Jump to content

Exclude one or more PC/Agent from Network Vulnerability Alerts?


Recommended Posts

Hi

We get hundreds of alerts for one of our clients, who despite us bombarding them advising they need to geo-lock or close the port to a specific PC, they've refused to do so. We now have sign off from the directors of said company to no longer monitor the specific PC's and happy for us to exclude the PC from the "Network Vulnerability Alert" notification.

Looking at this I can't see any easy way other than using the target IP address of the machines in question to exclude, you can't seem to exclude a specific agen using hostnamet?

Are you aware of any way to do this, we could use target IP address I believe but then if another agent with the same IP address at another client has a problem then we won't be notified?

Thanks

Link to post
Share on other sites
  • Administrators

Please provide more information about the "network vulnerability alert". Is a particular vulnerability continually detected by ESET Endpoint that you consider safe to exclude? Could you please provide logs collected with ESET Log Collector from such machine?

Link to post
Share on other sites

These are for ports on the clients firewall (we don't manage) that are open eg 443 & 80 to internal resources that have ESET AV installed. We've spent a year+ advising them they need to close the ports or at least lock down via IP/country but refuse to do so. We've advised we will no longer monitor for network vulneralities on these specific PC's and had sign off from the client despite the risks they've agreed to.

We have the default network vulnerabilty notification setup to email our support team, we would like to have it NOT email for these specific PC's so if PC00001 detects this, we don't want emailed.

The alerts are like below:

Network Vulnerability Alert on COMPUTERNAME

Computer Name: COMPUTERNAME
Username: 
Timestamp: 10/30/20, 12:27:45 PM UTC
Severity: Warning
Threat Name: Incoming.Attack.Generic
Process Name: System
Protocol: TCP
Inbound Communication: yes
Source Address: 193.27.229.26
Source Port: 43,880
Target Address: internal LAN IP REMOVED
Target Port: 80

 

I think i'll be able to filter based on Target Address but ideally would be able to filter based on computer name?

So essentially we just want it to stop emailing us for these specific agents when it comes to network vulnerabilities - the client knows the risk.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...