bblair

@j91321 Right, and that's what I'm trying to accomplish is make an exclusion for it, but since it's a generic system one, I didn't want to cast too wide of a net with that exclusion, but from what it sounds like you're saying as that I can make the system.exe process the exclusion safely? Again, apologies for the very basic questions, still trying to figure this out as I go.

Just checking in as I haven't heard anything back on this. Happy to make an exclusion for the process "system" but won't that be too wide of a blanket exclusion?

So this is one of the about 620 instances of it. I made one for nmap before as you described through the wizard, however this one is for "system" which sounded too generic as I didn't want to risk excluding actual malicious behaviors. Unless that's not how this is treated, in which case feel free to correct me.

That's the crux of what I'm trying to do. I've read through the ESET documentation support sent me, but it's still not really clear to me how to set up an exception for a specific process. Especially since the detection doesn't mention anything specific to the scanner.

Hi, we recently started utilizing the ESET Inspect module for a number of clients and I've been tasked with learning/managing most of our Security, despite me being a bit in over my head. Currently we are getting a large amount of detections in the EI dashboard for Protocol Mismatch - detected RDP communication over non-standard port [E0517]. I've confirmed they're coming from the internal IP address of our vulnerability scanner and even double checked it against our vulnerability scanner vendor to confirm if these were from their tool, which it is. So my next job is seeing how to reduce these detections as they are known authorized events. I've made exclusions in the Security Product's IDS in the policy which appears to be functioning, but this doesn't seem to spill over to the Inspect module. Whenever I try and make the exclusion however, there doesn't seem to be enough identifying data from the event to create an exclusion (no parent process, no hash, no unique process or service), and I want to be careful not to make the exclusion too wide that actual port scanning that's malicious can get through because of this rule. Any help for this green security analyst would be greatly appreciated. Thanks.

Good afternoon. Our ESET Inspect Cloud instance has been giving us an error whenever we try to navigate to the dashboard or anywhere else in Inspect Cloud that "Your ESET INSPECT Cloud is under maintenance". This has been ongoing for a few days now. I've tried clearing cached data and different browsers, but the error persists.