Ming Chou 0 Posted November 7, 2023 Posted November 7, 2023 Hi, When i tried to activate ESET through the activation server it says that it is not reachable. We noticed that our firewall blocked the connection, we have created a policy to allow the broadcast. however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). How can we make sure the clients are connecting through DNS name and not IP Address?
itman 1,800 Posted November 7, 2023 Posted November 7, 2023 5 hours ago, Ming Chou said: however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). Per Robtex, edf.eset.com resolves to the following IP addresses;
Ming Chou 0 Posted November 7, 2023 Author Posted November 7, 2023 (edited) https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall According to this it says it should also be 52.160.70.199 our firewall is also showing the block on 52.160.70.199 . Edited November 7, 2023 by Ming Chou
itman 1,800 Posted November 7, 2023 Posted November 7, 2023 I ran tracert edf.eset.com and the final connection was to 52.160.70.199. Next, I ran DNSChecker for edf.eset.com and all DNS resolutions world-wide were to IP address 52.160.70.199; As such, whatever DNS resolution issues you are having are on your end and nothing to do with Eset.
Administrators Marcos 5,446 Posted November 7, 2023 Administrators Posted November 7, 2023 Endpoint attempts to connect to edf.eset.com:
itman 1,800 Posted November 7, 2023 Posted November 7, 2023 11 hours ago, Ming Chou said: however it looks like that the client connects through IP address(52.160.70.199) and not DNS name(edf.eset.com). How can we make sure the clients are connecting through DNS name and not IP Address? Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered; 52.160.70.199 edf.eset.com Host file entries override and bypass DNS processing. Why he would do this is beyond me.
Ming Chou 0 Posted November 8, 2023 Author Posted November 8, 2023 10 hours ago, itman said: Reflecting on this statement, the only way I can think of for this type of behavior is the client modified his Windows hosts file and entered; 52.160.70.199 edf.eset.com Host file entries override and bypass DNS processing. Why he would do this is beyond me. We have not modified any files regarding ESET, the user also does not have the rights to do so. I have checked the Windows host file for "52.160.70.199" or "edf.eset.com" but those entries are not present. We have just whitelisted the IP and will have to live with it. @Marcos What are the chances that the IP Address will change in the future?
Administrators Marcos 5,446 Posted November 8, 2023 Administrators Posted November 8, 2023 You might want to provide a pcap log from activation for a check. You can create one either using Wireshark or by enabling advanced network protection logging in the advanced setup -> tools -> diagnostics. We cannot guarantee that the IP address won't change in the future. In the future we also plan to add RSS for KB so you could subscribe to it and be informed if there's a change in the KB with a list of the IP addresses used by ESET products.
Solution Ming Chou 0 Posted December 14, 2023 Author Solution Posted December 14, 2023 we have whitelisted the IP instead of dns, this solves our issue. can be closed.
Recommended Posts