Gregecslo 8 Posted October 6, 2022 Share Posted October 6, 2022 Hi all! With all ProxyNotShell and proxyshell stuff in mind, can you clarify something for all of us. If I have ESS (latest V9) configured like this: Does ESET scan for webshells in http frontend folders? According to: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/ Quote Many organizations exclude Exchange directories from antivirus scans for performance reasons. It’s highly recommended to audit AV exclusions on Exchange systems and assess if they can be removed without impacting performance and still ensure the highest level of protection. So what exactly is excluded if we use above option? Only DB files and logs, or entire folders of Exchange? Thanks! Link to comment Share on other sites More sharing options...
ESET Staff M.K. 17 Posted October 10, 2022 ESET Staff Share Posted October 10, 2022 Hi, with automatic exclusions for Exchange Servers we have followed recommendations from Microsoft, i.e. https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019 Peter Randziak 1 Link to comment Share on other sites More sharing options...
Gregecslo 8 Posted October 10, 2022 Author Share Posted October 10, 2022 Huh, so basically with this enabled eset dont scan common webshell folders and they can run almost unrestricted since you also dont scan w3wp proccess. MS wording has changed dramatically since last years proxylogon and proxyshell, have you adopted any of their recommendations from their offical blogs? Thanks! stevenv 1 Link to comment Share on other sites More sharing options...
stevenv 0 Posted October 10, 2022 Share Posted October 10, 2022 1 hour ago, Gregecslo said: Huh, so basically with this enabled eset dont scan common webshell folders and they can run almost unrestricted since you also dont scan w3wp proccess. MS wording has changed dramatically since last years proxylogon and proxyshell, have you adopted any of their recommendations from their offical blogs? Thanks! I would also like to know, as from wat I see ESET's documentation is limited on this topic. Most vendors have provided some information on signature updates etc. for CVE-2022-41040 and CVE-2022-41082 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted October 10, 2022 Administrators Share Posted October 10, 2022 1 hour ago, Gregecslo said: eset dont scan common webshell folders and they can run almost unrestricted since you also dont scan w3wp proccess. Which folders do you mean? Automatic exclusions are not applied for processes as stated in https://support.eset.com/en/kb3078: ESET Mail Security for Microsoft Exchange Server applies "Directory/Folder exclusions" only ("Process exclusions" and "File name extension exclusions" are not applied) 1 hour ago, Gregecslo said: MS wording has changed dramatically since last years proxylogon and proxyshell, have you adopted any of their recommendations from their offical blogs? This KB was last updated by MS on July 7, 2022 and automatic exclusions should be in concordance with the latest recommendations: https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019 Link to comment Share on other sites More sharing options...
Gregecslo 8 Posted October 10, 2022 Author Share Posted October 10, 2022 I have efs... Link to comment Share on other sites More sharing options...
Recommended Posts