Ming Chou 0 Posted November 7 Share Posted November 7 Hi, When i tried to activate ESET through the activation server it says that it is not reachable. We noticed that our firewall blocked the connection, we have created a policy to allow the broadcast. however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). How can we make sure the clients are connecting through DNS name and not IP Address? Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 7 Share Posted November 7 5 hours ago, Ming Chou said: however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). Per Robtex, edf.eset.com resolves to the following IP addresses; Quote Link to comment Share on other sites More sharing options...
Ming Chou 0 Posted November 7 Author Share Posted November 7 (edited) https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall According to this it says it should also be 52.160.70.199 our firewall is also showing the block on 52.160.70.199 . Edited November 7 by Ming Chou Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 7 Share Posted November 7 I ran tracert edf.eset.com and the final connection was to 52.160.70.199. Next, I ran DNSChecker for edf.eset.com and all DNS resolutions world-wide were to IP address 52.160.70.199; As such, whatever DNS resolution issues you are having are on your end and nothing to do with Eset. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted November 7 Administrators Share Posted November 7 Endpoint attempts to connect to edf.eset.com: Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 7 Share Posted November 7 11 hours ago, Ming Chou said: however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). How can we make sure the clients are connecting through DNS name and not IP Address? Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered; 52.160.70.199 edf.eset.com Host file entries override and bypass DNS processing. Why he would do this is beyond me. Quote Link to comment Share on other sites More sharing options...
Ming Chou 0 Posted November 8 Author Share Posted November 8 10 hours ago, itman said: Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered; 52.160.70.199 edf.eset.com Host file entries override and bypass DNS processing. Why he would do this is beyond me. We have not modified any files regarding ESET, the user also does not have the rights to do so. I have checked the Windows host file for "52.160.70.199" or "edf.eset.com" but those entries are not present. We have just whitelisted the IP and will have to live with it. @Marcos What are the chances that the IP Address will change in the future? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted November 8 Administrators Share Posted November 8 You might want to provide a pcap log from activation for a check. You can create one either using Wireshark or by enabling advanced network protection logging in the advanced setup -> tools -> diagnostics. We cannot guarantee that the IP address won't change in the future. In the future we also plan to add RSS for KB so you could subscribe to it and be informed if there's a change in the KB with a list of the IP addresses used by ESET products. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.