speakerbox 3 Posted October 30, 2020 Share Posted October 30, 2020 Hi We get hundreds of alerts for one of our clients, who despite us bombarding them advising they need to geo-lock or close the port to a specific PC, they've refused to do so. We now have sign off from the directors of said company to no longer monitor the specific PC's and happy for us to exclude the PC from the "Network Vulnerability Alert" notification. Looking at this I can't see any easy way other than using the target IP address of the machines in question to exclude, you can't seem to exclude a specific agen using hostnamet? Are you aware of any way to do this, we could use target IP address I believe but then if another agent with the same IP address at another client has a problem then we won't be notified? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted October 30, 2020 Administrators Share Posted October 30, 2020 Please provide more information about the "network vulnerability alert". Is a particular vulnerability continually detected by ESET Endpoint that you consider safe to exclude? Could you please provide logs collected with ESET Log Collector from such machine? Link to comment Share on other sites More sharing options...
speakerbox 3 Posted October 30, 2020 Author Share Posted October 30, 2020 These are for ports on the clients firewall (we don't manage) that are open eg 443 & 80 to internal resources that have ESET AV installed. We've spent a year+ advising them they need to close the ports or at least lock down via IP/country but refuse to do so. We've advised we will no longer monitor for network vulneralities on these specific PC's and had sign off from the client despite the risks they've agreed to. We have the default network vulnerabilty notification setup to email our support team, we would like to have it NOT email for these specific PC's so if PC00001 detects this, we don't want emailed. The alerts are like below: Network Vulnerability Alert on COMPUTERNAME Computer Name: COMPUTERNAME Username: Timestamp: 10/30/20, 12:27:45 PM UTC Severity: Warning Threat Name: Incoming.Attack.Generic Process Name: System Protocol: TCP Inbound Communication: yes Source Address: 193.27.229.26 Source Port: 43,880 Target Address: internal LAN IP REMOVED Target Port: 80 I think i'll be able to filter based on Target Address but ideally would be able to filter based on computer name? So essentially we just want it to stop emailing us for these specific agents when it comes to network vulnerabilities - the client knows the risk. Link to comment Share on other sites More sharing options...
Recommended Posts