Issue
- List of ESET products that can protect your system or network
- List of ESET products verified to be safe from Log4j 2 vulnerability
Details
Click to expand
On December 10th, 2021, ESET began researching a vulnerability in the Log4j 2 utility (CVE-2021-44228). This vulnerability may allow an attacker to execute code remotely.
For more information about the vulnerability, read our WeLiveSecurity article.
ESET engineering teams are working around the clock to identify, patch and protect any potentially vulnerable systems. At present, we are not aware of any data exfiltration.
- Mitigation steps: Follow the instructions in the WeLiveSecurity article Log4Shell vulnerability: What we know so far.
- ESET Secure Authentication On-Prem (ESA) users: Upgrade to ESA On-Prem version 3.0.40 or later or manually update your Elasticsearch instance.
- ESET Enterprise Inspector (EEI) users: Add detection rules in EEI to detect Log4j 2.
Solution
List of ESET products that can protect your system or network
As of December 11th, 2021, the Network Attack Protection feature in ESET security products on Windows was updated to detect exploits of the vulnerability. ESET has been blocking attempted attacks from 14:24 CET the same day.
The following ESET products are able to detect and block a potential attack on your system or network. If you are using an earlier version of ESET security product, we recommend that you upgrade your ESET product to the latest version.
- Business products: ESET Endpoint Antivirus, ESET Endpoint Security and all ESET Server Security products version 7.0 and later.
- Consumer products: ESET Internet Security, ESET Smart Security and ESET Smart Security Premium version 6.0 and later.
List of ESET products verified to be safe from Log4j 2 vulnerability
As of December 15th, 2021, ESET products listed below have been verified and confirmed not to be affected by the Log4j 2 vulnerability. That means the following products cannot be exploited to execute code remotely.
On-premises products
-
- The third-party Microsoft SQL Server package distributed in the All-in-one installer is also safe from the Log4j 2 vulnerability.
ESET Remote Administrator
ESET Enterprise Inspector
ESET NOD32 Antivirus/Internet Security/Smart Security Premium for Windows
ESET Endpoint Antivirus/Endpoint Security for Windows
ESET Server Security for Microsoft Windows Server (former ESET File Security for Microsoft Windows Server)
ESET Security for Microsoft SharePoint Server
ESET Mail Security for Exchange
ESET Mail Security for IBM Domino (former ESET Mail Security for IBM Lotus Domino)
ESET Mobile Security for Android
ESET Parental Control for Android
ESET HOME - Mobile Apps
ESET Server Security for Linux (former ESET File Security for Linux)
ESET Security for Kerio
ESET Endpoint Antivirus for Linux
ESET Virtualization Security for VMware NSX
ESET Mail/File/Gateway Security for Linux/BSD v4.5
ESET NOD32 Antivirus for Linux v4 (Home and Business Edition)
ESET Endpoint Antivirus/Endpoint Security for macOS
ESET Cyber Security/Cyber Security Pro
DEM for ConnectWise Automate
DEM for (Solarwinds) N-able
DEM for (Solarwinds) RMM
DEM for NinjaOne
DEM for Datto
PSA Plugins
Cloud products
ESET PROTECT
ESET Enterprise Inspector Cloud
ESET Cloud Office Security
RMM for Kaseya
ESET Secure Authentication
Encryption products
ESET Endpoint Encryption
ESET Endpoint Encryption for macOS
ESET Endpoint Encryption Server
ESET Full Disk Encryption
ESET Full Disk Encryption for macOS
Portals
ESET PROTECT Hub
ESET Business Account
ESET MSP Administrator
ESET HOME
Tools/Other
ESET Shared Local Cache
Rogue Detection Sensor
Remote Deployment Tool