phil13 0 Posted February 9 Share Posted February 9 Hello, we are currently testing the eset Protect cloud and the eset Inspect cloud with Eset endpoint security We need to create a temporary exclusion for one IP adress to perform vulnerability scans. I already created a policy adding the IP adress to the Zone for Windows. But this still seems to block the entire scan so i suspect i need to configure something else. While checking the Inspect cloud I tried to configure an exclusion as well and used code like the one attached. But is there any option to select all rules? So it might even include new rules? Thanks in Advance Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted February 9 Administrators Share Posted February 9 After talking to developers we believe temporarily stopping the ESET Inspect Connector service during the pentest would work best. If you need to do it from ESET PROTECT then you could consider temporarily deactivating the EI connector and then re-activate it. Quote Link to comment Share on other sites More sharing options...
phil13 0 Posted February 13 Author Share Posted February 13 Hello, Thanks for your answer. "temporarily deactivating" sounds good. Is there any how to for thisß The only way i found with a quick google search is the possibility to uninstall Eset Inspect from clients. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted February 13 Administrators Share Posted February 13 With ESET Inspect (on-premise) it'd be possible to add the computer name in the server config file so that events from the machine would be dropped. Since EIC runs in the cloud, you can't configure this. After discussing it with colleagues there's no other way then temporarily uninstalling the EI connector in your case. Quote Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted February 13 Share Posted February 13 (edited) Without detection details of the vulnerability exploitation attempt and the current created IDS exclusions it is difficult to pin-point the problem. A properly configured IDS exclusion should solve the problem.Please note that detection by the ESET Endpoint cannot be excluded in a Inspect exclusion. This should be done in the Endpoint manually or via policy via ESET Protect. Edited February 13 by Jamil-soc Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.