Shafiq 0 Posted February 26, 2017 Posted February 26, 2017 Hi, Is there any option to block malware executing using Hash value in ESET? For example if I found Hash value of malware on virus total and I want to block that malware getting executing in our environment.
Administrators Marcos 5,741 Posted February 26, 2017 Administrators Posted February 26, 2017 This will be possible with ESET Enterprise Inspector which should become available for beta testing later this year.
bbahes 29 Posted February 27, 2017 Posted February 27, 2017 16 hours ago, Marcos said: This will be possible with ESET Enterprise Inspector which should become available for beta testing later this year. Is this separate product or feature that will be integrated in ERA+EEA/EES ?
Administrators Marcos 5,741 Posted February 27, 2017 Administrators Posted February 27, 2017 18 minutes ago, bbahes said: Is this separate product or feature that will be integrated in ERA+EEA/EES ? It's a separate product. Support for EEI will be first added in Endpoint v6.5 and ERA v6.5.
bbahes 29 Posted February 27, 2017 Posted February 27, 2017 1 minute ago, Marcos said: It's a separate product. Support for EEI will be first added in Endpoint v6.5 and ERA v6.5. Something like Sysinspector?
Administrators Marcos 5,741 Posted February 27, 2017 Administrators Posted February 27, 2017 9 minutes ago, bbahes said: Something like Sysinspector? It will be more than that For instance, you will be able to choose from dozens of behavioral rules pre-generated by ESET malware researchers and get alerted if any of the rules are hit on clients. This will also be reported to ERA.
bbahes 29 Posted February 27, 2017 Posted February 27, 2017 So more like HIPS...I'm trying to understand where product fits Do you have any documentation ready?
ESET Staff MichalJ 434 Posted February 27, 2017 ESET Staff Posted February 27, 2017 The product is EDR - Endpoint Detection and Response. Events will be reported to a dedicated server, which will then perform analysis, and report events back to ERA. There will be a "drill-down" to the EEI console, where you will be able to perform forensics investigation, and apply various filters to identify suspicious processes / executables. As of now, we do not have any public-facing documentation. Only a high.level "teaser" leaflet.
bbahes 29 Posted February 27, 2017 Posted February 27, 2017 (edited) 29 minutes ago, MichalJ said: The product is EDR - Endpoint Detection and Response. Events will be reported to a dedicated server, which will then perform analysis, and report events back to ERA. There will be a "drill-down" to the EEI console, where you will be able to perform forensics investigation, and apply various filters to identify suspicious processes / executables. As of now, we do not have any public-facing documentation. Only a high.level "teaser" leaflet. Will it have linux virtual appliance deployment option? Would love to hear some licensing options if possible I ask because we have been approached by company that offers similar thing but if you have this ready soon I will have to test it and talk with managers to hold purchase for this 3rd party product. I will send you PM who is this 3rd party vendor I'd like to hear your comment. Edited February 27, 2017 by bbahes
Recommended Posts