derbärtigeFrytz 3 Posted January 15, 2024 Posted January 15, 2024 We use ESET Protect 10.1.1291.0. A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs. For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases. How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients?
Administrators Marcos 5,734 Posted January 15, 2024 Administrators Posted January 15, 2024 You can send the list of hashes to samples[at]eset.com for a check in case we've got such samples. As for blocking network communication with IP addresses, you can create a blocking firewall rule with the IP addresses listed. It's also possible to block SHA1 of files via our XDR solution ESET Inspect.
Recommended Posts