RD Sensor Port Used.

[kvngselassie 1]

@Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident.

 

Can you please give me a little insight on this?

 

Is it possible for the server to automatically initiate such a connection and is it ESET related? 

[MartinK 378]

23 hours ago, kvngselassie said:

@Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident.

RDSensor used passive detection, i.e. it is not opening SSH connection to other devices.
 

23 hours ago, kvngselassie said:

Is it possible for the server to automatically initiate such a connection and is it ESET related? 

ESET PROTECT can indeed initiate SSH connections as part of "Remote agent deployment task" (documentation). I would recommend to check console for execution records for this task type, and if it will be present, I would check whether it was not scheduled for execution in a way it would trigger detections you mentioned. It is not possible this task would run without user's consent or selection of "targets"