Jump to content

ESET Server Security interferes with internal communication of Payara 5 on Ubuntu Server


Go to solution Solved by Marcos,

Recommended Posts

Hello everyone,


we are using ESET Server Security Version 10.1.176.0 on an Ubuntu 22.04.3 Server which has Payara 5.2022.5 installed.
If we try to start our Payara domains while ESET Server Security is running we geht the following java errors which repeat with varying outgoing ports until a timeout of Payara:

payrara_error.thumb.png.2280253ec15d95a9555858594c2ab3f8.png

With deactivated ESET Server Security the domains start without a problem and we could determine that the tcp connection ist established and used once via the loopback interface.

So we determined that ESET Server Security is somehow blocking the internal communication of Payara and consequently causing  a timeout for Payara after Payara tried to establish the connection via different ports.

What we don't understand is how and why ESET Server Security blocks this communication and how we prevent it from doing so. We couldn't find any detections in ESET Protect oder ESET logs on the Ubuntu server that provide any insight into what is happening.

Help and insight would be much appreciated.

Link to comment
Share on other sites

How do we disable the Web access protection for ESET Server Security for Linux via ESET Protect? I can't find an option to do that in the policy settings for ESET Server Security. I see the option only for ESET Endpoint for Linux.

Link to comment
Share on other sites

Hello,

The matter is different, but also related to version 10.1.176.0.

Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation?

Link to comment
Share on other sites

  • Administrators
12 hours ago, UserBP said:

Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation?

This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue.

Link to comment
Share on other sites

On 11/4/2023 at 9:56 AM, Marcos said:

This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue.

Thank you. I wrote to technical support. After analysis, I found that the problem occurs when the Web access protection function is activated and ConfigServer Security and Firewall is enabled at the same time.

Link to comment
Share on other sites

Thanks to your help I was able to deactivate the web access protection. Without the web access protection the communication wasn't disabled anymore. As a long-term solution I assigned a policy that excludes the server's own IP from the web access protection. Thank you for your help

Link to comment
Share on other sites

Hi,

We recently (just after performing an apt update/upgrade) started having a very similar issue on Ubuntu 22.04.3 but with the Virtualmin/Webmin product. It was working fine before the last apt upgrade, so I'm not sure which particular package update broke it. Some features in the product no longer work and it's logging a large amount of connection attempts from localhost to localhost, with ever increasing port numbers.

Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution?

Link to comment
Share on other sites

  • Administrators
14 minutes ago, Jimmi said:

Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution?

Did it use to work with WAP enabled or you have upgraded to v10 with WAP just recently? Anyways, please raise a support ticket for further investigation of the issue. You might want to temporarily disable WAP via a policy from ESET PROTECT.

Link to comment
Share on other sites

  • 4 weeks later...
  • Administrators
5 minutes ago, Samuel Lourenco said:

How can I add localhost IP (127.0.0.1) to exclude from web access protection? I did this, but I'm still getting local ports blocked - Ubuntu 22.04.

What issue are you trying to solve?

Link to comment
Share on other sites

Hi Marcos,

I've encountered an issue where Web Access Protection (WAP) is blocking local ports (for example: 127.0.0.1:3001). Disabling WAP allows the local service to function correctly. I'm currently exploring ways to maintain WAP functionality without blocking local ports on Ubuntu 22.04.

Link to comment
Share on other sites

On 11/15/2023 at 12:06 PM, Marcos said:

Did it use to work with WAP enabled or you have upgraded to v10 with WAP just recently? Anyways, please raise a support ticket for further investigation of the issue. You might want to temporarily disable WAP via a policy from ESET PROTECT.

We have been using v10 with WAP for quite some time. It only stopped working recently when we did the normal rounds of system package updates (apt).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...