KLC_IT 0 Posted November 27 Posted November 27 Hello, with our Eset Protect, nothing is displayed in the dashboard under firewall events, but if you switch to the clients and servers via Remote Desktop, you are practically flooded with Firewall Events. Is there anyone here with the same phenomenon or with a possible solution to the problem? We currently mainly have the problem that Eset starts randomly blocking services in the firewall, especially on the servers, and you only see the cause when you connect to the server and Check blocked communication Quote
Administrators Marcos 5,468 Posted November 27 Administrators Posted November 27 Please provide logs collected with ESET Log Collector from the machine where the firewall events were generated. It could be that you have diagnostic logging enabled but diagnostic logs are not transferred to ESET PROTECT. Quote
KLC_IT 0 Posted November 27 Author Posted November 27 The Log Collector is unable to generate a log because of the Reason Archive to big Quote
Administrators Marcos 5,468 Posted November 27 Administrators Posted November 27 You could try to lower the age limit, e.g. to 7 or less: Quote
KLC_IT 0 Posted November 28 Author Posted November 28 Seems like that worked. Attached is the Output of the Log Collection. efsw_logs.zip Quote
Administrators Marcos 5,468 Posted November 28 Administrators Posted November 28 I didn't find anything unusual in the provided logs. The Network protection log was empty. Nevertheless, I would recommend the following: 1, Enabling detection of potentially unsafe applications to detect vulnerable drivers and applications that might be misused by adversaries. 2, Enabling the LiveGrid feedback system for maximum protection against threats. 3, Checking if the LiveGrid reputation system works by downloading the CloudCar test file from http://amtso.eicar.org/cloudcar.exe. It must be detected as Suspicious object upon download if it works. Quote
KLC_IT 0 Posted November 29 Author Posted November 29 Hello Marcos, The Detection of potentially unsafe application was already active and the LiveGrid reputation was also already active. I made some tweaks by applying some of the Basic Policies alongside the new Firewall policy. Hopefully that fixes at least some of the Problems. But do you know any Reason why the Eset Dashboard of Firewall events is empty at all. We use Eset for a rather long time, but the Firewall Dashboard has never been Populated with any Events or anything at all Quote
Administrators Marcos 5,468 Posted November 29 Administrators Posted November 29 1 hour ago, KLC_IT said: But do you know any Reason why the Eset Dashboard of Firewall events is empty at all. We use Eset for a rather long time, but the Firewall Dashboard has never been Populated with any Events or anything at all I would need to get logs from a machine where some firewall events were generated. The logs you've provided were from a machine where the Network protection log (C:\ProgramData\ESET\ESET Security\Logs\epfwlog.dat) was empty on the client. You would probably see more in diagnostic logs after temporarily enabling diagnostic logging in client details: Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.