IDS rules
In some situations the Intrusion Detection Service (IDS) may detect communication between routers or other internal networking devices as a potential attack. For example, you can add the known safe address to the Addresses excluded from IDS zone to bypass the IDS.
Illustrated instructions The following ESET Knowledgebase article may only be available in English: |
Columns
•Detection—Type of detection.
•Application—Select the file path of an excepted application by clicking ... (for example C:\Program Files\Firefox\Firefox.exe). Do NOT type the name of the application.
•Remote IP—A list of remote IPv4 or IPv6 address / ranges / subnets. Multiple addresses must be delimited by a comma.
•Block—Every system process has its own default behavior and assigned action (block or allow). To override default behavior for ESET Internet Security you can select from the drop-down menu whether to block (Yes) or allow (No) the detection.
•Notify—Choose whether to display Desktop notifications in your computer. Choose from values Default (handled by IDS based on the detection)/Yes/No.
•Log—Log events to ESET Internet Security log files. Choose from values Default (handled by IDS based on the detection)/Yes/No.
Managing IDS rules
•Add—Click to create a new IDS rule.
•Edit—Click to edit an existing IDS rule.
•Delete—Select and click if you want to remove a rule from the list of IDS rules.
• Top/Up/Down/Bottom—Enables you to adjust the priority level of rules (rules are evaluated from top to bottom).
If you want to display a notification and collect a log any time the event occurs: 1.Click Add to add a new IDS rule. 2.Select specific detection from the Detection drop-down menu. 3.Choose an application path by clicking ... for which you want to apply this notification. 4.Leave Default in the Block drop-down menu. This will inherit the default action applied by ESET Internet Security. 5.Set both the Notify and Log drop-down menus to Yes. 6.Click OK to save this notification. |
If you do not want to display a recurring notification you do not consider as threat of a specific type of Detection: 1.Click Add to add a new IDS rule. 2.Select specific detection from the Detection drop-down menu, for example SMB session without security extensions or TCP Port Scanning attack. 3.Select In from the direction drop-down menu in if it is from an inbound communication. 4.Set the Notify drop-down menu to No. 5.Set the Log drop-down menu to Yes. 6.Leave Application blank. 7.If the communication is not coming from a specific IP address, leave Remote IP addresses blank. 8.Click OK to save this notification. |