Jump to content

EIS firewall problem


Recommended Posts

Guest liu

EIS 防火墙无法阻止 DLL 文件访问网络

Machine translation:

EIS firewall cannot prevent DLL files from accessing the network

Edited by Marcos
Machine translation added
Link to comment
  • Administrators

Since this is an English forum, we kindly ask you to post in English.

As for the question, dll files cannot be executed. Firewall rules are bound to executables or services. What would you like to achieve exactly?

Link to comment

As @Marcos noted, .dll files cannot directly access the Internet. They can only do so under some type of programmatic control. Posted below are references on some ways malware does so. You either have to rely on other Eset protection mechanisms to detect these malicious activities, or do so manually via the Eset HIPS. This is difficult to do without blocking legit system activities since the HIPS doesn't allow for monitoring of process command line parameters. The best way to do so is via monitoring of child process startup activities from these exploited processes as noted in this Eset KB article in regards to ramsomware firewall rules: https://support.eset.com/en/kb6132-configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware

References:

https://attack.mitre.org/techniques/T1574/002/

https://attack.mitre.org/techniques/T1055/001/

https://attack.mitre.org/techniques/T1218/011/

https://attack.mitre.org/techniques/T1218/010/

Edited by itman
Link to comment
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...