Michelle911 0 Posted November 1, 2022 Share Posted November 1, 2022 I have two entries in my network protection log where the source is my internal ip for the exchange server - port 25 - user NTAuthority - application frontendtransport. I have run a scan and it is clean. How do I track this down? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted November 1, 2022 Administrators Share Posted November 1, 2022 Please copy and paste the record you are inquiring about from the Network protection log. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted November 1, 2022 Administrators Share Posted November 1, 2022 Please copy and paste the record you are inquiring about from the Network protection log. Link to comment Share on other sites More sharing options...
Michelle911 0 Posted November 1, 2022 Author Share Posted November 1, 2022 See attached screenshot Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted November 1, 2022 Administrators Share Posted November 1, 2022 I assume those IP addresses are not known to you, are they? They are swapped in the log which is a known bug and will be fixed soon. Link to comment Share on other sites More sharing options...
Michelle911 0 Posted November 1, 2022 Author Share Posted November 1, 2022 No those IP addresses are not known to me. It's alarming to see my machine as the source! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted November 1, 2022 Administrators Share Posted November 1, 2022 6 minutes ago, Michelle911 said: No those IP addresses are not known to me. It's alarming to see my machine as the source! As I wrote, your server is not the source and it's just that the IP addresses are swapped in the log for this particular detection. ESET detected and blocked exploitation attempts from those IP addresses. Link to comment Share on other sites More sharing options...
Recommended Posts