Hello,
We began seeing "Security vulnerability exploitation attempts: JAVA/Exploit.CVE-2021-44228", and I'm wondering if anyone can help me understand what is occurring with these alerts?
Product: Endpoint Antivirus 8.1.2037.2
OS: Windows 10.0.19044.1415
The detection includes the following (simplified, obfuscated numbers):
Process name
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Source address
10.1.2.3
Source port
59876
Target address
117.2.3.4
Target port
80
Inbound Communication
no
Protocol
TCP
Action
Blocked
Is the following understanding correct: this computer, using process iexplore.exe, made a call from 10.1.2.3 on port 59876 to 117.2.3.4 which was blocked?
Or was the traffic from 117.2.3.4 on port 80 blocked, with the target of 10.1.2.3?
It is the "Inbound Communication: no" part that is tripping me up. What part of the communication was blocked, the part from the ESET protected endpoint to a server, or a server to the ESET protected endpoint?