Jump to content

Exclude TCP Port Scanning Attack not working


mtellefson
 Share

Recommended Posts

I am in the process of upgrading from Eset version 5 to 7.  We use Spiceworks to track inventory of all our computers so when it tries to contact any of the computers, ESET blocks it and records a TCP Port Scanning Attack.  Originally I was receiving ARP Cach Poisoning Attack alerts from the same server and I created an IDS exception and they stopped.  I added the TCP Port Scanning Attack exception in the same place and applied it to all computers but I still have the alerts showing up in the threats.  Any ideas what I am missing?

Link to comment
Share on other sites

  • Administrators

Please collect logs from the client with ESET Log Collector and post the generated archive here. Basically an exception like this should work:

image.png

 

Link to comment
Share on other sites

Try entering the TCP Port Scanning attack exception w/o an IP address.

If the above doesn't work, you might have to exclude the displaying of IDS after detection alerts as shown in this Eset knowledge base article: http://support.eset.com/kb2951/ . As the article states, only the alerting is being disabled; not the IDS protections.

Also assuming your external network gateway has like WAN side TCP port scanning detection capability and mitigation, you could just disable the Eset IDS TCP Port Scanning attack detection on the endpoints.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...