Jump to content

Whitelisting Vulnerability Scanners In ESMC/EEAV7


Recommended Posts

I am getting these alerts from our vulnerability scanner in ESMC, despite having created an IDS exception policy to not alert or log on scans from the vulnerability scanner. Am I supposed to be creating the exception elsewhere to avoid all endpoints filling my detections log with all these events?

image.thumb.png.f5a9848ca1f2220b5148728cfafceccb.png

Link to post
Share on other sites
  • Administrators

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ELC logs from the machine that reported the attack.
 

Link to post
Share on other sites
  • 2 weeks later...
Posted (edited)
On 4/27/2020 at 3:16 PM, Marcos said:

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ESET Log Collector logs from the machine that reported the attack.
 

It was a Windows 10 endpoint, so it would not be vulnerable. It was flagging only on the attempt. I figured out what the issue was, I falsely believed that program name was supposed to be a IDS exception rule name. Removing all input from the program name field resolved my issue.

Edited by InfosecAtom
Link to post
Share on other sites
  • Administrators

I would not create any exclusions for these detections. The source machine may be running a malicious code even if both machines were patched against the exploited vulnerability.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...