Trigger by Event LogQuestion

[schuetzdentalCB 8]

Hi,

is it correct that a Client Task which should start an Network Isolation with a Trigger that reacts on Event-Log Criteria, is processed directly on the client without waiting for feedback of ESET Protect Server? - It looks like that for me. (Would be great if im right because so i can diretly isolate a client which has found malware on it (so in case it still starts ransomware and eset detects it after a few moments it can't spread over the network...even if our network system shouldn't be vulnerable for this network spread stuff.. but i like to build some extra protections..you never know). there are still excel files out there which are starting an OLE Object and after a few seconds you have som jpg file in AppData and Temp with Trojan Detections. And that would just isolate that one infected system and wouldn't crypt a whole company ^^

 

Testing: After i download an infected file and unzip it, ESET detects it and just 1 second after, it isolates my test machine (i can see that in eset endpoint security application). so event log trigger is processes on the client itself without waiting for eset protect info? or do i have a mistake in thinking?
 

[schuetzdentalCB 8]

Too early for me...just deactivated network adapter and it still directly isolates the testclient. so it looks like its working how it should  no waiting for protect server needed