Jump to content

Alerts about "security vulnerability explotation attempt"


Recommended Posts

Posted

Hello everyone, 

Im using ESET remote administrator and deploying ESET Endpoint/Server Security on my machines, im having MailEnable server,

Im getting alot of alerts about "security vulnerability explotation attempt" 

the process name is - C:\Program Files (x86)\Mail Enable\Bin64\MESMTPC.exe - MailEnable SMTP Connector

 

i reached out MailEnable and got an answer " theres no vulnerability from our side" and closed my ticket, 

the question is, is there any way i can investigate this? cause im talking about 100+ alerts per day, its getting blocked by my FW\Eset blacklisted IPs, but still, is there anyway i can validate theres no vulnerability from my side? 

any help would be appreciated, thanks !

  • Administrators
Posted

My understanding is that the server is exposed to the Internet and not being behind a firewall that would allow only the necessary communication along with SMTP. As a result, it's being targeted by attackers and these attempts are detected and blocked by ESET's network protection. Please provide logs collected with ESET Log Collctor on the server.

  • Most Valued Members
Posted

If this server has to be faced to the internet , it's better to have a good hardware/virtual machine firewall protecting it which could stop all these attempts in the firewall level, for example Fortinet or Palo-Alto NGFW which can help in that case , for now the one stopping the attacks is ESET , when you have a firewall like this , you will add another layer of protection and those attacks will be held by the firewall.

Even if the software is up-to-date and for now as the developers said there are no zero-days but that won't stop the attempts to scan for vulnerabilities and a one might appear one day.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...