Jump to content

Recommended Posts

@Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident.

 

Can you please give me a little insight on this?

 

Is it possible for the server to automatically initiate such a connection and is it ESET related? 

Link to post
Share on other sites
  • ESET Staff
23 hours ago, kvngselassie said:

@Marcos can u please clarify for me the actual ports ESET RD Sensor uses to scan for Rogue devices, we currently have issues of our On-Prem ESET Protect Server initiates SSH Connection to other Hosts on our network and we are currently investigating this incident.

RDSensor used passive detection, i.e. it is not opening SSH connection to other devices.
 

23 hours ago, kvngselassie said:

Is it possible for the server to automatically initiate such a connection and is it ESET related? 

ESET PROTECT can indeed initiate SSH connections as part of "Remote agent deployment task" (documentation). I would recommend to check console for execution records for this task type, and if it will be present, I would check whether it was not scheduled for execution in a way it would trigger detections you mentioned. It is not possible this task would run without user's consent or selection of "targets"

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...