Jump to content

ESMC Issue with Threats


Marc.H
 Share

Recommended Posts

Hi everyone, 

 

On my ESMC console i do have a lot of threats that I can't figure out.

Firewall Security vulnerability exploitation   x.x.x.203->x.x.x.51:445 dc2.lan   Win32/Exploit.SMB.CVE-2009-3103 Detected System   TCP

 

I do have VMware ESXi servers  (some of them 20%+- version 5, 5.5, 6 ,6.5) that make error on the DC which seems to be related to a smbv2 connection which is detected by eset on the DC, each ESX does make that connection every hours which means that at the end of the day i have 500+ unresolved threats.

 

other question, I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ... 

 

Thanks

Marc 

 

Link to comment
Share on other sites

  • Administrators

This might be a false positive.

Please carry on as follows:
- on the client enable advanced network protection logging under tools -> diagnostics
- reproduce the exploit detection
- disable logging
- gather logs with ELC.

When done, post the archive generated by ELC here.
 

Link to comment
Share on other sites

On 10/25/2018 at 6:30 AM, Marc.H said:

other question, I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ... 

I'm interested in this information, as well. Can anyone clarify?

Link to comment
Share on other sites

  • ESET Staff
On 10/25/2018 at 2:30 PM, Marc.H said:

I saw on a different post that in the version ESMC 7 unresolved threats would be resolved automatically or could be via a rules but i don't find how ...

It is actually available in ESMC, but it works only for specific threats, especially those detected by real-time protection or scanning. It was supposed to target issues with so called "active threats" that had to be resolved by complicated workflow involving on demand scanning. Threats that were handled by endpoint on client device are automatically resolved and on-demand scan for specific path should be accessible easier and result of scan should automatically resolve issue in case it is no longer present.

Link to comment
Share on other sites

  • 2 weeks later...

Logs did not help Marcos to find the issue ... could any one provide me the email or url to contact the eu support directly  ?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...