Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Allow Metasploit

anekkabAug 10, 2017 08:13 AM

Hello For Audit and Forensinsing purpose we use Metasploit to perfomr some tasks on a our fleet, but ...

ℬrίαηAug 10, 2017 08:17 AM

What else is blocking it? It may be the AV portion, not the IPS. If IPS then did you ensure the clients ...

anekkabAug 10, 2017 08:43 AM

i dont see any log on the target that can help me detemrin which portion block my attacks

ℬrίαηAug 10, 2017 08:46 AM

You're checking either Risk log, Security log,Threat log (SONAR) or Traffic (Firewall). If there is ...

1. Allow Metasploit

0 Recommend
anekkab
Posted Aug 10, 2017 08:13 AM

Reply Reply Privately
Hello

For Audit and Forensinsing purpose we use Metasploit to perfomr some tasks on a our fleet, but the exploit is blocked By SEP :) (Googd Think) but it's blocking us to performe our "white hacking" Stuff.

I add the server to the Excludes hosts on Intrusion Prevention Policies but its still not working

is there any other steps that should be taken to allowd such operation

Kind regards

N.Achraf
2. RE: Allow Metasploit

0 Recommend
ℬrίαη
Posted Aug 10, 2017 08:17 AM

Reply Reply Privately
What else is blocking it? It may be the AV portion, not the IPS. If IPS then did you ensure the clients picked up the policy change.

This is going to be a difficult task because SEP is doing its job by blocking it and Metasploit will throw many different attacks at it.
3. RE: Allow Metasploit

0 Recommend
anekkab
Posted Aug 10, 2017 08:43 AM

Reply Reply Privately
i dont see any log on the target that can help me detemrin which portion block my attacks
4. RE: Allow Metasploit

0 Recommend
ℬrίαη
Posted Aug 10, 2017 08:46 AM

Reply Reply Privately
You're checking either Risk log, Security log,Threat log (SONAR) or Traffic (Firewall). If there is nothing there than I can't assume SEP is blocking it.

Copyright 2019. All rights reserved.

Powered by Higher Logic