kvngselassie 1 Posted April 21, 2021 Share Posted April 21, 2021 @Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident. Can you please give me a little insight on this? Is it possible for the server to automatically initiate such a connection and is it ESET related? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted April 22, 2021 ESET Staff Share Posted April 22, 2021 23 hours ago, kvngselassie said: @Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident. RDSensor used passive detection, i.e. it is not opening SSH connection to other devices. 23 hours ago, kvngselassie said: Is it possible for the server to automatically initiate such a connection and is it ESET related? ESET PROTECT can indeed initiate SSH connections as part of "Remote agent deployment task" (documentation). I would recommend to check console for execution records for this task type, and if it will be present, I would check whether it was not scheduled for execution in a way it would trigger detections you mentioned. It is not possible this task would run without user's consent or selection of "targets" Link to comment Share on other sites More sharing options...
Recommended Posts