Jump to content

ESET Server FS kill NIC / connectivity


Recommended Posts

Hi,

We have multiple Servers running and didnt have any issues for years.
But this year, so recently, we had 3 times the same issue where ESET File security braks the virtual NIC and the whole connectivity.

Its a HyperV setup and the guest wa either a Server 2019 oder 2022 with ESET FS installed, cirrent version.
The serv is unresponsive from any LAN client, nor service is reachable and when I log into the host and access the VM the nic adapter has the "yellow exclamation mark".

From within the VM there is no connectivity at all. When I remove eset and reboot all is good again.

I see no no message in the ESET GUI if / what it is blocking - any ideas how to solve this?

 

thx

Link to comment
Share on other sites

  • Administrators

Do you have ESET Server Security with the firewall? If so, is the firewall enabled in the advanced setup? Are there any records of blocked connections in the Network protection log? If possible, please provide logs collected with ESET Log Collector.

Link to comment
Share on other sites

56 minutes ago, Marcos said:

Do you have ESET Server Security with the firewall?

Yes - but the FW was disabled and the Windows FW was running. Windows FW also was not the issues as I disabled it.

For the Log cocllector, do I need ESET runnig or will it collect log from deinstalled products also?

 

Link to comment
Share on other sites

  • Administrators

IDS detections are part of Network protection. The firewall is a separate protection feature.

Were you unable to create an IDS exception for the port scan detection?

Link to comment
Share on other sites

On 10/25/2024 at 2:17 PM, Marcos said:

Were you unable to create an IDS exception for the port scan detection?

IDS is on default setting for the servers. I did not see any notification for a port scan or attack as I usually see in ESMC when ESET picks up on smth - the whole VM was offline and did not even report to ESMC - hence I do believe it is a bug and not some sort of detection because if it was ESET would still communicate to ESCM.

I will wait for the next event, I have reinstalled ESET on this VM.

 

Where would I set IDS exception for port scan? - IDS -> rules?

Link to comment
Share on other sites

  • Administrators
10 minutes ago, ichkriegediekriese said:

Where would I set IDS exception for port scan? - IDS -> rules?

Yes but you should see port scan attack detections in the Network protection in the first place, otherwise the IDS exception would not have any effect and the issue would not be related to port scan detection.

Link to comment
Share on other sites

1 hour ago, Marcos said:

Yes but you should see port scan attack detections in the Network protection in the first place, otherwise the IDS exception would not have any effect and the issue would not be related to port scan detection.

Ok, yes that makes sense.

As I said, I did not see any message in ESMC as the client did not communicate anymore and I did no see anything on the ESET GUI at the client, it showed "all good" but all connectivity was broken an that machine, no ping, no internet no nothing - ahppended 3 times so far. All machines Server 2019/22 and never a Windows 11 endpoint

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...