Jump to content

Recommended Posts

Dear,

Some exclusions i make are not applying, most of them are.

The process name matches, the signer name, .. but the detection is not being resolved.

Even if I make an exclusion from a detection, it does not solves that detection.

 

For example:

image.png.90f1fa5aa4b63af55ccce79d27bdf9a1.png

 

image.png.7eba737ac46c9f66b3d395bbd0f1160f.png

image.png.7d69b790d46be9b9241272ffae082bf7.png

But the detection is not resolved

I have this with a handful exclusions, with different triggers and rules

 

Please advice

 

Ben

image.png

Link to post
Share on other sites
Posted (edited)

From the screen shots posted, it appears that the Brave browser update process is trying to get access to lsass.exe which in itself is suspect activity.

First, if lsass.exe is setup as a Protected Process - Light (PPL), the updater won't be able to access it.

Next is it may very well be that Eset's HIPS is what is actually blocking access to lsass.exe. It is also possible that it is not allowing an exclusion for this activity which would be the proper thing to do.

Edited by itman
Link to post
Share on other sites
  • 2 weeks later...

Just as a test, does it work if you remove the "signer name" condition? Could you click on "Advanced" and post the exclusion's XML?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...