70-80 of our 100 clients show "Detected unexpected data in protocol" in the Last Firewall Alert. Recently we updated to Remote Admin 3.1.11, but I'm not sure if the alert started due to the update.

The firewall log states the source IP is the IP of our PBX. I'd exclude that IP if possible, but I don't see where to do it. I've used the configuration editor to uncheck the box for "Application protocol content filtering: Yes."

We are working with our phone vendor to fix the root of the problem, and not just tell Eset to stop logging it, but I do not know how soon we'll find an answer. I have a feeling the firewall logs are quickly filling up, but I do not know where to look to be sure.

Thank you, -scott

Hello,

A technical support engineer will probably need to examine a packet capture to determine what part of the payload is generating this error.

You can capture the flagged packets by following the instructions in ESET knowledgebase article #742, "How to activate special logging of the Personal firewall (http://kb.eset.com/esetkb/index?page=content&id=SOLN742)" and and mail it to support@eset.sk (support@eset.sk) along with a link to this message thread so it can be analyzed by one of ESET's support engineers.

Regards,

Aryeh Goretsky