derbärtigeFrytz 1 Posted January 15 Share Posted January 15 We use ESET Protect 10.1.1291.0. A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs. For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases. How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 15 Administrators Share Posted January 15 You can send the list of hashes to samples[at]eset.com for a check in case we've got such samples. As for blocking network communication with IP addresses, you can create a blocking firewall rule with the IP addresses listed. It's also possible to block SHA1 of files via our XDR solution ESET Inspect. Link to comment Share on other sites More sharing options...
Recommended Posts