[KB7677] Create IDS rules for client workstations in ESET PROTECT or ESET PROTECT On-Prem (Windows)

Solution

Required user permissions

This article assumes that you have the appropriate access rights and permissions to perform the tasks below.

If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.

 Endpoint users: Perform these steps on individual client workstations.

Create IDS exclusions in ESET PROTECT or ESET PROTECT On-Prem

  1. Open ESET PROTECT or ESET PROTECT On-Prem in your web browser and log in.

  2. Click Policies → ESET Endpoint for Windows, click the three dots next to the policy you want to edit and then click Edit.

    Figure 1-1
  1. Click SettingsProtectionsNetwork access protection → Network Attack Protection and click Edit next to IDS rules.

    Figure 1-2

     

  1. Click Add.

    Figure 1-3
  2. In the Detection drop-down menu, select Any Detection and type the Remote IP address (IP address of the machine with the software that scans the network).

    Alternatively, you can set up an IDS exclusion for a locally installed app by typing the full path to the .exe file in Application, for example,  C:\Windows\system32\cmd.exe.

    Figure 1-4
  3. In the Action section, select No from each drop-down menu. Click SaveSave to save the policy. If this is a new policy, assign it to the correct groups. After the computers check-in, they will receive the policy change.

    Figure 1-5