axlgabo10 0 Posted February 28, 2019 Posted February 28, 2019 Dear ESET. There is a configuration template in ESET Security Management Center, to isolate infected computers or with any active threat, and that these do not have any connection with the rest of the equipment to avoid infecting the network?
Administrators Marcos 5,468 Posted February 28, 2019 Administrators Posted February 28, 2019 You can create a dynamic group for machines with active threats and assign it a policy that will apply blocking firewall rules. When using such policy, I'd be careful about not blocking communication with ESMC so that you can continue to manage ESET in case something goes wrong, e.g. if the active threats cannot be cleaned for whatever reason.
axlgabo10 0 Posted February 28, 2019 Author Posted February 28, 2019 Hi marcos. Which template should I choose for active threats?
Administrators Marcos 5,468 Posted February 28, 2019 Administrators Posted February 28, 2019 You can create a new dynamic group as follows:
Administrators Marcos 5,468 Posted February 28, 2019 Administrators Posted February 28, 2019 My suggestions: 1, Don't t specify anything in the Remote section. You don't want to block incoming communication only from the Trusted zone but from the Internet as well. 2, Block communication in both directions, ie. incoming and outgoing, not just incoming communication. 3, Create a permissive rule for communication with the ESMC server and possibly with ESET's servers as well so that updates can be downloaded and LiveGrid data retrieved (see https://support.eset.com/kb332/) and put it on top of the rules list to take precedence over the blocking rules. 4, Consider creating similar rules for other protocols, such as ICMP too.
Recommended Posts