Jump to content

Windows server 2022 Eset IDS EsetIpBlacklist.B multiple events


Recommended Posts

We noticed dozent of events every daily, majority are EsetIpBlacklist.B some are EsetIpBlacklist.A. Port 443 needs to be open, using WS2022 patched up2date, with ESET Server Security 11.0.12012.0 and ESET Management Agent 11.4.1107.0. How to solve this issue? Logs are getting filled only with this server reports.
Thank you.
 
Process name
System
Rule name
 
Rule ID
 
Hash
 
Source address
172.169.206.50
Source port
36730
Target address
192.168.2.106
Target port
443
Inbound Communication
yes
Protocol
TCP
Action
Blocked
User
 
Occurrences per minute
1

eset_report.png

Link to comment
Share on other sites

Yes IIS i running basic web server, only 443 is opened for https, nothing else. Should i ignore this?

 

Link to comment
Share on other sites

  • Administrators

I assume you could avoid logging these attacks by creating 2 IDS exceptions, one for EsetIpBlacklist.A and the other for EsetIpBlacklist.B detection that would have logging disabled:

image.png

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...