Endpoint Security doesn't display any notifications from IDS

[kapela86 10]

Hi, I just noticed that IDS component in eset blocked some connections

 

 

I didn't get any notifications for this, I also looked around settings and couldn't find anything about it. I also looked in Tools -> logs but there is nothing from IDS there. I'm using v6.6.2046.1

Edited November 17, 2017 by kapela86

[Marcos 5,070]

I don't think these connections were blocked by IDS. Click Unblock (Odblokuj) to create an allow rule for the blocked communication.

[kapela86 10]

It says "blocked 12x", and I don't want to allow it as it is out DVR and after seeing this I suspect it may be part of botnet.

[Marcos 5,070]

There's a link to show details about the blocked communication. If you are having issues with DVR because of this blocked communication, you should allow it. If you don't experience any issues, I'd leave it as is.

[kapela86 10]

I doesn't matter if I want to block it or not, what matters is that Eset doesn't notify users that IDS blocked something. There should be an option to enable such notifications.

[Marcos 5,070]

How do you know it was IDS which blocked the communication?

[kapela86 10]

You can translate it to "Packet blocked by active defensive system (IDS)"

Edited November 17, 2017 by kapela86

[Marcos 5,070]

I reckon this happens in automatic mode when an uninitiated inbound communication for which no rule exists is attempted. If the firewall was to notify about every blocked packet, many users would be constantly flooded with notifications.

[kapela86 10]

Yes we use default "Automatic" firewall setting. If you are worried about constant flood of notifications, then add an user configurable option to show notifications for IDS and set it to off by default. And in this notification there could be some checkbox like "don't notify for this IP address" or something. This way everyone will be happy.