unexpected data in protocol

Discussion in 'ESET Smart Security' started by scottjrob, May 29, 2009.

Thread Status:
Not open for further replies.
  1. scottjrob

    scottjrob Registered Member

    Joined:
    May 29, 2009
    Posts:
    1
    70-80 of our 100 clients show "Detected unexpected data in protocol" in the Last Firewall Alert. Recently we updated to Remote Admin 3.1.11, but I'm not sure if the alert started due to the update.

    The firewall log states the source IP is the IP of our PBX. I'd exclude that IP if possible, but I don't see where to do it. I've used the configuration editor to uncheck the box for "Application protocol content filtering: Yes."

    We are working with our phone vendor to fix the root of the problem, and not just tell Eset to stop logging it, but I do not know how soon we'll find an answer. I have a feeling the firewall logs are quickly filling up, but I do not know where to look to be sure.

    Thank you, -scott
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,031
    Location:
    California
    Hello,

    A technical support engineer will probably need to examine a packet capture to determine what part of the payload is generating this error.

    You can capture the flagged packets by following the instructions in ESET knowledgebase article #742, "How to activate special logging of the Personal firewall" and and mail it to support@eset.sk along with a link to this message thread so it can be analyzed by one of ESET's support engineers.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.