Jump to content

Security vulnerability exploitation actions


karsayor
 Share

Recommended Posts

Hello

I noticed that some servers reports that CVE has been blocked, some others allowed. What does it exactly mean and why does it block on some servers and not on others ?

If someone could tell me how this works ? :) Would be nice.

Thanks

image.thumb.png.6054b904648e7a15539fd56c2929d1e4.png

Link to comment
Share on other sites

  • Administrators

Security vulnerability detections are blocked unless you have an IDS exception created. Please check IDS exceptions on the machine where the action was allowed.

Link to comment
Share on other sites

  • 3 weeks later...

Is there anything we can do to exlude the detection of these ? As soon as I have confirmed the server is not vulnerable to CVE-2015-1635, it should be possible to exlude detection of this event but the "Create Exlclusion" is greyed out for these detections

image.png.263a1ba50ff13bce2aca1cc89e7ef704.png

Link to comment
Share on other sites

Eset IDS exceptions are created per work station as follows: https://support.eset.com/en/kb7052-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-6x

For ESET Security Management Center, refer to this to create IDS exclusions for client workstations: https://support.eset.com/en/kb7054-create-ids-exclusions-for-client-workstations-in-eset-security-management-center-7x

For Eset Remote Administrator, refer to this: https://support.eset.com/en/kb6624-create-ids-exclusions-in-eset-remote-administrator-6x

Edited by itman
Link to comment
Share on other sites

Ok thanks, was looking at wrong place. What's the difference between Notify and Log in the Action section ?

I want to remove alerts of CVE-2015-1635 from ESMC because the server is not vulnerable and they are blocked so I don't need them to appear but still have them blocked.

image.png.375b6b8d742da891ffeb1cd72b57d908.png

Link to comment
Share on other sites

  • Administrators

Change log to No and that's all. However, rather than creating exceptions I'd suggest putting the machine behind a firewall and allow only the desired communication on the firewall. Otherwise the server will keep being attacked and one day attackers may succeed and get into your network.

Link to comment
Share on other sites

That's what we did, it's an IIS server that has to be online on internet (443) but it sometimes detect those attacks which it's not vulnerable to. Its good that ESET blocks those attacks but if the server is not vulnerable to it, I don't need them to appear.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...