pronto 6 Posted February 24, 2020 Posted February 24, 2020 Servus Community, in another thread regarding this 'Disable.Attack.Generic' warning we found a place in the policies where this warning can be disabled but the setting seems not to work because these warnings are still logged. See the attached screenshots. Thx & Bye Tom
Administrators Marcos 5,451 Posted February 24, 2020 Administrators Posted February 24, 2020 So what would you like to achieve? If malware or threat is detected, ESET should neither display an alert nor log the detection? That's really not a good thing, it must be always logged at least. The solution is to determine the root cause of detection and take measures to prevent it.
pronto 6 Posted February 24, 2020 Author Posted February 24, 2020 4 hours ago, Marcos said: The solution is to determine the root cause of detection and take measures to prevent it. Servus, the detections run on two Exchange Server 2016. These are brute force attacks that are applied to the virtual directories of Exchange IIS. I can't get out of this, if OWA and Active Sync should be accessible via the Internet. The problem is not unknown, and we used to use a reverse proxy to prevent it, but we don't have that anymore since Microsoft stopped it's TMG support. Our goal now is not to prevent these detections but we don't need to have every single successfully blocked attack in our log. This makes the log confusing and trains people to ignore warnings because they think they know what is behind it. An error or warning should be a rare event and every single one should get full attention. This is not possible if you know in advance what to expect in 95% of the warnings. If there is another solution that we have not yet considered, we would be interested to have a look at it... Thx & Bye Tom
Recommended Posts