tmuster2k 22 Posted May 2, 2018 Share Posted May 2, 2018 working with customer who notices ESET detection of the IBM BIG FIX agent called "BESClient.exe". According to screenshot of the logs which you can view here >> https://eset.sharefile.com/d-s891c2ae71ee47c89 it appears that this agent is trying to do something with ESET or do some kind of reporting on ESET and send back to their console. ESET is just reporting that SELF Defense blocked this type of communication which is what SELF defense should do. Customer understands this but wants to know if there is a way to not have ESET not log anything to do with BESclient.exe regarding HIPS? Real time exclusions were set per >> https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/Real+Time+AV+Exclusions but I do not see anything here regarding HIPS and eset HIPS is not interfering with IBM big fix program and its working fine. any suggestions? TY. Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 2, 2018 Share Posted May 2, 2018 Adding IBM suggested realtime AV exclusions to Eset won't help in regards to Eset's self-defense protection. Eset will just ignore them in this context. As I see it, exceptions for Eset's processes, directories, and reg. keys need to be added to IBM Big Fix to stop it from accessing those areas. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted May 2, 2018 Author Share Posted May 2, 2018 Thanks, itman. That makes a lot of sense based on the detection in logs. Link to comment Share on other sites More sharing options...
Recommended Posts