Jump to content

Whitelisting Vulnerability Scanners In ESMC/EEAV7


Recommended Posts

I am getting these alerts from our vulnerability scanner in ESMC, despite having created an IDS exception policy to not alert or log on scans from the vulnerability scanner. Am I supposed to be creating the exception elsewhere to avoid all endpoints filling my detections log with all these events?

image.thumb.png.f5a9848ca1f2220b5148728cfafceccb.png

Link to post
Share on other sites
  • Administrators

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ELC logs from the machine that reported the attack.
 

Link to post
Share on other sites
  • 2 weeks later...
Posted (edited)
On 4/27/2020 at 3:16 PM, Marcos said:

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ESET Log Collector logs from the machine that reported the attack.
 

It was a Windows 10 endpoint, so it would not be vulnerable. It was flagging only on the attempt. I figured out what the issue was, I falsely believed that program name was supposed to be a IDS exception rule name. Removing all input from the program name field resolved my issue.

Edited by InfosecAtom
Link to post
Share on other sites
  • Administrators

I would not create any exclusions for these detections. The source machine may be running a malicious code even if both machines were patched against the exploited vulnerability.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...