Jump to content

Recommended Posts

Posted

Hello, with our Eset Protect, nothing is displayed in the dashboard under firewall events, but if you switch to the clients and servers via Remote Desktop, you are practically flooded with Firewall Events.

Is there anyone here with the same phenomenon or with a possible solution to the problem?

We currently mainly have the problem that Eset starts randomly blocking services in the firewall, especially on the servers, and you only see the cause when you connect to the server and Check blocked communication

  • Administrators
Posted

Please provide logs collected with ESET Log Collector from the machine where the firewall events were generated. It could be that you have diagnostic logging enabled but diagnostic logs are not transferred to ESET PROTECT.

Posted

The Log Collector is unable to generate a log because of the Reason Archive to big

  • Administrators
Posted

You could try to lower the age limit, e.g. to 7 or less:
image.png

  • Administrators
Posted

I didn't find anything unusual in the provided logs. The Network protection log was empty.

Nevertheless, I would recommend the following:
1, Enabling detection of potentially unsafe applications to detect vulnerable drivers and applications that might be misused by adversaries.

2, Enabling the LiveGrid feedback system for maximum protection against threats.

3, Checking if the LiveGrid reputation system works by downloading the CloudCar test file from http://amtso.eicar.org/cloudcar.exe. It must be detected as Suspicious object upon download if it works.

 

Posted

Hello Marcos,

The Detection of potentially unsafe application was already active and the LiveGrid reputation was also already active.
I made some tweaks by applying some of the Basic Policies alongside the new Firewall policy.

Hopefully that fixes at least some of the Problems.

But do you know any Reason why the Eset Dashboard of Firewall events is empty at all. 
We use Eset for a rather long time, but the Firewall Dashboard has never been Populated with any Events or anything at all

  • Administrators
Posted
1 hour ago, KLC_IT said:

But do you know any Reason why the Eset Dashboard of Firewall events is empty at all. 
We use Eset for a rather long time, but the Firewall Dashboard has never been Populated with any Events or anything at all

I would need to get logs from a machine where some firewall events were generated. The logs you've provided were from a machine where the Network protection log (C:\ProgramData\ESET\ESET Security\Logs\epfwlog.dat) was empty on the client.

You would probably see more in diagnostic logs after temporarily enabling diagnostic logging in client details:

image.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...