WebGreg 1 Posted 2 hours ago Share Posted 2 hours ago Hi I know about https://help.eset.com/ei_navigate/2.3/en-US/index.html but I'm a total newbie with it and I would prefer some advice from a practitioner. Can anyone tell me briefly what I should be doing here? Below is an example of a detection I know nothing about. What would you do with it? 1. From the content, I guess it is Dell software, which means it is theoretically safe. Should I mark it as safe? Or is there anything else worth checking before marking whether it is safe? 2. On the right, you can see different levels. In such a case, do I have to review each one separately and mark them as safe or unsafe (blocked)? And yes - "Do not Block or Kill any Windows system processes or executables, such as svchost.exe. This may cause an operating system crash" - I know. 3. If, for example, I mark svchost.exe as blocked and smss.exe as safe, will smss.exe always be treated as safe by Inspect, or only in the context shown in the screenshot? Below is an event regarding a script that I know and plan to mark as safe. But, for example, I'm curious about the "note" and "comment" fields. Why are there two? What is the difference between them? Do you use it in practice? Do you enter comments like "a script I wrote that changes xxxx settings"? Or you don't waste time on such things and just click on mark as safe/unsafe, block, create exclusion? PROTECT & INSPECT is currently in learning mode. However, nothing new has appeared in Notifications since October 11. Does it work at all? Or do I need to take some action? Do you only use the default VirusTotal or have you added something else? How does it work then? It is enough for one website to mark something as dangerous, or does the event have to be marked as dangerous in both? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.