BlueBear 3 Posted January 11, 2024 Posted January 11, 2024 (edited) Hi, We want to disable the protection of PUP but still report as shown below in our configuration. Having checked the policies, it appears to be set correctly and there's no other policy within the hierarchy which I thought could be an issue. However, we are still getting reports for a file by the PUP protection. We have even added explicit exclusions for the file based on the hash and I can see that the exclusion is present within the devices that are detecting the PUP. Any idea as to why this would be happening or where to check next? Thanks, BB Edited January 11, 2024 by BlueBear No need for it
Administrators Marcos 5,725 Posted January 11, 2024 Administrators Posted January 11, 2024 You should change reporting of PUAs to off if you don't want to have PUAs detected.
BlueBear 3 Posted January 11, 2024 Author Posted January 11, 2024 5 minutes ago, Marcos said: You should change reporting of PUAs to off if you don't want to have PUAs detected. I am OK with the detection alert being sent to the console and display on the endpoint but I want to stop the removals. The description of 'Reporting' states exactly the above, so this configuration should report but not remove the detection. However, even with this configuration it is being reported and the deletion action being performed: Action Performed: Cleaned by deleting Timestamp: 1/11/24, 4:52:30 AM UTC Am I misunderstanding this somehow? Thanks
Administrators Marcos 5,725 Posted January 11, 2024 Administrators Posted January 11, 2024 Please provide logs collected with ESET Log Collector from the machine.
Recommended Posts