Jump to content

Dynamic Group Configuration Infected Teams


Recommended Posts

Dear ESET.
There is a configuration template in ESET Security Management Center, to isolate infected computers or with any active threat, and that these do not have any connection with the rest of the equipment to avoid infecting the network?

Link to comment
Share on other sites

  • Administrators

You can create a dynamic group for machines with active threats and assign it a policy that will apply blocking firewall rules. When using such policy, I'd be careful about not blocking communication with ESMC so that you can continue to manage ESET in case something goes wrong,  e.g. if the active threats cannot be cleaned for whatever reason.

Link to comment
Share on other sites

  • Administrators

My suggestions:

1, Don't t specify anything in the Remote section. You don't want to block incoming communication only from the Trusted zone but from the Internet as well.
2, Block communication in both directions, ie. incoming and outgoing, not just incoming communication.
3, Create a permissive rule for communication with the ESMC server and possibly with ESET's servers as well so that updates can be downloaded and LiveGrid data retrieved (see https://support.eset.com/kb332/) and put it on top of the rules list to take precedence over the blocking rules.
4, Consider creating similar rules for other protocols, such as ICMP too.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...