JanSeemann 0 Posted November 3, 2023 Share Posted November 3, 2023 Hello everyone, we are using ESET Server Security Version 10.1.176.0 on an Ubuntu 22.04.3 Server which has Payara 5.2022.5 installed. If we try to start our Payara domains while ESET Server Security is running we geht the following java errors which repeat with varying outgoing ports until a timeout of Payara: With deactivated ESET Server Security the domains start without a problem and we could determine that the tcp connection ist established and used once via the loopback interface. So we determined that ESET Server Security is somehow blocking the internal communication of Payara and consequently causing a timeout for Payara after Payara tried to establish the connection via different ports. What we don't understand is how and why ESET Server Security blocks this communication and how we prevent it from doing so. We couldn't find any detections in ESET Protect oder ESET logs on the Ubuntu server that provide any insight into what is happening. Help and insight would be much appreciated. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,272 Posted November 3, 2023 Administrators Solution Share Posted November 3, 2023 Does temporarily disabling Web access protection make a difference? Please raise a support for help with further investigation of the issue. JanSeemann 1 Link to comment Share on other sites More sharing options...
JanSeemann 0 Posted November 3, 2023 Author Share Posted November 3, 2023 How do we disable the Web access protection for ESET Server Security for Linux via ESET Protect? I can't find an option to do that in the policy settings for ESET Server Security. I see the option only for ESET Endpoint for Linux. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted November 3, 2023 Administrators Share Posted November 3, 2023 It can be disabled via a policy. If you are not seeing these settings, please post a screenshot of installed modules (Help -> About): JanSeemann 1 Link to comment Share on other sites More sharing options...
UserBP 0 Posted November 3, 2023 Share Posted November 3, 2023 Hello, The matter is different, but also related to version 10.1.176.0. Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted November 4, 2023 Administrators Share Posted November 4, 2023 12 hours ago, UserBP said: Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation? This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue. Link to comment Share on other sites More sharing options...
UserBP 0 Posted November 6, 2023 Share Posted November 6, 2023 On 11/4/2023 at 9:56 AM, Marcos said: This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue. Thank you. I wrote to technical support. After analysis, I found that the problem occurs when the Web access protection function is activated and ConfigServer Security and Firewall is enabled at the same time. Link to comment Share on other sites More sharing options...
JanSeemann 0 Posted November 9, 2023 Author Share Posted November 9, 2023 Thanks to your help I was able to deactivate the web access protection. Without the web access protection the communication wasn't disabled anymore. As a long-term solution I assigned a policy that excludes the server's own IP from the web access protection. Thank you for your help Link to comment Share on other sites More sharing options...
Jimmi 0 Posted November 15, 2023 Share Posted November 15, 2023 Hi, We recently (just after performing an apt update/upgrade) started having a very similar issue on Ubuntu 22.04.3 but with the Virtualmin/Webmin product. It was working fine before the last apt upgrade, so I'm not sure which particular package update broke it. Some features in the product no longer work and it's logging a large amount of connection attempts from localhost to localhost, with ever increasing port numbers. Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted November 15, 2023 Administrators Share Posted November 15, 2023 14 minutes ago, Jimmi said: Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution? Did it use to work with WAP enabled or you have upgraded to v10 with WAP just recently? Anyways, please raise a support ticket for further investigation of the issue. You might want to temporarily disable WAP via a policy from ESET PROTECT. Link to comment Share on other sites More sharing options...
Samuel Lourenco 0 Posted December 7, 2023 Share Posted December 7, 2023 Hi, How can I add localhost IP (127.0.0.1) to exclude from web access protection? I did this, but I'm still getting local ports blocked - Ubuntu 22.04. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 7, 2023 Administrators Share Posted December 7, 2023 5 minutes ago, Samuel Lourenco said: How can I add localhost IP (127.0.0.1) to exclude from web access protection? I did this, but I'm still getting local ports blocked - Ubuntu 22.04. What issue are you trying to solve? Link to comment Share on other sites More sharing options...
Samuel Lourenco 0 Posted December 7, 2023 Share Posted December 7, 2023 Hi Marcos, I've encountered an issue where Web Access Protection (WAP) is blocking local ports (for example: 127.0.0.1:3001). Disabling WAP allows the local service to function correctly. I'm currently exploring ways to maintain WAP functionality without blocking local ports on Ubuntu 22.04. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 7, 2023 Administrators Share Posted December 7, 2023 If IPv6 is used, you'd need to exclude ::1 as well. Should the problem persist, please raise a support ticket. Samuel Lourenco 1 Link to comment Share on other sites More sharing options...
Samuel Lourenco 0 Posted December 7, 2023 Share Posted December 7, 2023 Thank you, Marcos! It's working fine now after excluding the IPv6 address ::1. Link to comment Share on other sites More sharing options...
Jimmi 0 Posted December 11, 2023 Share Posted December 11, 2023 On 11/15/2023 at 12:06 PM, Marcos said: Did it use to work with WAP enabled or you have upgraded to v10 with WAP just recently? Anyways, please raise a support ticket for further investigation of the issue. You might want to temporarily disable WAP via a policy from ESET PROTECT. We have been using v10 with WAP for quite some time. It only stopped working recently when we did the normal rounds of system package updates (apt). Link to comment Share on other sites More sharing options...
Recommended Posts