ESET Kernel Anonymous statistical data was transferred to ESET. How does the issue manifest?
itman 1,811 Posted December 18, 2021 Posted December 18, 2021 (edited) 1 hour ago, SlashRose said: Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported. Are you stating that Eset GUI shows no alert about LiveGrid not accessible, but you see no Eset submission entries to LiveGrid in Eset Event log? Or, you have LiveGrid submission Event log entries, but you are not receiving any Eset popup notifications for these submissions? There was an issue in the initial release of ver. 15 about the LiveGrid submission popup notifications not being shown which I reported in the forum. It has been subsequently fixed and I am now receiving submission popup notifications. Edited December 18, 2021 by itman
ESET Insiders SlashRose 25 Posted December 18, 2021 Author ESET Insiders Posted December 18, 2021 (edited) Here the Screenshot! And do you notice Marcos, no matter what, it always comes that everything is ok, for what then the constant creation of the logs? Edited December 18, 2021 by SlashRose
itman 1,811 Posted December 19, 2021 Posted December 19, 2021 (edited) 2 hours ago, SlashRose said: Here the Screenshot! This doesn't show anything related to your problem. You didn't answer my previously posted questions. As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly. Edited December 19, 2021 by itman
Administrators Marcos 5,469 Posted December 19, 2021 Administrators Posted December 19, 2021 Just to make sure, did you continue as follows? - enabled advanced logging - opened Running processes - after a while disabled adv. logging ? In case when there's a problem with LG communication (e.g. if network is disconnected), the following is logged: "encrypted Http LiveGrid request to c.eset.com ended up with error 21202" Also the SysInspector log that you generated with ELC contains LiveGrid data so it doesn't look like a communication problem. Please let us know if the CloudCar test file is detected upon download as itman asked. W-S-K 1
ESET Insiders Minimalist 16 Posted December 19, 2021 ESET Insiders Posted December 19, 2021 8 hours ago, itman said: This doesn't show anything related to your problem. You didn't answer my previously posted questions. As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly. Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.
Administrators Marcos 5,469 Posted December 19, 2021 Administrators Posted December 19, 2021 21 minutes ago, Minimalist said: Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected. You should get an alert like this upon downloading CloudCar from http://amtso.eicar.org/cloudcar.exe
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 (edited) The file as seen in the screenshot is recognized, but why time LiveGrid this image from the previous post???? Marcos I had as from the log yes to be seen, the extended logging activated! @Itman, No Itman, I get as above written, neither in the Gui a warning displayed, nor in the event log, Itman you can see from the screenshot but that something is going wrong in Live Grid, but what is the question now? Edited December 19, 2021 by SlashRose W-S-K 1
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 Again, you can see that it doesn't really work.
itman 1,811 Posted December 19, 2021 Posted December 19, 2021 1 hour ago, SlashRose said: Again, you can see that it doesn't really work. OK. I now understand your issue. Eset is not populating LiveGrid reputation status data; on the Connected Network Connections display, or on any other display it appears. Aside from that issue, it appears LiveGrid is functional as evidenced by your installation detecting AMTSO Cloudcar test. Refer to the below screen shot and verify the highlighted setting is enabled: If this setting is enabled, you might have to reinstall Eset to get this feature working again.
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 And also on this screenshot you can see the Live Grid does not work!
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 Again, this is natural all the time, it only occurs since the new build.
itman 1,811 Posted December 19, 2021 Posted December 19, 2021 2 minutes ago, itman said: If this setting is enabled, you might have to reinstall Eset to get this feature working again. Another factor here is it appears you are using a VPN and that might be interfering with the LiveGrid data download. As a test, disable VPN and determine if LiveGrid reputation data is now being populated in your installation.
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 (edited) The VPN has been off for 5 days. Edited December 19, 2021 by SlashRose
Administrators Marcos 5,469 Posted December 19, 2021 Administrators Posted December 19, 2021 Do you get the file reputation if you right-click an executable and select Check file reputation?
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 (edited) Nein. Edited December 19, 2021 by SlashRose
ESET Insiders SlashRose 25 Posted December 19, 2021 Author ESET Insiders Posted December 19, 2021 And now?
itman 1,811 Posted December 19, 2021 Posted December 19, 2021 At this point, it appears to me something is corrupted with your ver. 15.0.21 installation. I again recommend uninstalling it after exporting your existing settings, then reinstall it and import your previously saved settings.
Recommended Posts