Eset DNS Hijacking

[itman 1,594]

This activity just started with ver. 16.2.

Refer to the below screen shot. Highlighted in black is my legit IPv4 DNS server address assigned via gateway DHCPv4 processing. Highlighted in red is a DNS connection to Google's public IPv4 DNS server address. This activity also appears to be related to Eset's use of Cloudflare's Comodo crl download.

How do I stop Eset's download from Cloudflare?

 

[Marcos 4,839]

You could try disabling SSL filtering if you don't want to check CRLs. SSL filtering has always checked certificates against CRLs since SSL filtering was first implemented years ago.

[itman 1,594]

Just now, Marcos said:

Try disabling SSL filtering if you don't want to check CRLs.

Obviously, I don't want to disable SSL/TLS protocol filtering and weaken my security protection.

I just don't want my DNS processing hijacked. Further, my ISP prohibits use of DNS servers other than its own and will most likely block the DNS traffic on its relay DNS servers.

[Marcos 4,839]

Google DNS is used as a fallback when the primary and secondary DNS fail. If you can reproduce it (ideally after a reboot), carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reboot the machine (if it happens at the system startup or shortly after)
3. Reproduce the issue
4. Stop logging
5. Collect logs with ESET Log Collector and upload the generated archive here.