Marc.H 0 Posted October 25, 2018 Share Posted October 25, 2018 Hi everyone, On my ESMC console i do have a lot of threats that I can't figure out. Firewall Security vulnerability exploitation x.x.x.203->x.x.x.51:445 dc2.lan Win32/Exploit.SMB.CVE-2009-3103 Detected System TCP I do have VMware ESXi servers (some of them 20%+- version 5, 5.5, 6 ,6.5) that make error on the DC which seems to be related to a smbv2 connection which is detected by eset on the DC, each ESX does make that connection every hours which means that at the end of the day i have 500+ unresolved threats. other question, I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ... Thanks Marc Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted October 25, 2018 Administrators Share Posted October 25, 2018 This might be a false positive. Please carry on as follows: - on the client enable advanced network protection logging under tools -> diagnostics - reproduce the exploit detection - disable logging - gather logs with ELC. When done, post the archive generated by ELC here. Link to comment Share on other sites More sharing options...
j-gray 33 Posted October 26, 2018 Share Posted October 26, 2018 On 10/25/2018 at 6:30 AM, Marc.H said: other question, I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ... I'm interested in this information, as well. Can anyone clarify? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 376 Posted October 26, 2018 ESET Staff Share Posted October 26, 2018 On 10/25/2018 at 2:30 PM, Marc.H said: I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ... It is actually available in ESMC, but it works only for specific threats, especially those detected by real-time protection or scanning. It was supposed to target issues with so called "active threats" that had to be resolved by complicated workflow involving on demand scanning. Threats that were handled by endpoint on client device are automatically resolved and on-demand scan for specific path should be accessible easier and result of scan should automatically resolve issue in case it is no longer present. Link to comment Share on other sites More sharing options...
Marc.H 0 Posted November 9, 2018 Author Share Posted November 9, 2018 Logs did not help Marcos to find the issue ... could any one provide me the email or url to contact the eu support directly ? Link to comment Share on other sites More sharing options...
Recommended Posts