Jump to content

INDUS_MH

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by INDUS_MH

  1. Hello @Marcos

    I added the HIPS rules from KB6119 and noticed afterward that the powershell can not even be opened, as it always tries to open conhost.exe with it. I set the disallowed child processes from all to just the scripting executables.

    Maybe the KB6119 needs a small update?

    Also do you know if Eset intends to add additional HIPS rules to the KB or plans to implement the functionality out of the box?

     

    Kind regards

    Martin

  2. Description: Add preconfigured rules for HIPS / Exploit Blocker

    Detail:  Eset does not have alternatives to the full set of rules from Microsoft Defenter Attack Surface Reduction (hxxps://docs.microsoft.com/de-de/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction) but has a KB for adding HIPS Rules for some exploits (KB6119).

    Request: My suggestion is to take the rules form KB6119, add the missing features from Attack Surface Reduction and add them as preconfigured options to HIPS or Exploit Guard.

  3. Description: Task trigger for x amount of time after joining dynamic group
    Detail: Currently a task can be executed immediately when the computer joins a dynamic group or periodically ever x amount of time. I'd like to request an additional trigger to start the task a few iminutes after the computer joins the dynamic group so that it has enough time to check additional tasks e.g scan installed software.

    We are trying to implement the following procedure to install Endpoint Security: Install Agent -> Computer joins dynamic Group (Windows Desktops) -> Agent scans installed programs to check for conflicting software (other AV software), if conflicting software is found the computer is assigned to a different dynamic group -> if no conflicting software is found Endpoint Security gets installed. 

    The problem I encounter is that when choosing to execute the install task when joining the dynamic group it gets installed before the scan for conflicting software is completed. When I set the trigger to every 30 minutes and a computer joins shortly before the time is up the same happens.

     

×
×
  • Create New...