Security threat - um16.eset.com?

I have just restored my PC.

On loading Eset istself asked if it should allow um16.eset.com which has ip address 93.184.71.10.

I have never had this propmpt before on a restore so wonder if this is legitimate especially as it would be Eset Smart security contacting this address (i.e. you would think it would know that it was safe if it was initiating the contact).

Please can someone advise?

Version is 4.2.71.2.

 

Didn't you play with default system rules and disabled the rule allowing communication for ekrn?

 

No

I have an image that I restored.
I got this message once restored.
(I have used the same image before..)

I'ts all working fine but I just wanted reassurance that um16.eset.com and 93.184.71.10 are legitimate?

thanks

 

Yes it's all legitimate. I occasionally get the same (unexpected) firewall alert using v5.2.9.1 when logging in after the PC resumes from sleep mode.

 

You should never be prompted for communication of ekrn with update servers unless a specific rule is created. If you have custom rules created, perhaps you could consider removing them and creating them from scratch if you don't want to use firewall in automatic mode.

 

I have not created any custom rules for ekrn.exe.

I have an Acronis image which has ESET already installed.
When I restore the image it will obviosuly be out of date as it is a month or so old. Eset just does an automatic update and it's all good.

Followed the same process today but got the prompt this time which I never had before.

I only temporarily allowed access.
I just looked at the rules/zones configuration and there is no rule there for EKRN or anything similar. All rules there are identifiable programs such as Internet Explorer etc. (There is Host Process, Windows logon, Service Controller, and local Authority Process too which are ones I recognise as sysytem required access). Nothing for ESET of EKRN etc.
I checked the update settings and they are set to automatic..

Is there some way I can tell that um16.eset.com with IP 93.184.71.10 is a valid ESET update server please? At least I will know I am not allowing access to an invalid server then.

 

Stackz - I didn't see your post that is was legitimate till just now.
thanks

At least I am not letting access to some rogue server..

Not sure why I got the message though..

 

Couldn't it be related to the system resuming from sleep mode then as stackz mentioned? Haven't heard about this issue until now though.

 

Possibly but I don't think this is true in my case as there was no sleep.

Here is how it happened for me:

1) Load Acronis boot disk
2) Restore saved image
3) Load Windows after image restored
4) Eset immediately connects to do usual update on system start
5) Get Message asking to allow um16.eset.com


Never seen 5) before till today.

I have also used same image and steps before with no message.

I don't think there was potential for any sleep in this case..

 

I also vaguely recall receiving the firewall alert like DonVa after restoring a system image.
At any rate, I reproduced the alert earlier today (after multiple attempts). The alert is for svchost connecting to ESET's update servers on local port: 0, remote port: 0
Unfortunately, I didn't think to grab a WinPcap log of the connection to verify the actual port numbers.