Customize what qualifies as Security Alert in Dashboard

[remosito 0]

Howdie all 🙂

 

in the process of setting up HO protection for our Users. 

One of the compromises we have to do is a setup with minimal protection. That includes no anti-phishing, ransom-ware, etc protection.

Our Users wanting to risk their private computers is their choice. As long as it doesnt affect Office Network Security too severly.

Creating policy for it and deploying it worked like a charm.

 

But now all those minimal config Clients show up under "Security risks" in the dashboard. 

They need to disappear from there or we will miss Security risks we don't know about.

 

They are in their own group. So Ideally, we need to remove "Antiphishing not activated" for this group only.

 

But all I found is "mute" the given computers. Which I assume just means. All security risk notifications would be deactivated...

 

if anybody could point me the right direction for configuring what Issues qualify for what group to show up in Dashboard under Security risk. We would be most grateful...

 

cheers

[Marcos 5,074]

I am sorry but what is installing an antivirus with disabled antivirus protection good for? Isn't it better then to not install it at all? Please explain since it doesn't make much sense.

[remosito 0]

Quote

I am sorry but what is installing an antivirus with disabled antivirus protection good for? Isn't it better then to not install it at all? Please explain since it doesn't make much sense.

 

Phishing attempt is not quite the same as a virus or a trojan. (nor is spam detection for that matter; or firewall) and your colleagues at development seem to be able to see the sense. Which is, I guess at least,  why they added the option in policies to disable these parts...

 

so please cut the snark. It's quite frankly unprofessional and rude and reflects badly on your employer...

 

As for "explain since it doesnt make sense".

System A with antivirus, scans (mem and disk) IDS, process hardening, analytics and quite  a few other features, but not antiphishing.

Versus System B with no  protection at all...

Well to me they are not the same at all from a security stand point. Maybe you explain to me why they are the same? As that seems to be your point with "Isn't it better then to not install it at all?"

[Marcos 5,074]

I'm sorry if it was offensive to you, it was definitely not intended. I had to ask for more information first since you didn't mention only antiphishing but also other protection features:

Quote

That includes no anti-phishing, ransom-ware, etc protection.

As for not being notified about disabled antiphishing, you can disable the antiphishing-related application statuses via a policy:

[remosito 0]

41 minutes ago, Marcos said:

I'm sorry if it was offensive to you, it was definitely not intended. I had to ask for more information first since you didn't mention only antiphishing but also other protection features:

As for not being notified about disabled antiphishing, you can disable the antiphishing-related application statuses via a policy:

No offense taken if it wasn't intended 🙂

 

That totally did the trick. Thank you!

To be honest should have connected "Application statuses" with what I wanted myself. I guess I just took "Send" to mean via Email as can be configured elsewhere 🙂  Still learning the ropes...

 

Marked your post as the answer to my question 🙂

Edited May 5, 2022 by remosito

[Marcos 5,074]

Show means to display the protection status on the client while Send means to report it to ESET PROTECT.