Uncluesteve 0 Posted July 30, 2020 Posted July 30, 2020 I am looking to see if any one that is using Eset Endpoint Security is also using a Watchguard Firewall appliance that has enabled WatchGuard's Threat Detection & Response tool. I have just stared to play around with the settings and I noticed that Watchguard quarantines .raw files in the folder C:\Program Files\ESET\ESET Security\Modules. Does anyone know what these files are and how eset uses them? Here is a link to the Watchguard TDR datasheet. https://www.watchguard.com/wgrd-products/security-services/threat-detection-and-response
Administrators Marcos 5,443 Posted July 30, 2020 Administrators Posted July 30, 2020 It's a false positive. Those are update files necessary to assemble modules during compilation.
Uncluesteve 0 Posted July 30, 2020 Author Posted July 30, 2020 Thanks for the quick response. So if they are update files is there an process that they get cleaned up over time or are the accumulative?
Administrators Marcos 5,443 Posted July 30, 2020 Administrators Posted July 30, 2020 They should be replaced with a newer version over time.
Uncluesteve 0 Posted July 30, 2020 Author Posted July 30, 2020 Thanks, I will make a rule in the TDR settings to whitelist the folder for all of my users.
Administrators Marcos 5,443 Posted July 30, 2020 Administrators Posted July 30, 2020 By the way, we have our own EDR solution ESET Enterprise Inspector which leverages our products as well as LiveGrid, machine-learning and other technologies to provide CISO or administrators with insight into suspicious operations that occur in the network and allow for manual or automatic remediation. We currently provide 418 pre-defined rules that trigger on suspicious operations with an option to create new rules by an admin.
Uncluesteve 0 Posted July 30, 2020 Author Posted July 30, 2020 Thanks. Since we already pay for Watchguard I don't want to introduce another layer quite yet.
Recommended Posts