Jump to content

Unresolved Detection -> Action: Blocked


Recommended Posts

Servus Community,

I have conflicting information on several detections in our Exchange Server. There are three unresolved detections logged, but theaction type  is indicated as blocked. What exactly is my to do now?

Thx & Bye Tom

Bildschirmfoto 2022-09-19 um 14.47.24.png

Edited by pronto
misstyping
Link to comment
Share on other sites

If you haven't applied the latest Microsoft security patches, you need to do ASAP. Exchange server vulnerabilities are at the top of the list of exploits being deployed by hackers.

Edited by itman
Link to comment
Share on other sites

12 hours ago, itman said:

If you haven't applied the latest Microsoft security patches, you need to do ASAP. Exchange server vulnerabilities are at the top of the list of exploits being deployed by hackers.

Thank you for your attention. Okay, the security patch from August was missing, we are up to date with the CU. But why does a match with an IP blacklist produce a red error? According to my information, ESET itself partly does not know which vulnerability was tried to be exploited. So far, they were always shown as resolved when the connection was finaly blocked.

Thx in advanced & Bye Tom

Link to comment
Share on other sites

  • Administrators

The IP is a known source of attacks: https://www.abuseipdb.com/check/91.72.187.242

Looks like the target and source IP addresses are swapped in the console, please check it direct on the client and report it to technical support, if they are swapped.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...