Jump to content

Create exclusion for one IP adress


phil13

Recommended Posts

Hello, we are currently testing the eset Protect cloud and the eset Inspect cloud with Eset endpoint security

We need to create a temporary exclusion for one IP adress to perform vulnerability scans.

I already created a policy adding the IP adress to the Zone for Windows. But this still seems to block the entire scan so i suspect i need to configure something else.  While checking the Inspect cloud I tried to configure an exclusion as well and used code like the one attached. But is there any option to select all rules? So it might even include new rules?

 

Thanks in Advance

esetsupportreq.png

Link to comment
Share on other sites

  • Administrators

After talking to developers we believe temporarily stopping the ESET Inspect Connector service during the pentest would work best. If you need to do it from ESET PROTECT then you could consider temporarily deactivating the EI connector and then re-activate it.

Link to comment
Share on other sites

Hello, Thanks for your answer. "temporarily deactivating" sounds good.

Is there any how to for thisß The only way i found with a quick google search is the possibility to uninstall Eset Inspect from clients.

Link to comment
Share on other sites

  • Administrators

With ESET Inspect (on-premise) it'd be possible to add the computer name in the server config file so that events from the machine would be dropped. Since EIC runs in the cloud, you can't configure this. After discussing it with colleagues there's no other way then temporarily uninstalling the EI connector in your case.

Link to comment
Share on other sites

Without detection details of the vulnerability exploitation attempt and the current created IDS exclusions it is difficult to pin-point the problem. A properly configured IDS exclusion should solve the problem.

Please note that detection by the ESET Endpoint cannot be excluded in a Inspect exclusion. This should be done in the Endpoint manually or via policy via ESET Protect.

Edited by Jamil-soc
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...