[KB8745] Issues with sudden TCP port scanning attack detections in ESET Server Security for Windows Server and ESET Security for Microsoft SharePoint

Issue

  • You experience a higher number of false positive detections "TCP port scanning attack" from IDS modules in ESET Server Security for Windows Server and ESET Security for Microsoft SharePoint 

Solution

To mitigate these detections in internal network we recommend to create IDS exceptions.

To create a new IDS exception: 

  1. Open the ESET Server Security Advanced setup available by right-clicking the system tray (Windows notification area) icon . Select Network acess protection from the main menu, then expand Network attack protection section, click Edit next to IDS rules.

    Figure 1-1

  2. In the IDS rules window, click Add.

    Figure 1-2

  3. Add IDS rule window will open. From the Detection drop-down menu select TCP port scanning attack. From the Direction drop-down menu  select Both.

  4. Specify a list of IP addresses (IPv4 or IPv6) or subnets. For multiple entries use comma as a delimiter. 

    IP address range:

    Please consider right IP range for your local network, for example: 192.168.0.0/24, 10.0.0.0/16, 172.16.0.0/12 or for IPv6: FD00::/7.

  5. Configure Action for IDS exception by selecting No. Do this for each Action type (Block, Notify, Log).

    Figure 1-3

 

This article applies to
Product
OS
Issue
Last Updated: Mar 3, 2025

Additional resources

User Guides

ESET Forum

YouTube videos

Support News Customer Advisories ESET Status Portal Contact ESET Technical Support

Existing customer?

Chat with ESET AI Advisor for support