Jump to content

Quarantining All Threats


Staj

Recommended Posts

We would like to start quarantining all detected threats regardless of where they originated (filesystem, web, email etc.). We keep getting into situations where ESET is able to block sophisticated threats through heuristics but then we have no samples to send off for forensic analysis (internally or otherwise because it's been 'cleaned'.

Is this possible in versions 5 and/or 6? A Threat entry in a log just doesn't cut it these days.

Edited by Staj
Link to comment
Share on other sites

  • ESET Staff

Hello Staj, what tools / products / services, are you using for the forensic analysis? And what is the desired output of such? 

As of now, setting like you want is not possible within Endpoint products. If you set it to "NO Cleaning" it will display an interactive window, that will ask user for action, which might not be what you want. It is not possible to configure "action to take, when cleaning not possible / done" like in case of Mail Security products (for processed mails). 

So to understand you, even when the file has been cleaned / deleted, you still expect the option to put a "copy" of the file, to the quarantine, right? 

Link to comment
Share on other sites

15 minutes ago, MichalJ said:

So to understand you, even when the file has been cleaned / deleted, you still expect the option to put a "copy" of the file, to the quarantine, right? 

We'd like to, yes.

Link to comment
Share on other sites

  • 6 months later...

It's my understanding a Feature Request was added for this, has there been any movement on this?

The lack of this feature has hampered yet another one of our investigations. The inability to obtain and quarantine forensic samples of non-filesystem objects hampers our ability to cooperate with government CERT organisations when investigating attacks that ESET Endpoint does manage to detect.

Edited by Staj
clarification
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...