Solved

Lateral Movement Requirement & eSET

  • 3 November 2021
  • 1 reply
  • 224 views

Badge

Morning

 

We have a customer who needs to place the lateral movement requirement in the their eSET end point solution HOWEVER eSet requires both an application AND APPLICATION PATH to set an exemption (you cant exempt base solely on the application name)

 

How can this be achieved?

 

 

File Name: CymulateLM.exe

 MD5: 7e1c9df044bcafe8e5a4372793985368

 SHA-256: db5f25b745f701d905d5d6f3979f9d4aec2ae22ad8f5bb66c428324b5e25b0a4

 SHA-1: 18076280e739af9c4c8c93ef99e6a20777c80ff5

 

Thanks.

icon

Best answer by mike_talon 3 November 2021, 16:25

View original

1 reply

Userlevel 2
Badge +2

Unfortunately, due to the nature of the Lateral Movement binaries, they move to different directories on each target to avoid basic detection.  If ESET cannot exclude by hash, you may need to temporarily disable ESET to run the simulation. 

ESET does appear to allow exclusion by hash alone, however:

https://help.eset.com/eav/15/en-US/idh_detection_exclusion.html?zoom_highlightsub=exclusion

 

Reply