ESET Service trying to connect to unknow servers?

Hi,

This year I switched from Nod32+Zonealarm free to Eset Smart Security. Since a little while, I occasionally get the following request for permission:

http://www.dutchalps.com/temp/eset.jpg

I have performed reverse dns lookups for the involved IP adresses (different each time), and they seem to have nothing to do with ESET. So I sent the question to the Dutch helpdesk for ESS, but they wanted a complete export of the sysinspector, which I refused, because it exposes too much info about my PC, and they didn't want to tell me which part of the produced XML file they needed to investigate.

Does anyone know why "Eset Service" would want to connect to random addresses that do not seem to be related to Eset? Why would "ESET Service" ask permission in the first place, if it is doing anything legitimate?

Thanks,

Pieter.

 

Hello,

Most likely the ekrn.exe service is trying to submit statistical information to ThreatSense.net. Try disabling the feature by opening the ESS GUI, then press F5 to enter advanced setup, then in the context tree on the left, locate "ThreatSense.net" under tools. Click to highlight, then click Advanced setup in the main window. Click the Statistics tab in the window that pops up, then uncheck the box for "Enable submission of anonymous statistical information". Click OK twice to save, then close the GUI.

Let us know if the prompts return.

Regards,

Matt
Eset

 

Thanks, I have changed the setting and will let you know if it doesn't help.

 

today I got the request again twice. despite changiung the suggested setting:

This time it tried to connect to the following IP addresses:

79.70.79.155 resolves to "79-70-79-155.dynamic.dsl.as9105.com"

217.64.182.104 resolves to "ip217-64-182-104.customer.academica.fi"

 

Hello,

Please submit a ticket for support by following this link:

http://www.nod32.nl/

Regards,

Matt
Eset

 

Hello,

Meanwhile, please download the sysinspector utility and generate a log that details your computer's configuration. It will expedite the support process:

http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe

Regards,

Matt
Eset

 

Thanks for your reply, but I already contacted the dutch helpdesk and they asked me to do the same thing, which I refused, because I do not know what information is extracted by the sysinspector, and as a ISP helpdesk employee myself, I am very picky when it comes to the privacy of my PC. I asked the dutch helpdesk which parts of the generated XML file they needed, so I could extract that for them, but they said they needed the whole file, otherwise they wouldn't be able to help me.

I understand your position, but I also respect my own cares about my privacy. I will look for another solution and switch back to zonealarm for my firewall.

 

Meanwhile, I have some additional information: it seems like this issue is being caused by Spotify, which apperently has some p2p features. I'm not 100% totally sure, but I only get these requests when Spotify is running.