Why does v3.0.650.0 refuse to permit Internet access...

... if it isn't allowed to "call home" during launch?

I use ZA as my firewall to keep my AV app "honest" and other AV apps I've used for years don't call home without permission -- or without a good reason. But NOD32 has a hissy-fit and if not given Internet access and no internet access is permitted until it gets what it wants. My installation of NOD32 is new/duly registered and virus updates are current. I like this app but won't use it under these terms... So why is it insisting on calling home

Thanks

 

Hello,

I wouldn't say that there is no internet access at all but rather no HTTP/POP3 connection is allowed. ESET NOD32 Antivirus uses internal proxy for redirecting HTTP/POP3 traffic. Such communication is blocked until access for ENA is provided.

ENA is definitely not "calling home" - what IP address do you see when ENA tries to connect?

 

ekm.exe is trying to reach 66.196.97.186:HTTP.

Thanks for the prompt response.

 

This is not a server of ESET. Another application communicating via http is trying to connect there. You can test this by putting a cross next to each application in the browser list of the HTTP section (this will make the applications' traffic not to be routed via ekrn) in the main setup tree and then check in your firewall for details about that application.

 

How come the alert calls it an ESET Service, and it only exists when NOD32 is installed? (Never saw it with any other brand of AV). Further, if this isn't an ESET service, why would NOD32 refuse ANY Internet access until the service is granted access?

http://img93.imageshack.us/my.php?image=esetcallinghomecws0.jpg

 

It is a simple matter to check that 66.196.97.186 resolves to f569.mail.vip.re3.yahoo.com

So what do you have running that is connecting to "mail" at "yahoo.com"

You can use WinPatrol (for free) to delay your choice of startup items by a configurable number of seconds, including whatever program you are launching that is connecting to Yahoo. I personally have many startup items staggered, some launching after 10 seconds, some after 20 seconds, some after 30 seconds... This results in a faster startup time overall (less disk thrashing), with the most delayed items being things I don't really care how soon they run at startup as long as they eventually do (UPS monitoring service, Trillian, etc).

 

Internet Explorer is trying to load something , see the screenshot

It was already explained but let's try again . ESET NOD32 3.0 's Web protection uses the so called "internal proxy" to check all your web web traffic (HTTP and POP3 communucation) before it reaches your computer . By doing this , it can protect you from malware in emails or in web-pages and prevent them even touch your computer . The technology used is that the web traffic passes through the ESET Kernel (ekrn.exe) so that it is checked . However , because of the fact all the web traffic (HTTP and POP3) passes through ekrn.exe , the firewall (Zone Alarm) cannot make difference if it is actually ESET Server/Kernel or another application .

In your case , you should allow all the communication of ekrn.exe and of course , trust ESET . ESET applications doesn't phone home except from submitting samples or information for ThreatSense.NET . For more information , please , read again the End User Licese Agreement (from Start -> Programs -> ESET -> ESET NOD32 Antivirus) or visit ESET's web-site www.eset.eu

If you want more control of this traffic , you can use ESET Smart Security

 

Thanks for the more complete explanation on how ekrn operates.

Regarding the EULA, I did read it before installing and that is why I was so concerned about it "calling home" without my authorization. Two clauses in particular are unsettling to me:

2. Forwarding of infiltrations and information to the Provider. The Software contains a function which serves to collect samples of new computer viruses or other similar harmful computer programs (the “Infiltration”) and the subsequent dispatch thereof to the Provider, including information about the computer and/or platform on which the Software is installed(the “Information”). The Information may contain data (including personal data) about the End User and/or other users of the computer on which the Software is installed, information about the computer and operating system, suspicious files from the computer on which the Software is installed and files affected by the Infiltration and any information about such files. The Provider shall use the obtained Information and the Infiltration only to review the Infiltration and shall take reasonable measures to keep the obtained Information confidential. If you accept this Agreement and activate the above function of the Software, you agree that the Infiltration and the Information may be forwarded to the Provider and at the same time you grant to the Provider consent necessary pursuant to the relevant legal regulations to process the obtained Information.

Needless to say I chose not to enable Threatsense.NET. But the next clause can't be escaped by a change of settings:

19. Data on End User and Protection of Rights. You as the End User authorize the Provider to transfer, process and save the data enabling the Provider to identify you. You agree that the Provider may check by its own means whether you are using the Software in accordance with the provisions of this Agreement. You agree that through communication of the Software with the computer systems of the Provider or of its business partners data may be transferred, the purpose of which is to ensure the functionality of and authorization to use the Software and protection of the Provider’s rights.

In my opinion that is going to far. I have no problem with validating a new installation via the Internet, and having that validation tied to that specific platform so a license can't be used for multiple PCs. But to give ESET and their partners permission to snoop around inside my PC without notice any time they please... THAT is why I want a 3rd party firewall to alert me if ESET is snooping around...

PS - Already tried the Smart Security version with integrated firewall and found it trying to access web addresses on its own without giving me prior notice or asking for permission. That Is why I tried NOD32 alone so I could have an independant firewall watching over it. (Also nice to have the ZA up/down traffic bar graph to monitor Internet flow.)

 

You are welcome

Well , I agree with you to some extent . It isn't very clear what kind of data may be transferred and I personally will write ESET an email suggesting they change that aspect of the EULA in the next version of the program . However , I am sure each and every antivirus vendor + Microsoft themselves have such a clause in the EULA . I guess p.19 of the EULA in NOD32 is mostly personal data - e.g. your name , your email and phone number submitted via the Customer Care request option , the email you agree to submit if you submit suspicious sample , etc ... + them checking if you use the program according to the licese agreement . ESET do have the clause that the data collected will be kept private . No software in this world gives you 100% guarantee about anything

You are right - it is software design of ESS to fully allow communication witout asking to its service ekrn.exe
I guess this is made not to confuse users and to make the program easier to users .

 

Thank You for your help, Sir.