ESET Server Security interferes with internal communication of Payara 5 on Ubuntu Server

[JanSeemann 0]

Hello everyone,

we are using ESET Server Security Version 10.1.176.0 on an Ubuntu 22.04.3 Server which has Payara 5.2022.5 installed.
If we try to start our Payara domains while ESET Server Security is running we geht the following java errors which repeat with varying outgoing ports until a timeout of Payara:

With deactivated ESET Server Security the domains start without a problem and we could determine that the tcp connection ist established and used once via the loopback interface.

So we determined that ESET Server Security is somehow blocking the internal communication of Payara and consequently causing  a timeout for Payara after Payara tried to establish the connection via different ports.

What we don't understand is how and why ESET Server Security blocks this communication and how we prevent it from doing so. We couldn't find any detections in ESET Protect oder ESET logs on the Ubuntu server that provide any insight into what is happening.

Help and insight would be much appreciated.

[Marcos 4,935]

Does temporarily disabling Web access protection make a difference? Please raise a support for help with further investigation of the issue.

[JanSeemann 0]

How do we disable the Web access protection for ESET Server Security for Linux via ESET Protect? I can't find an option to do that in the policy settings for ESET Server Security. I see the option only for ESET Endpoint for Linux.

[Marcos 4,935]

It can be disabled via a policy. If you are not seeing these settings, please post a screenshot of installed modules (Help -> About):

[UserBP 0]

Hello,

The matter is different, but also related to version 10.1.176.0.

Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation?

[Marcos 4,935]

12 hours ago, UserBP said:

Today I updated Eset Server Security for Linux to version 10.1.176.0 and I must say that the "Web Access Protection" option blocks network traffic. Unable to check and download system updates on Ubuntu 20.04 and 22.04. I also noticed that unless I turn off the above option, even Eset itself does not have access to the update and licensing servers because there is information about it in the logs. Has anyone encountered the above situation?

This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue.

[UserBP 0]

On 11/4/2023 at 9:56 AM, Marcos said:

This is not normal since Ubuntu LTS versions are supported and Endpoint was tested on them with Web access protection. Please raise a support ticket for further troubleshooting of the issue.

Thank you. I wrote to technical support. After analysis, I found that the problem occurs when the Web access protection function is activated and ConfigServer Security and Firewall is enabled at the same time.

[JanSeemann 0]

Thanks to your help I was able to deactivate the web access protection. Without the web access protection the communication wasn't disabled anymore. As a long-term solution I assigned a policy that excludes the server's own IP from the web access protection. Thank you for your help

[Jimmi 0]

Hi,

We recently (just after performing an apt update/upgrade) started having a very similar issue on Ubuntu 22.04.3 but with the Virtualmin/Webmin product. It was working fine before the last apt upgrade, so I'm not sure which particular package update broke it. Some features in the product no longer work and it's logging a large amount of connection attempts from localhost to localhost, with ever increasing port numbers.

Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution?

[Marcos 4,935]

14 minutes ago, Jimmi said:

Is there any reason why WAP is suddenly blocking internal connections, and is excluding 127.0.0.1 safe as a long-term solution?

Did it use to work with WAP enabled or you have upgraded to v10 with WAP just recently? Anyways, please raise a support ticket for further investigation of the issue. You might want to temporarily disable WAP via a policy from ESET PROTECT.

[Samuel Lourenco 0]

Hi,

How can I add localhost IP (127.0.0.1) to exclude from web access protection? I did this, but I'm still getting local ports blocked - Ubuntu 22.04.

[Marcos 4,935]

5 minutes ago, Samuel Lourenco said:

How can I add localhost IP (127.0.0.1) to exclude from web access protection? I did this, but I'm still getting local ports blocked - Ubuntu 22.04.

What issue are you trying to solve?

[Samuel Lourenco 0]

Hi Marcos,

I've encountered an issue where Web Access Protection (WAP) is blocking local ports (for example: 127.0.0.1:3001). Disabling WAP allows the local service to function correctly. I'm currently exploring ways to maintain WAP functionality without blocking local ports on Ubuntu 22.04.

[Marcos 4,935]

If IPv6 is used, you'd need to exclude ::1 as well. Should the problem persist, please raise a support ticket.

[Samuel Lourenco 0]

Thank you, Marcos!

It's working fine now after excluding the IPv6 address ::1.