Jump to content

Archived

This topic is now archived and is closed to further replies.

InfosecAtom

Whitelisting Vulnerability Scanners In ESMC/EEAV7

Recommended Posts

I am getting these alerts from our vulnerability scanner in ESMC, despite having created an IDS exception policy to not alert or log on scans from the vulnerability scanner. Am I supposed to be creating the exception elsewhere to avoid all endpoints filling my detections log with all these events?

image.thumb.png.f5a9848ca1f2220b5148728cfafceccb.png

Share this post


Link to post
Share on other sites

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ELC logs from the machine that reported the attack.
 

Share this post


Link to post
Share on other sites
On 4/27/2020 at 3:16 PM, Marcos said:

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ESET Log Collector logs from the machine that reported the attack.
 

It was a Windows 10 endpoint, so it would not be vulnerable. It was flagging only on the attempt. I figured out what the issue was, I falsely believed that program name was supposed to be a IDS exception rule name. Removing all input from the program name field resolved my issue.

Share this post


Link to post
Share on other sites

I would not create any exclusions for these detections. The source machine may be running a malicious code even if both machines were patched against the exploited vulnerability.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...