lukbes 0 Posted July 14, 2016 Share Posted July 14, 2016 Hi. The firewall logs, I noticed that the ESS tried 100 times to connect to the server 137.135.12.16 within four hours. This does not update server. So what is it and what he wants to connect to it? The second issue of concern to me. How big is the difference in the level of protection between the EES 6.4.2014 and ESS 9.0.381? I just did not like that the EES has Eset Service x86, and ESS x64. Although from a financial point of view to move to EES it was more profitable, but now I'm not so sure. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 14, 2016 Administrators Share Posted July 14, 2016 See hxxp://support.eset.com/kb332/: ESET Data Framework (Anti-Theft, ESET License Administrator, Parental control): edf-pcs.cloudapp.net 137.135.12.16 edf-pcs2.cloudapp.net 137.117.215.70 h1-edfspy02-v.eset.com 91.228.165.74 h1-edfspy02-v.eset.com 91.228.167.40 h1-arse01-v.eset.com 91.228.166.104 h1-arse02-v.eset.com 91.228.166.71 h3-arse01-v.eset.com 91.228.167.64 h3-arse02-v.eset.com 91.228.167.81 h5-arse01-v.eset.com 38.90.226.16 h5-arse02-v.eset.com 38.90.226.17 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 14, 2016 Administrators Share Posted July 14, 2016 The second issue is of concern to me. How big is the difference in the level of protection between the EES 6.4.2014 and ESS 9.0.381? The level of protection is same. The fact that ekrn.exe in EES v6 is 32-bit should not be of concern; in fact we as well as many other vendors have been using a 32-bit kernel service on x64 systems for years. This has changed just recently with the introduction of v9. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted July 14, 2016 ESET Staff Share Posted July 14, 2016 (edited) We will be adding the 64-bit native scanning core to the Endpoint V7, however road-map for that one is not yet set properly. The only thing I can say is, that it would not be this year. But as Marek stated, the level of protection is the same, core protection features are the same. Of course, there are some differences from the feature perspective, and the business products are remotely manageable, which is not the case of the consumer editions. Edited July 14, 2016 by MichalJ Link to comment Share on other sites More sharing options...
lukbes 0 Posted July 14, 2016 Author Share Posted July 14, 2016 Ok. Thank you for your responses. But it would be more precise. Function Anti-Theft and Parental Control is only at ESS. So it is only in the EES "ESET License Administrator". This function checks whether the user has a license? Therefore, there is a connection attempt to the server 137.135.12.16? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted July 14, 2016 ESET Staff Share Posted July 14, 2016 I would suggest to capture network traffic on specific client to be sure - using for example Wireshark. In case it are connections to ELA, client's will be accessing domain ela.eset.com using SSL/TLS connection. Server's SSL/TLS certificate for this ESET service will be the same as on ELA portal (https://ela.eset.com/). Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted July 15, 2016 ESET Staff Share Posted July 15, 2016 Those requests are representing state, when product "asks" ESET cloud servers, about any configuration changes (in case of consumer products, it is related to antitheft, parental & my.eset.com integration), in case of business, it is related to the new licensing system (product is asking, if the license was not changed, or if the seat was not renamed in the license administrator). However, in general, it should trigger max 20 requests per 4 hours ideally, so it would be very good, if you send us the "seat ID" that you see in the "about" window of your ESET Endpoint Security, so we can find those specific requests and let you know, what have triggered them. You can send me the SeatID in the private message. Link to comment Share on other sites More sharing options...
Recommended Posts