Jump to content
pronto

Notifications, Warning and the Truth

Recommended Posts

Hi Community,

I'm working on a policy with reduced security level for a Windows server operating system. There is no email scanning and no web protection necessery, so I'm going to disable this features in the client policy. But now I got plenty of warnings in the remote console and I'm searching for a possibilty to disable al this warnings. Furthermore there is a warning for a disabled HIPS feature, which isn't disabled in the remote console, so normaly I expect an active and configured HIPS feature on the server but it isn't. Can anyone help to work through this two issuses?

Thx in advamced & Bye Tom

 

Bildschirmfoto 2019-10-10 um 14.20.53.png

Bildschirmfoto 2019-10-10 um 14.37.03.png

Share this post


Link to post
Share on other sites

You can disable particular application statuses here:

image.png

 

By the way, what is the reason for disabling HIPS? By doing so you'll also disable several other protection features, including Ransomware shield.

Share this post


Link to post
Share on other sites

Servus Marcos,

By the way, what is the reason for disabling HIPS?

This is one of the mysteries, I didn't disable HIPS as you can see in the policy screenshot but in the computers list I got a red alert notification and in the details list I got the issues as you can see in the other screenshot. So I expect that HIPS should be enabled...

Thx & Bye Tom

 

Share this post


Link to post
Share on other sites

Please provide me with logs collected with ESET Log Collector from such machine.

Share this post


Link to post
Share on other sites
31 minutes ago, Marcos said:

Please provide me with logs collected with ESET Log Collector from such machine.

Are there any sensitiv data in the log files, is it save to publish public or can you provide me an adress where I can send the log files? The zip file has a little more than 1 MB...

Bye Tom

Share this post


Link to post
Share on other sites

Only ESET staff has access to attachments permitted. Alternatively you can upload the archive to a safe location and drop me a personal message with a download link.

Share this post


Link to post
Share on other sites
9 minutes ago, Marcos said:

Only ESET staff has access to attachments permitted. Alternatively you can upload the archive to a safe location and drop me a personal message with a download link.

Ah okay but JPEGs can everyone see or are they also only visible for ESET stuff members?

Anyway, here is the log collection.

Thx in advance & Bye Tom

efsw_logs.zip

Share this post


Link to post
Share on other sites

HIPS is actually disabled. Please check directly on the server if HIPS is enabled. If it was re-enabled by a policy, a server restart will be needed in order for HIPS to start:

image.png

I would also suggest enabling protocol filtering unless the server is not connected to the Internet. Otherwise it would not be protected to the maximum extent against Internet-borne threats.

If you would like to protect ESET from being misconfigured, disabled or uninstalled by unauthorized persons, I'd also recommend enabling password protection as well as enabling detection of potentially unsafe applications.

Share this post


Link to post
Share on other sites

Servus Marcos,

Quote

If it was re-enabled by a policy, a server restart will be needed in order for HIPS to start:

Yes indeed, a server restart was enough. The warning at least about HIPS is gone...

Thx & Bye Tom

Edited by pronto

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...