ESET Service trying to connect to unknow servers?

Discussion in 'ESET Smart Security' started by wokkiedokkie, Nov 26, 2010.

Thread Status:
Not open for further replies.
  1. wokkiedokkie

    wokkiedokkie Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    10
    Location:
    Amsterdam, The Netherlands
    Hi,

    This year I switched from Nod32+Zonealarm free to Eset Smart Security. Since a little while, I occasionally get the following request for permission:

    http://www.dutchalps.com/temp/eset.jpg

    I have performed reverse dns lookups for the involved IP adresses (different each time), and they seem to have nothing to do with ESET. So I sent the question to the Dutch helpdesk for ESS, but they wanted a complete export of the sysinspector, which I refused, because it exposes too much info about my PC, and they didn't want to tell me which part of the produced XML file they needed to investigate.

    Does anyone know why "Eset Service" would want to connect to random addresses that do not seem to be related to Eset? Why would "ESET Service" ask permission in the first place, if it is doing anything legitimate?

    Thanks,

    Pieter.
     
  2. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Most likely the ekrn.exe service is trying to submit statistical information to ThreatSense.net. Try disabling the feature by opening the ESS GUI, then press F5 to enter advanced setup, then in the context tree on the left, locate "ThreatSense.net" under tools. Click to highlight, then click Advanced setup in the main window. Click the Statistics tab in the window that pops up, then uncheck the box for "Enable submission of anonymous statistical information". Click OK twice to save, then close the GUI.

    Let us know if the prompts return.

    Regards,

    Matt
    Eset
     
  3. wokkiedokkie

    wokkiedokkie Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    10
    Location:
    Amsterdam, The Netherlands
    Thanks, I have changed the setting and will let you know if it doesn't help.
     
  4. wokkiedokkie

    wokkiedokkie Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    10
    Location:
    Amsterdam, The Netherlands
    today I got the request again twice. despite changiung the suggested setting:

    This time it tried to connect to the following IP addresses:

    79.70.79.155 resolves to "79-70-79-155.dynamic.dsl.as9105.com"

    217.64.182.104 resolves to "ip217-64-182-104.customer.academica.fi"
     
  5. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Please submit a ticket for support by following this link:

    http://www.nod32.nl/

    Regards,

    Matt
    Eset
     
  6. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
  7. wokkiedokkie

    wokkiedokkie Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    10
    Location:
    Amsterdam, The Netherlands
    Thanks for your reply, but I already contacted the dutch helpdesk and they asked me to do the same thing, which I refused, because I do not know what information is extracted by the sysinspector, and as a ISP helpdesk employee myself, I am very picky when it comes to the privacy of my PC. I asked the dutch helpdesk which parts of the generated XML file they needed, so I could extract that for them, but they said they needed the whole file, otherwise they wouldn't be able to help me.

    I understand your position, but I also respect my own cares about my privacy. I will look for another solution and switch back to zonealarm for my firewall.
     
  8. wokkiedokkie

    wokkiedokkie Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    10
    Location:
    Amsterdam, The Netherlands
    Meanwhile, I have some additional information: it seems like this issue is being caused by Spotify, which apperently has some p2p features. I'm not 100% totally sure, but I only get these requests when Spotify is running.
     
Thread Status:
Not open for further replies.