Jump to content

ESET INSPECT Best practice guide?

Go to solution Solved by j91321,

Recommended Posts

Hello All,

Looking at the ESET INSPECT rules that are enabled by default, I can see that these are basically all "Threat" severity rules, while all of the rest are disabled. Is this the generally recommended best practice by ESET? I feel that customers miss out a lot by having all other rules disabled, however I do realize that some of them could be very noisy. Is there a guide, or a blog post advising on some sort of best practice configuration that has some additional rules enabled, rules that are proven to produce false-positives rarely (e.g. Dharma ransomware toolkit item file name was written [C0637]). I could go and read all 1000 rules one by one and use my subjective opinion to enable some, but this doesn't seem to be optimal.

Let me give you an example - I work with other solutions, and some of them have profiles like "Balanced", "Secure", etc. and depending on the profile different set of rules is enabled. I know that there is no such feature here, however I am looking for some sort of guidance at least, I can enable them manually afterwards. 

Thank you in advance!

Link to comment
Share on other sites

  • Solution

I'd recommend to enable rules with tag Essential. Next it's worth reviewing rules that have automatic actions assigned. You can filter these by using the "Rule Actions" filter in the Rules list.  You can also use other tags to better filter categories you're interested in and enabled rules based on that.

Link to comment
Share on other sites



Thank you for the tips, they are really useful, I was barely paying attention to tags. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...