phil13 0 Posted February 9, 2023 Share Posted February 9, 2023 Hello, we are currently testing the eset Protect cloud and the eset Inspect cloud with Eset endpoint security We need to create a temporary exclusion for one IP adress to perform vulnerability scans. I already created a policy adding the IP adress to the Zone for Windows. But this still seems to block the entire scan so i suspect i need to configure something else. While checking the Inspect cloud I tried to configure an exclusion as well and used code like the one attached. But is there any option to select all rules? So it might even include new rules? Thanks in Advance Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 9, 2023 Administrators Share Posted February 9, 2023 After talking to developers we believe temporarily stopping the ESET Inspect Connector service during the pentest would work best. If you need to do it from ESET PROTECT then you could consider temporarily deactivating the EI connector and then re-activate it. Link to comment Share on other sites More sharing options...
phil13 0 Posted February 13, 2023 Author Share Posted February 13, 2023 Hello, Thanks for your answer. "temporarily deactivating" sounds good. Is there any how to for thisß The only way i found with a quick google search is the possibility to uninstall Eset Inspect from clients. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted February 13, 2023 Administrators Share Posted February 13, 2023 With ESET Inspect (on-premise) it'd be possible to add the computer name in the server config file so that events from the machine would be dropped. Since EIC runs in the cloud, you can't configure this. After discussing it with colleagues there's no other way then temporarily uninstalling the EI connector in your case. Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted February 13, 2023 Share Posted February 13, 2023 (edited) Without detection details of the vulnerability exploitation attempt and the current created IDS exclusions it is difficult to pin-point the problem. A properly configured IDS exclusion should solve the problem.Please note that detection by the ESET Endpoint cannot be excluded in a Inspect exclusion. This should be done in the Endpoint manually or via policy via ESET Protect. Edited February 13, 2023 by Jamil-soc Link to comment Share on other sites More sharing options...
Recommended Posts