Jump to content

Recommended Posts

Posted

Dear ESET.
There is a configuration template in ESET Security Management Center, to isolate infected computers or with any active threat, and that these do not have any connection with the rest of the equipment to avoid infecting the network?

  • Administrators
Posted

You can create a dynamic group for machines with active threats and assign it a policy that will apply blocking firewall rules. When using such policy, I'd be careful about not blocking communication with ESMC so that you can continue to manage ESET in case something goes wrong,  e.g. if the active threats cannot be cleaned for whatever reason.

Posted

Hi marcos.
Which template should I choose for active threats?

image.thumb.png.d692d25b850e84863173f660ed74fa35.png

  • Administrators
Posted

You can create a new dynamic group as follows:

image.png

  • Administrators
Posted

My suggestions:

1, Don't t specify anything in the Remote section. You don't want to block incoming communication only from the Trusted zone but from the Internet as well.
2, Block communication in both directions, ie. incoming and outgoing, not just incoming communication.
3, Create a permissive rule for communication with the ESMC server and possibly with ESET's servers as well so that updates can be downloaded and LiveGrid data retrieved (see https://support.eset.com/kb332/) and put it on top of the rules list to take precedence over the blocking rules.
4, Consider creating similar rules for other protocols, such as ICMP too.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...