DeltaSM 0 Posted November 28, 2017 Share Posted November 28, 2017 Hello, We just purchased ESET Endpoint Antivirus (not the Security edition) for our company needs. After configuring policies for the endpoint, I have some doubts about the features that are integrated with the simple Antivirus version. Indeed, in the policy, there are configurations for firewall, botnet protection, Web Control, etc (see attached pictures). I just read this KB: https://support.eset.com/kb3612/?locale=en_US After reading, it seems that we have (and don't have) these options with our license: - We have: Network Attack Protection, Email client protection, Web Access Protection, Anti-Phisinh Protection (and also Device Control). - We don't have: Firewall, Botnet Protection, Web Control. Can you confirm this? Kind Regards, DeltaSM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 28, 2017 Administrators Share Posted November 28, 2017 That is correct. ESET Endpoint Antivirus (EEA) also has a limited functionality of the Network protection module which uses network signatures to stop malicious communication at the network level. In EEA it's restricted to supported application protocols HTTP(S), POP3(S) and IMAP(S) because EEA doesn't contain the firewall. As a result, EEA could not protect against exploiting vulnerabilities in network protocols, such as SMB1 which was exploited by WannaCry to spread over LAN to unpatched systems. Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted November 29, 2017 Author Share Posted November 29, 2017 Hello Marcos, First of all, thanks for your answer. When you talk about Network Protection, you mean Network attack protection (IDS)? About WannaCry and ransomware, I think that a new module, am I right? Regards, DeltaSM Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 30, 2017 Administrators Share Posted November 30, 2017 18 hours ago, DeltaSM said: When you talk about Network Protection, you mean Network attack protection (IDS)? About WannaCry and ransomware, I think that a new module, am I right? No, IDS is another kind of protection which doesn't use network signatures to recognize specific attacks. Older products, such as Endpoint Security v5, contained IDS but did not have the Network protection module yet. Server and Endpoint Antivirus products will support full Network attack protection once they receive a limited firewall module next year. Link to comment Share on other sites More sharing options...
DeltaSM 0 Posted November 30, 2017 Author Share Posted November 30, 2017 Hello Marcos, Thanks for these information. Everything is ok in my mind. Link to comment Share on other sites More sharing options...
Recommended Posts