Guest liu Posted October 8, 2021 Share Posted October 8, 2021 (edited) EIS 防火墙无法阻止 DLL 文件访问网络 Machine translation: EIS firewall cannot prevent DLL files from accessing the network Edited October 8, 2021 by Marcos Machine translation added Link to comment
Administrators Marcos 4,919 Posted October 8, 2021 Administrators Share Posted October 8, 2021 Since this is an English forum, we kindly ask you to post in English. As for the question, dll files cannot be executed. Firewall rules are bound to executables or services. What would you like to achieve exactly? Link to comment
itman 1,629 Posted October 8, 2021 Share Posted October 8, 2021 (edited) As @Marcos noted, .dll files cannot directly access the Internet. They can only do so under some type of programmatic control. Posted below are references on some ways malware does so. You either have to rely on other Eset protection mechanisms to detect these malicious activities, or do so manually via the Eset HIPS. This is difficult to do without blocking legit system activities since the HIPS doesn't allow for monitoring of process command line parameters. The best way to do so is via monitoring of child process startup activities from these exploited processes as noted in this Eset KB article in regards to ramsomware firewall rules: https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware References: https://attack.mitre.org/techniques/T1574/002/ https://attack.mitre.org/techniques/T1055/001/ https://attack.mitre.org/techniques/T1218/011/ https://attack.mitre.org/techniques/T1218/010/ Edited October 8, 2021 by itman Link to comment
Recommended Posts