axlgabo10 0 Posted February 28, 2019 Share Posted February 28, 2019 Dear ESET. There is a configuration template in ESET Security Management Center, to isolate infected computers or with any active threat, and that these do not have any connection with the rest of the equipment to avoid infecting the network? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted February 28, 2019 Administrators Share Posted February 28, 2019 You can create a dynamic group for machines with active threats and assign it a policy that will apply blocking firewall rules. When using such policy, I'd be careful about not blocking communication with ESMC so that you can continue to manage ESET in case something goes wrong, e.g. if the active threats cannot be cleaned for whatever reason. Link to comment Share on other sites More sharing options...
axlgabo10 0 Posted February 28, 2019 Author Share Posted February 28, 2019 Hi marcos. Which template should I choose for active threats? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted February 28, 2019 Administrators Share Posted February 28, 2019 You can create a new dynamic group as follows: Link to comment Share on other sites More sharing options...
axlgabo10 0 Posted February 28, 2019 Author Share Posted February 28, 2019 Thanks Marcos Link to comment Share on other sites More sharing options...
axlgabo10 0 Posted February 28, 2019 Author Share Posted February 28, 2019 Its the correct rule? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted February 28, 2019 Administrators Share Posted February 28, 2019 My suggestions: 1, Don't t specify anything in the Remote section. You don't want to block incoming communication only from the Trusted zone but from the Internet as well. 2, Block communication in both directions, ie. incoming and outgoing, not just incoming communication. 3, Create a permissive rule for communication with the ESMC server and possibly with ESET's servers as well so that updates can be downloaded and LiveGrid data retrieved (see https://support.eset.com/kb332/) and put it on top of the rules list to take precedence over the blocking rules. 4, Consider creating similar rules for other protocols, such as ICMP too. Link to comment Share on other sites More sharing options...
Recommended Posts