Create exclusion for one IP adress

[phil13 0]

Hello, we are currently testing the eset Protect cloud and the eset Inspect cloud with Eset endpoint security

We need to create a temporary exclusion for one IP adress to perform vulnerability scans.

I already created a policy adding the IP adress to the Zone for Windows. But this still seems to block the entire scan so i suspect i need to configure something else.  While checking the Inspect cloud I tried to configure an exclusion as well and used code like the one attached. But is there any option to select all rules? So it might even include new rules?

 

Thanks in Advance

[Marcos 4,614]

After talking to developers we believe temporarily stopping the ESET Inspect Connector service during the pentest would work best. If you need to do it from ESET PROTECT then you could consider temporarily deactivating the EI connector and then re-activate it.

[phil13 0]

Hello, Thanks for your answer. "temporarily deactivating" sounds good.

Is there any how to for thisß The only way i found with a quick google search is the possibility to uninstall Eset Inspect from clients.

[Marcos 4,614]

With ESET Inspect (on-premise) it'd be possible to add the computer name in the server config file so that events from the machine would be dropped. Since EIC runs in the cloud, you can't configure this. After discussing it with colleagues there's no other way then temporarily uninstalling the EI connector in your case.

[Jamil-soc 4]

Without detection details of the vulnerability exploitation attempt and the current created IDS exclusions it is difficult to pin-point the problem. A properly configured IDS exclusion should solve the problem.

Please note that detection by the ESET Endpoint cannot be excluded in a Inspect exclusion. This should be done in the Endpoint manually or via policy via ESET Protect.

Edited February 13 by Jamil-soc