Jump to content

Exclusions not applying

VH_Systeembeheer
 Share

Recommended Posts

VH_Systeembeheer

VH_Systeembeheer 0

Posted
Posted

Dear,

Some exclusions i make are not applying, most of them are.

The process name matches, the signer name, .. but the detection is not being resolved.

Even if I make an exclusion from a detection, it does not solves that detection.

 

For example:

image.png.90f1fa5aa4b63af55ccce79d27bdf9a1.png

 

image.png.7eba737ac46c9f66b3d395bbd0f1160f.png

image.png.7d69b790d46be9b9241272ffae082bf7.png

But the detection is not resolved

I have this with a handful exclusions, with different triggers and rules

 

Please advice

 

Ben

image.png

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

From the screen shots posted, it appears that the Brave browser update process is trying to get access to lsass.exe which in itself is suspect activity.

First, if lsass.exe is setup as a Protected Process - Light (PPL), the updater won't be able to access it.

Next is it may very well be that Eset's HIPS is what is actually blocking access to lsass.exe. It is also possible that it is not allowing an exclusion for this activity which would be the proper thing to do.

Edited by itman
Link to comment
Share on other sites
  • 2 weeks later...
dmaasland

dmaasland 2

Posted
Posted

Just as a test, does it work if you remove the "signer name" condition? Could you click on "Advanced" and post the exclusion's XML?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...