Ssooz 0 Posted June 20, 2023 Share Posted June 20, 2023 Hi, I've got this issue where ESET LiveGrid has trouble reaching its online reputation database. I have opened TCP 80, both TCP & UDP 53535 on my modem and even set Firewall rules but I cant seem to get it to work correctly. I suspect something wrong with my modem because testing the ports still return as CLOSED even though they should be OPEN. Am I missing a step? Not sure what I'm supposed to do with all the Hostnames listed on the KB332 webpage... Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted June 20, 2023 Administrators Share Posted June 20, 2023 Please carry on as follows: Enable advanced logging under Help and support -> Technical support Reboot the machine Reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 20, 2023 Share Posted June 20, 2023 1 hour ago, Ssooz said: I have opened TCP 80, both TCP & UDP 53535 on my modem and even set Firewall rules but I cant seem to get it to work correctly. Also per Eset KB article; Quote Also, access to your local DNS server is required for DNS queries on UDP/TCP port 53. The default ESSP firewall rule for DNS would allow for the above communication. 1 hour ago, Ssooz said: I suspect something wrong with my modem because testing the ports still return as CLOSED even though they should be OPEN. You can test modem port status here: https://www.grc.com/shieldsup. Finally, you mention modem. Do you have a router attached to the modem? Link to comment Share on other sites More sharing options...
Ssooz 0 Posted June 20, 2023 Author Share Posted June 20, 2023 2 minutes ago, itman said: You can test modem port status here: https://www.grc.com/shieldsup. I have, 80 comes back as CLOSED but 53535 comes back as STEALTH. 3 minutes ago, itman said: Finally, you mention modem. Do you have a router attached to the modem? I have Bell's HomeHub 3000 (which I believe is made specifically for Canada but I could be wrong) which I think acts as both a modem and router. It is known for being not so great at port forwarding which is why I suspect it to be the reason ESET has trouble connecting to its Cloud. 53 minutes ago, Marcos said: Please carry on as follows: Enable advanced logging under Help and support -> Technical support Reboot the machine Reproduce the issue Stop logging Collect logs with ESET Log Collector and upload the generated archive here. Attached below! essp_logs.zip Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 20, 2023 Share Posted June 20, 2023 2 minutes ago, Ssooz said: I have, 80 comes back as CLOSED but 53535 comes back as STEALTH. On the WAN side of the modem, all your ports should show as Stealth or Closed which is what the GRC app tests for. Assumed is other like web tests you ran would be testing the WAN side of the modem. Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 20, 2023 Share Posted June 20, 2023 Did you modify the default Windows inbound firewall rules prior to installing Eset? Link to comment Share on other sites More sharing options...
Ssooz 0 Posted June 20, 2023 Author Share Posted June 20, 2023 1 minute ago, itman said: Did you modify the default Windows inbound firewall rules prior to installing Eset? I didnt. Only added new inbound and outbound rules when trying to get LiveGrid to work. Link to comment Share on other sites More sharing options...
Ssooz 0 Posted June 22, 2023 Author Share Posted June 22, 2023 Anything I can try? Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 22, 2023 Share Posted June 22, 2023 (edited) One strong possibility for your LiveGrid connectivity issue is your Bell HomeHub 3000 modem/router is blocking either outbound or inbound TCP and UDP port 53535 network traffic. You stated you made firewall modifications on the modem/router for this traffic which normally is not required. You should checked your modem/router firewall log for blocked outbound or inbound TCP and UDP port 53535 network traffic. If no blocked log entries exist for this traffic, the problem is not with the modem/router. If blocked log entries exist for this network traffic, you should contact your ISP; assuming they provided the modem/router, for assistance in creating the required firewall exceptions/rules to allow required Eset LiveGrid network traffic. Edited June 22, 2023 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted June 26, 2023 Administrators Share Posted June 26, 2023 Does the issue occur if you are not connected via OpenVPN? Does temporarily uninstalling it make a difference? Is this adapter installed by OpenVPN? Unknown adapter Mullvad: Description . . . . . . . . . . . : Mullvad Tunnel Link-local IPv6 Address . . . . . : fe80::4dc0:5438:c35d:200e%14(Preferred) IPv4 Address. . . . . . . . . . . : 10.15.0.13(Preferred) As you can see in the pcap log, we didn't receive any response from a LiveGrid server: Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 26, 2023 Share Posted June 26, 2023 2 hours ago, Marcos said: Is this adapter installed by OpenVPN? Mullvad is a VPN service originating in Sweden: https://mullvad.net/en . More details here: https://mullvad.net/en/about . It appears to have no connections to OpenVPN. It would have been beneficial if the OP mentioned initially he was using a VPN. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted June 26, 2023 Administrators Share Posted June 26, 2023 I'd suggest to disable or even temporarily uninstall the VPN to see if it makes a difference. Link to comment Share on other sites More sharing options...
itman 1,746 Posted June 26, 2023 Share Posted June 26, 2023 Here's a forum thread dating to 2021 about issues with LiveGrid connectivity and Mullvad VPN: https://forum.eset.com/topic/30515-eset-live-grid-servers-cannot-be-reached/ . The OP switched to a different VPN and his LiveGrid issues were resolved. Link to comment Share on other sites More sharing options...
Ssooz 0 Posted July 4, 2023 Author Share Posted July 4, 2023 Sorry guys for the late reply! So it does happen with the VPN disconnected though I did test with AMTSO Testing with its Cloudcar file (with Mullvad ENABLED) and it is correctly blocked by ESET so I figure it does reach LiveGrid servers? Thank you both and happy 4th of July! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted July 10, 2023 Administrators Share Posted July 10, 2023 Have you figured out the cause of the issue or it still persists when you are not connected via the VPN? Link to comment Share on other sites More sharing options...
Recommended Posts