Jump to content

Whitelisting Vulnerability Scanners In ESMC/EEAV7


InfosecAtom
 Share

Go to solution Solved by InfosecAtom,

Recommended Posts

I am getting these alerts from our vulnerability scanner in ESMC, despite having created an IDS exception policy to not alert or log on scans from the vulnerability scanner. Am I supposed to be creating the exception elsewhere to avoid all endpoints filling my detections log with all these events?

image.thumb.png.f5a9848ca1f2220b5148728cfafceccb.png

Link to comment
Share on other sites

  • Administrators

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ELC logs from the machine that reported the attack.
 

Link to comment
Share on other sites

  • 2 weeks later...
  • Solution
On 4/27/2020 at 3:16 PM, Marcos said:

Is the vulnerability CVE-2008-4250 actually patched on the machine? Please provide ESET Log Collector logs from the machine that reported the attack.
 

It was a Windows 10 endpoint, so it would not be vulnerable. It was flagging only on the attempt. I figured out what the issue was, I falsely believed that program name was supposed to be a IDS exception rule name. Removing all input from the program name field resolved my issue.

Edited by InfosecAtom
Link to comment
Share on other sites

  • Administrators

I would not create any exclusions for these detections. The source machine may be running a malicious code even if both machines were patched against the exploited vulnerability.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...