- Jul 26, 2015
- 263
Hello at all,
after re-imaging my PC back from another AV Product setup. I have just noticed an od behavior with the ESET Firewall.
The Window showed (Firewall Interactive Mode) for Allowing or Denying the connection but with no Process name and an odd destination IP.
So to be safe scanned the shizm out of my PC (HitmanPRO, Malwarebytes MBAM/MBAR, Kaspersky) just to find out that Kaspersky Virus Remover does not like the ESET Scan drivers. False Positive: HEUR:Trojan.Win32.Prikormka.gen
Now still that did not solve my issue... So I went Old-school with Process Explorer and TCPView just to hit myself on the head?! TCP Port 3260 is the Default Port for iSCSI. The Process ID the ESET Firewall triggered was PID 4 also known as System Process for NT-Authority\System
Then I looked at the iSCSI Initiator and found the troublemaker. An old Address to an old Storage of mine!
To what point did I want to report this, is that the Firewall Window will not show that the iSCSI Initiator is the Trigger of the Message and you have to know were to look.
Here are some screenshots and that behavior can be reconstructed.
Best regards
Val.
after re-imaging my PC back from another AV Product setup. I have just noticed an od behavior with the ESET Firewall.
The Window showed (Firewall Interactive Mode) for Allowing or Denying the connection but with no Process name and an odd destination IP.
So to be safe scanned the shizm out of my PC (HitmanPRO, Malwarebytes MBAM/MBAR, Kaspersky) just to find out that Kaspersky Virus Remover does not like the ESET Scan drivers. False Positive: HEUR:Trojan.Win32.Prikormka.gen
Now still that did not solve my issue... So I went Old-school with Process Explorer and TCPView just to hit myself on the head?! TCP Port 3260 is the Default Port for iSCSI. The Process ID the ESET Firewall triggered was PID 4 also known as System Process for NT-Authority\System
Then I looked at the iSCSI Initiator and found the troublemaker. An old Address to an old Storage of mine!
To what point did I want to report this, is that the Firewall Window will not show that the iSCSI Initiator is the Trigger of the Message and you have to know were to look.
Here are some screenshots and that behavior can be reconstructed.
Best regards
Val.
