ichkriegediekriese 2 Posted October 25 Share Posted October 25 Hi, We have multiple Servers running and didnt have any issues for years. But this year, so recently, we had 3 times the same issue where ESET File security braks the virtual NIC and the whole connectivity. Its a HyperV setup and the guest wa either a Server 2019 oder 2022 with ESET FS installed, cirrent version. The serv is unresponsive from any LAN client, nor service is reachable and when I log into the host and access the VM the nic adapter has the "yellow exclamation mark". From within the VM there is no connectivity at all. When I remove eset and reboot all is good again. I see no no message in the ESET GUI if / what it is blocking - any ideas how to solve this? thx Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted October 25 Administrators Share Posted October 25 Do you have ESET Server Security with the firewall? If so, is the firewall enabled in the advanced setup? Are there any records of blocked connections in the Network protection log? If possible, please provide logs collected with ESET Log Collector. Quote Link to comment Share on other sites More sharing options...
ichkriegediekriese 2 Posted October 25 Author Share Posted October 25 56 minutes ago, Marcos said: Do you have ESET Server Security with the firewall? Yes - but the FW was disabled and the Windows FW was running. Windows FW also was not the issues as I disabled it. For the Log cocllector, do I need ESET runnig or will it collect log from deinstalled products also? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted October 25 Administrators Share Posted October 25 IDS detections are part of Network protection. The firewall is a separate protection feature. Were you unable to create an IDS exception for the port scan detection? Quote Link to comment Share on other sites More sharing options...
ichkriegediekriese 2 Posted October 26 Author Share Posted October 26 On 10/25/2024 at 2:17 PM, Marcos said: Were you unable to create an IDS exception for the port scan detection? IDS is on default setting for the servers. I did not see any notification for a port scan or attack as I usually see in ESMC when ESET picks up on smth - the whole VM was offline and did not even report to ESMC - hence I do believe it is a bug and not some sort of detection because if it was ESET would still communicate to ESCM. I will wait for the next event, I have reinstalled ESET on this VM. Where would I set IDS exception for port scan? - IDS -> rules? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,407 Posted October 26 Administrators Share Posted October 26 10 minutes ago, ichkriegediekriese said: Where would I set IDS exception for port scan? - IDS -> rules? Yes but you should see port scan attack detections in the Network protection in the first place, otherwise the IDS exception would not have any effect and the issue would not be related to port scan detection. Quote Link to comment Share on other sites More sharing options...
ichkriegediekriese 2 Posted October 26 Author Share Posted October 26 1 hour ago, Marcos said: Yes but you should see port scan attack detections in the Network protection in the first place, otherwise the IDS exception would not have any effect and the issue would not be related to port scan detection. Ok, yes that makes sense. As I said, I did not see any message in ESMC as the client did not communicate anymore and I did no see anything on the ESET GUI at the client, it showed "all good" but all connectivity was broken an that machine, no ping, no internet no nothing - ahppended 3 times so far. All machines Server 2019/22 and never a Windows 11 endpoint Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.