To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Avoid to isolate 1 server temporarily if critical alert is detected

Options
Anthony
Anthony W/ Member Posts: 1 Security Scout

Hello,

I need to run a script on a server but this one is detected as a critical alert so my server is isolated when I run it.

Is there a solution to temporarily deactivate EDR protection for 1 element (this server) ?

Thanks in advance for your help.

Anthony A.

Answers

  • Sethu Laks
    Sethu Laks W/ Partner, W/ Staff, W/ Moderator Posts: 245 Moderator
    edited April 23
    Options

    Hi @Anthony

    Thank you for reaching out the WithSecure Community,

    To disable the EDR sensor on specific servers:

    1. Create a Custom Profile: Within WithSecure Elements Portal, you can create a new profile specifically designed for your server needs.
    2. Disable EDR Sensor: In this custom profile, locate the option for "Enable EDR sensor" and ensure it's unchecked or set to "Off."
    3. Assign to Servers: Once the custom profile is configured with the disabled EDR sensor, you can assign this profile to the specific servers where you don't want EDR running.

    You can follow these steps:

    1. Access the Elements portal by logging in.
    2. Navigate to the Security Configuration section via the left-hand menu.
    3. Proceed to the Profile page.
    4. Establish a new CUSTOM profile.
    5. Within your Custom profile, select General settings, locate the Integration section, and disable the “Enable EDR sensor” option.
    6. The newly crafted custom profile is now ready to be applied to your desired server for evaluation.
    7. Re-examine the server with the new settings.
    8. Verify your intent to deactivate resource protection.

    Please ensure that you understand the risks associated with turning off security features and take necessary precautions to maintain the security of your server during this period.

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home