Jump to content

Recommended Posts

  • ESET Insiders
Posted

 

In the above version, the Live Grid does not work at all, with every new build, new surprises and once again the question, what is going on with you? From build to build bug, at some point it's enough!!!

  • Administrators
Posted

There were no changes in LiveGrid made in recent versions. Please carry  on as follows:

  1. Enable advanced logging under Help and support -> Technical support
  2. Reproduce the issue
  3. Disable logging
  4. Collect logs with ESET Log Collector and provide the generated archive.
  • ESET Insiders
Posted

Here please Marcos, have not changed anything on the settings, neither on Windows nor on Eset!

eis_logs.zip

  • Administrators
Posted

Please try to run ELC once again, for some reason it looks like the archive was split into multiple volumes but ELC generates only a single-volume archive:

image.png

If I skip this, many files are empty.

Posted (edited)

Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses:

Quote

To use the online reputation database (ESET LiveGrid):

Ensure the following ports are open: TCP 80, TCP 53535, UDP 53535

The IP addresses below have to be enabled for HTTP port 80

Access to your local DNS server is required for DNS queries on UDP port 53

Hostnames

h1-c01.eset.com

h1-c02.eset.com

h1-c03.eset.com

h1-c04.eset.com

h1-c05.eset.com

h3-c01.eset.com

h3-c02.eset.com

h3-c03.eset.com

h3-c04.eset.com

h5-c01.eset.com, 38-90-226-11.ptr.eset.com

h5-c02.eset.com, 38-90-226-12.ptr.eset.com

h5-c03.eset.com, 38-90-226-13.ptr.eset.com

IP addresses

91.228.166.45

91.228.166.46

91.228.165.43

91.228.165.44

91.228.166.52

91.228.167.137

91.228.167.43

91.228.167.46

91.228.167.103

38.90.226.11

38.90.226.12

38.90.226.13

Domains used by ESET LiveGrid:

Hostnames

a.cwip.eset.com

ae.cwip.eset.com

avcloud.e5.sk

c.cwip.eset.com

ce.cwip.eset.com

dnsj.e5.sk

dnsje.e5.sk

i1.cwip.eset.com

i1e.cwip.eset.com

i3.cwip.eset.com

i4.cwip.eset.com

i4e.cwip.eset.com

u.cwip.eset.com

ue.cwip.eset.com

c.eset.com

a.c.eset.com

u.eset.com

i1.c.eset.com

i3.c.eset.com

i4.c.eset.com

i5.c.eset.com

These IP addresses need to be enabled for HTTP port 80. Also, access to your local DNS server is required for DNS queries on UDP port 53.

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid

Edited by itman
  • ESET Insiders
Posted (edited)
2 hours ago, itman said:

Since you use the firewall in Interactive mode, make sure you don't have a rule that is blocking inbound and outbound traffic for ekrn.exe. You can also check for connectivity; i.e. ping, to the following IP addresses:

https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall#esetlivegrid

Itman the ports are all released, since the firewall will probably be a bit spinning, even that is nothing new!

 

Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported.

Edited by SlashRose
  • Administrators
Posted

Diagnostic logging didn't show any issues with LiveGrid:

18.12.2021 17:31 ESET Kernel Anonymous statistical data was transferred to ESET.
18.12.2021 17:31 ESET Kernel Detection Engine was successfully updated to version 24477 (20211218).
18.12.2021 16:54 ESET Kernel Anonymous statistical data was transferred to ESET.
18.12.2021 16:54 ESET Kernel Detection Engine was successfully updated to version 24476 (20211218).
18.12.2021 10:52 ESET Kernel Extended logging stopped and logs were created.
18.12.2021 10:51 Update Updater: retval = 0x5003, failures: 0, profile: @My profile, trigger: ConfigChange
18.12.2021 10:51 ESET Kernel Extended logging started.
18.12.2021 10:51 Update Updater: Switch modules type retval = 0x00005007 [NOT NEED]
18.12.2021 9:50 ESET Kernel Anonymous statistical data was transferred to ESET.
18.12.2021 9:50 ESET Kernel Detection Engine was successfully updated to version 24475 (20211218).
16.12.2021 16:45 ESET Kernel Detection Engine was successfully updated to version 24466 (20211216).
16.12.2021 13:32 ESET Kernel Anonymous statistical data was transferred to ESET.
16.12.2021 13:32 ESET Kernel Detection Engine was successfully updated to version 24465 (20211216).
16.12.2021 12:48 ESET Kernel Anonymous statistical data was transferred to ESET.

