Jump to content

KES11/KSC12 event "Host Intrusion Prevention was triggered" improvement suggestion


Recommended Posts

Posted

We have several unknown (very specific, not publically used) 3rd party applications, which are trusted as low restricted and therefore Access to webcam/microphone and so on is blocked. So KSC and KSN does not have a categorization for them. However, the KSC administrator does not recognize that something is blocked because the message “Host Intrusion Prevention was triggered” is only shown on client reports. It would be nice if this message (with Reason blocked) would appear on KSC.

I can understand that this message can occur many times so that KSC could be spammed with messages. My suggestion would be to do some kind of throttling on client side (e.g. send only the first message within 5 minutes) for this kind of message “Host Intrusion Prevention was triggered” (and Reason blocked), so that the KSC administrator sees that within the computer events (and can trigger an e- mail). The KSC administrator would be attentive that KES blocked something (now, the events do not show anything, however, the third party application does not work properly).

 

 

Allowed Message:

11.09.2019 08:40:50      Host Intrusion Prevention was triggered               Google Chrome               DOMAIN\username        Allowed: Access to webcam        Access to webcam                         Access to webcam         

Application: Google Chrome

User: DOMAIN\username (Active user)

Component: Host Intrusion Prevention

Result: Allowed: Access to webcam

Action: Access to webcam

Reason: Access to webcam

 


Blocked Message:

22.08.2019 11:41:54      Host Intrusion Prevention was triggered               60.8.0; 20190719-0953 [950894abee]    DOMAIN\username        Blocked: Access to webcam        Access to webcam                         Access to webcam         

Application: 60.8.0; 20190719-0953 [950894abee]

User: DOMAIN\username (Active user)

Component: Host Intrusion Prevention

Result: Blocked: Access to webcam

Action: Access to webcam

Reason: Access to webcam

 

Guest
This topic is now closed to further replies.


×
×
  • Create New...