karsayor 8 Posted January 29, 2021 Share Posted January 29, 2021 (edited) Hello Until a few weeks / months, I had to go in the detection tab to resolve most events like web control blocking URL, or pua connection terminated, incoming generic attack blocked, etc.. Now these detections seems to be auto resolved and in detection details it's written "Resolved" and "Handled by product". Is this normal and can it be explained because I could not find if it's a change or any issue in our console Edited January 29, 2021 by karsayor Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted January 29, 2021 Administrators Share Posted January 29, 2021 If I remember correctly, auto resolution of detections was added in ESMC v7. Link to comment Share on other sites More sharing options...
karsayor 8 Posted January 29, 2021 Author Share Posted January 29, 2021 Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised. Link to comment Share on other sites More sharing options...
karsayor 8 Posted January 29, 2021 Author Share Posted January 29, 2021 In this case, how do you check / change / know what type of event is auto resolved and what isn't ? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted January 29, 2021 ESET Staff Share Posted January 29, 2021 5 hours ago, karsayor said: Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised. Actually it has probably changed as set of detection types that are resolved automatically has been extended. If I recall correctly, recent addition is "firewall" type of detections, but it might be also dependent on version of ESET security products used in environment. Regarding mechanisms itself, it is based on data as received from ESET security products, where crucial for automatic resolution is that detection is marked as handled/resolved/cleaned, i.e. that it is a detection that does not require any further actions as it was resolved either by blocking or removing malicious content. Link to comment Share on other sites More sharing options...
karsayor 8 Posted February 2, 2021 Author Share Posted February 2, 2021 Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted February 2, 2021 ESET Staff Share Posted February 2, 2021 29 minutes ago, karsayor said: Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ? Checked that and it was present in changelog of original 7.2 release: Quote Added: Automatic resolution of firewall logs and filtered websites but it might have been superseded by change-log for hotfix release of 7.2, which might cause confusion. Link to comment Share on other sites More sharing options...
karsayor 8 Posted February 2, 2021 Author Share Posted February 2, 2021 All clear thanks I missed it. By the way, thank you for your products, you are doing great job ! Link to comment Share on other sites More sharing options...
Recommended Posts