Eset File Security Firewall

[Stijn 0]

Eset protect is generating tons of firewall alerts for our DMZ servers. The thing is, File Security does not have a firewall module so where are these alerts coming from?

In addition, they are all legitimate traffic to the websites running on there so it's not even working properly.

The alerts were not present in Eset Security Management Server 7.1 but popped up after upgrading to Eset Protect 8.0.

Any have any suggestions?

[Marcos 4,931]

Please provide a couple of records from the log. Are they logged in the Network protection log?

[Stijn 0]

I cannot find that log between the others. Do I have to enable the Network protection advanced logging option on the servers?

 

[Marcos 4,931]

What logs are you referring to? Could you please post a screen shot for clarification?

[Stijn 0]

Here are the logs of one server. I left out the source and destination IP.

[Nightowl 198]

35 minutes ago, Stijn said:

Here are the logs of one server. I left out the source and destination IP.

Your server is being attacked on ports 443 and 80 , probably as you have said it is DMZ so it's open to all the world.

[Stijn 0]

Yeah those ports are open since it is hosting web services. So it might as well be legitimate traffic?

Is there a way to tell Eset to keep blocking but no need to constantly go into alert? 

[Nightowl 198]

3 minutes ago, Stijn said:

Yeah those ports are open since it is hosting web services. So it might as well be legitimate traffic?

Is there a way to tell Eset to keep blocking but no need to constantly go into alert? 

In settings I can only find for displaying notifications not preventing it to send to management server I believe

Let's wait for ESET Staff he can have more information than me.