Jump to content

ESET INSPECT Best practice guide?


Ufoto
Go to solution Solved by j91321,

Recommended Posts

Hello All,

Looking at the ESET INSPECT rules that are enabled by default, I can see that these are basically all "Threat" severity rules, while all of the rest are disabled. Is this the generally recommended best practice by ESET? I feel that customers miss out a lot by having all other rules disabled, however I do realize that some of them could be very noisy. Is there a guide, or a blog post advising on some sort of best practice configuration that has some additional rules enabled, rules that are proven to produce false-positives rarely (e.g. Dharma ransomware toolkit item file name was written [C0637]). I could go and read all 1000 rules one by one and use my subjective opinion to enable some, but this doesn't seem to be optimal.

Let me give you an example - I work with other solutions, and some of them have profiles like "Balanced", "Secure", etc. and depending on the profile different set of rules is enabled. I know that there is no such feature here, however I am looking for some sort of guidance at least, I can enable them manually afterwards. 

Thank you in advance!

Link to comment
Share on other sites

  • ESET Staff
  • Solution

I'd recommend to enable rules with tag Essential. Next it's worth reviewing rules that have automatic actions assigned. You can filter these by using the "Rule Actions" filter in the Rules list.  You can also use other tags to better filter categories you're interested in and enabled rules based on that.

Link to comment
Share on other sites

Hello,

 

Thank you for the tips, they are really useful, I was barely paying attention to tags. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...