How does the issue manifest?

Posted (edited)
1 hour ago, SlashRose said:

Itman there must be something wrong, because if Live Grid is not reachable, it is actually reported in Esets Gui, but none of it is reported.

Are you stating that Eset GUI shows no alert about LiveGrid not accessible, but you see no Eset submission entries to LiveGrid in Eset Event log?

Or, you have LiveGrid submission Event log entries, but you are not receiving any Eset popup notifications for these submissions?

There was an issue in the initial release of ver. 15 about the LiveGrid submission popup notifications not being shown which I reported in the forum. It has been subsequently fixed and I am now receiving submission popup notifications.

Edited by itman
  • ESET Insiders
Posted (edited)

Here the Screenshot! And do you notice Marcos, no matter what, it always comes that everything is ok, for what then the constant creation of the logs?

 

Live Grid.JPG

Edited by SlashRose
Posted (edited)
2 hours ago, SlashRose said:

Here the Screenshot! 

This doesn't show anything related to your problem. You didn't answer my previously posted questions.

As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly.

Edited by itman
  • Administrators
Posted

Just to make sure, did you continue as follows?

- enabled advanced logging
- opened Running processes
- after a while disabled adv. logging ?

In case when there's a problem with LG communication (e.g. if network is disconnected), the following is logged:
"encrypted Http LiveGrid request to c.eset.com ended up with error 21202"

Also the SysInspector log that you generated with ELC contains LiveGrid data so it doesn't look like a communication problem. Please let us know if the CloudCar test file is detected upon download as itman asked.

  • ESET Insiders
Posted
8 hours ago, itman said:

This doesn't show anything related to your problem. You didn't answer my previously posted questions.

As it stands right now, I have still no clue as to what your LiveGrid issues are. Perform this test: https://www.amtso.org/feature-settings-check-cloud-lookups/ . If Eset generates a detection alert for it, LiveGrid is functioning properly.

Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.

  • Administrators
Posted
21 minutes ago, Minimalist said:

Are you sure ESET detects this? I have LiveGrid enabled and nothing is detected.

You should get an alert like this upon downloading CloudCar from http://amtso.eicar.org/cloudcar.exe

image.png

  • ESET Insiders
Posted (edited)

The file as seen in the screenshot is recognized, but why time LiveGrid this image from the previous post????

Marcos I had as from the log yes to be seen, the extended logging activated!

 

@Itman, No Itman, I get as above written, neither in the Gui a warning displayed, nor in the event log, Itman you can see from the screenshot but that something is going wrong in Live Grid, but what is the question now?

Eset.JPG

Edited by SlashRose
  • ESET Insiders
Posted

Again, you can see that it doesn't really work.

Unbenannt.JPG

Posted
1 hour ago, SlashRose said:

Again, you can see that it doesn't really work.

OK. I now understand your issue.

Eset is not populating LiveGrid reputation status data; on the Connected Network Connections display, or on any other display it appears. Aside from that issue, it appears LiveGrid is functional as evidenced by your installation detecting AMTSO Cloudcar test.

Refer to the below screen shot and verify the highlighted setting is enabled:

Eset_Reputation.thumb.png.0b169ff030e6717389ea814a44be7ba7.png

If this setting is enabled, you might have to reinstall Eset to get this feature working again.

  • ESET Insiders
Posted

And also on this screenshot you can see the Live Grid does not work!

Eset Reputation.JPG

  • ESET Insiders
Posted

Again, this is natural all the time, it only occurs since the new build.

Live Grid Einstellungen.JPG

Posted
2 minutes ago, itman said:

If this setting is enabled, you might have to reinstall Eset to get this feature working again.

Another factor here is it appears you are using a VPN and that might be interfering with the LiveGrid data download. As a test, disable VPN and determine if LiveGrid reputation data is now being populated in your installation.

  • ESET Insiders
Posted (edited)

The VPN has been off for 5 days.

Edited by SlashRose
  • Administrators
Posted

Do you get the file reputation if you right-click an executable and select Check file reputation?

  • ESET Insiders
Posted (edited)

Nein.

Dateireputation.JPG

Edited by SlashRose
Posted

At this point, it appears to me something is corrupted with your ver. 15.0.21 installation. I again recommend uninstalling it after exporting your existing settings, then reinstall it and import your previously saved settings.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...