Security Alert after new Installation (HIPS and Anti Phishing)

[Karsten1 0]

HI,

I made a new Installation of ESET ERA 6.5 VA. Then i made a ESET FS Installation on 2 Windows 2016 Server from the default repository (6.5.12014.1). I assined the default policy with real time scan only.

Why do i get this messages in ERA and how can i get rid of them?

 

yours 

Karsten

[Marcos 5,070]

1, Since you've deployed a new VA, why did you went with v6.5 and not with ESMC?
2, Make sure that HIPS is enabled in EFSW/Endpoint. Changing this setting will require a computer restart for it to take effect.
3, As for disabled anti-phishing, do you have web access protection, protocol filtering and anti-phishing enabled in EFSW/Endpoint?

I'd strongly suggest deploying ESMC and Endpoint v7 with default settings on clients for maximum protection.

[Pinni3 21]

First You need to get of presentation mode (IMO it should be disabled by default). Check Your Policies for these products. You need to enable those modules. Last thing : is there reboot requirement ? If not, deal with policies first (presentation mode can be also disabled by a policy)

[Marcos 5,070]

As for presentation mode, it's possible to set a particular application status not to be reported to ERA/ESMC. As of v7 products, presentation mode doesn't change the protection status at all.

[MichalJ 434]

The default policy "real time only" has HIPS disabled & protocol filtering (which is underlying feature for anti-phishing) disabled as well. Since version 6.5 disabling of those features, that are improving security is reported as a security risk. Unfortunately we have forgotten to update the policy in the way, that also corresponding settings for UI status suppression are enabled (you can suppress by editing the policy, section "user interface" / application statuses and then find the entries for disabled hips, ap & presentation mode. I would however recommend to enable both of the functionalities as Marcos has advised, as they greatly improve the protection of the client.

[Karsten1 0]

@marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA

 

@piini3: thx too, i found out, how to disable the presentation mode

[Karsten1 0]

Thx MichalJ: that´s what i´m looking for !

[Marcos 5,070]

15 minutes ago, Karsten1 said:

@marcos: thx for your quick reply. I made the Installation one month before. There was no newer version available then 6.5. . I don´t need HIPS and antiphishing on a fileserver. So i don´t want them to be activated and i don´t want any alert in the ERA

Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled.

[Karsten1 0]

1 hour ago, Marcos said:

Do you mean that you don't need the server to be protected against ransomware attacks and possibly new malware that may be executed there, e.g. from a remote machine through vulnerabilities ? I'm asking because you wrote you didn't care about HIPS and wanted to keep it disabled.

It´s a fileserver, no apps, no web. So i don´t need it anymore.