Jump to content

How do I add custom search patterns for detection

Recommended Posts

We use ESET Protect 10.1.1291.0.

A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs.

For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases.

How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients?


Link to comment
Share on other sites

  • Administrators

You can send the list of hashes to samples[at]eset.com for a check in case we've got such samples. As for blocking network communication with IP addresses, you can create a blocking firewall rule with the IP addresses listed.

It's also possible to block SHA1 of files via our XDR solution ESET Inspect.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...