Excessive dns query from endpointprotection.exe

toptaran
toptaran Posts: 1 New Member
edited April 21 in Privacy VPN

Hello,

just noticed my mikrotik's dns cache is overloaded. After added log find out dns lookup spam is from F-Secure\TOTAL\epp\Endpoint Protection SDK\endpointprotection.exe

Looks like it makes dns requests for every connection not only outgoing but incoming too.

For incoming it requests reverse lookup dns.

How to solve it? I have torrent client and download and ofc seed seed many torrent, it's not ok to make dns lookup request for every ip that connect to me.

My dns cache have now 20k+ records(it's just for few hours), it's not ok. AV software must protect, but not make dns spam.

PS. I have Internet Security & Scam Protection version 25.3, windows 10 21H2

Like Awesome

Answers

  • Firmy
    Firmy Posts: 2,157 Community Manager

    Hello @toptaran

    Welcome to the F-Secure Community. Thank you for your question.

    We have investigated this matter on our end, and we can confirm that the DNS requests are not being initiated by endpointprotection.exe itself. The confusion arises due to the presence of the Firewall Sensor, which monitors network traffic by routing it through a system layer for inspection.

    As a result, monitoring tools may incorrectly attribute DNS activity to endpointprotection.exe, simply because the traffic passes through it as part of the inspection process.

    In reality, these DNS requests are being triggered by various operating system processes and applications on your device.

    If you need further clarification or assistance with this, we’re more than happy to help.

    Thank you again, and have a wonderful day.

    Firmy
    Community Manager | F-Secure Community
    🔐 Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    💻 Empower yourself with Cybersecurity Insights and protect what matters

    Like Awesome

Categories