Hi,
We have Windows Server 2019 with ESET Protect Server (10.0.1128.0), ESET PROTECT Web Console (10.0.132.0), ESET Management Agent (10.0.1126.0) and ESET Rogue Detection Sensor (1.1.693.1) installed on it. There are no other applications which could use Log4j - no other Apache or Tomcat based products.
In ESET Protect console I discovered 9 alerts in last 10 days - all alerts are detections of JAVA/Exploit.CVE-2021-44228 with following details:
Process name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Hash: 6CBCE4A295C163791B60FC23D285E6D84F28EE4C
Source address: 127.0.0.1
Source port:
Target address: 127.0.0.1
Target port:
Inbound Communication: no
Protocol: TCP
Action: Blocked
User: NT AUTHORITY\LOCAL SERVICE
How to interpret this alert and how to stop it occur?
Best regards