David Manson

Thanks for the reply but I do not understand how that could be, the traffic should hit the NSG First and be blocked and ESET should never see it as the communication is inbound.

Received the below Security Vulnerability Exploitation attempt but confused as the server sits in Azure with all traffic blocked by the NSG inbound so cannot see why ESET alerting for this (Known Bad) IP for this attempt. Can anyone explain or seen similar alerts that do not make sense? Just concerned that something has even attempted to exploit this server as it has no inbound ports open. Network Vulnerability Alert on server.domain.local Computer Name: server.domain.local Username: Timestamp: 1/15/22, 7:27:12 AM UTC Severity: Warning Event: Security vulnerability exploitation attempt Threat Name: EsetIpBlacklist Process Name: Protocol: TCP Inbound Communication: yes Source Address: 220.249.167.16 Source Port: 52,183 Target Address: 10.1.0.5 Target Port: 1,433 This message was sent by ESET PROTECT

Hi Can anyone confirm or not that ESET will detect and protect from the vulnerability in MS Office Documents? Just want to know if it acts the same way as Windows Defender by default or if it doesn't is there additional configuration that would detect and prevent these getting through? Thanks David