Jump to content

Archived

This topic is now archived and is closed to further replies.

Karsten1

Security Alert after new Installation (HIPS and Anti Phishing)

Recommended Posts

HI,

I made a new Installation of ESET ERA 6.5 VA. Then i made a ESET FS Installation on 2 Windows 2016 Server from the default repository (6.5.12014.1). I assined the default policy with real time scan only.

Why do i get this messages in ERA and how can i get rid of them?

image.png.5592c9ecb898444151ee8edfefbb1035.png

 

yours 

Karsten

Share this post


Link to post
Share on other sites

1, Since you've deployed a new VA, why did you went with v6.5 and not with ESMC?
2, Make sure that HIPS is enabled in EFSW/Endpoint. Changing this setting will require a computer restart for it to take effect.
3, As for disabled anti-phishing, do you have web access protection, protocol filtering and anti-phishing enabled in EFSW/Endpoint?

I'd strongly suggest deploying ESMC and Endpoint v7 with default settings on clients for maximum protection.

Share this post


Link to post
Share on other sites

First You need to get of presentation mode (IMO it should be disabled by default). Check Your Policies for these products. You need to enable those modules. Last thing : is there reboot requirement ? If not, deal with policies first (presentation mode can be also disabled by a policy)

Share this post


Link to post
Share on other sites

As for presentation mode, it's possible to set a particular application status not to be reported to ERA/ESMC. As of v7 products, presentation mode doesn't change the protection status at all.

Share this post


Link to post
Share on other sites

The default policy "real time only" has HIPS disabled & protocol filtering (which is underlying feature for anti-phishing) disabled as well. Since version 6.5 disabling of those features, that are improving security is reported as a security risk. Unfortunately we have forgotten to update the policy in the way, that also corresponding settings for UI status suppression are enabled (you can suppress by editing the policy, section "user interface" / application statuses and then find the entries for disabled hips, ap & presentation mode. I would however recommend to enable both of the functionalities as Marcos has advised, as they greatly improve the protection of the client.

Share this post


Link to post
Share on other sites

@marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA

 

@piini3: thx too, i found out, how to disable the presentation mode

Share this post


Link to post
Share on other sites
15 minutes ago, Karsten1 said:

@marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA

Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled.

It´s a fileserver, no apps, no web. So i don´t need it anymore.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...