hsmithjtek

Detected Port Scanning Attack Whitelist?

Recommended Posts

Posted (edited)

Hi all,

 

We have a local server doing port scanning for inventory on our network and ERA is complaining about "Detected Port Scanning attack" on some clients for the IP address of that server. I can't find any business articles on how to whitelist an IP address from this alert. 

 

Any insight?

ESET Remote Administrator (Server), Version 6.5 (6.5.522.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)

Windows Server 2012 R2 VM

Thank you.

Edited by hsmithjtek
adding details

Share this post


Link to post
Share on other sites

You can exclude specific addresses from an IDS detection in the IDS exceptions setup (available in the policy editor too):

image.png

Alternatively you can right-click the appropriate record in the firewall log and select "Do not block similar events in the future":

image.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.