[KB8745] False positive TCP port scanning attack detections in ESET Server Security for Windows Server and ESET Security for Microsoft SharePoint

Issue

  • You receive false positive detections "TCP port scanning attack" from network protection in ESET Server Security for Windows Server and ESET Security for Microsoft SharePoint Server

Solution

To mitigate these detections in internal network, create IDS exceptions:

  1. Open the main program window of your ESET Windows application.

  2. Press the F5 key to open Advanced setup.

  3. Click Device protectionsNetwork access protection, expand Network attack protection, and click Edit next to IDS rules.

  4. Click Add.

  5. From the Detection drop-down menu, select TCP Port Scanning attack, and in the Remote IP address field, specify a list of IP addresses (IPv4 or IPv6) or subnets. For multiple entries use comma as a delimiter. Select No from the Block, Notify, and Log drop-down menu and click OK.

    IP address range:

    Ensure you entered the right IP range for your local network, for example: 192.168.0.0/24, 10.0.0.0/16, 172.16.0.0/12 or for IPv6: FD00::/7.

  6. Click OKOK.