Threats

The Threats section gives you an overview of threats found on devices managed by your account. Group structure is displayed on the left.

You can browse groups and view threats detected on members of a given group. To view all threats found on clients assigned to groups for your account, select the All group and use the All threats types filter. Click a specific threat to view a context menu for the device containing that threat.

Threat types

Active threats - Active threats are threats that have not been cleaned yet. They can be cleaned by running an In-Depth Scan with cleaning enabled on the target machine.

Resolved threats - These are threats that have been marked by a user as resolved, however they have not yet been scanned using In-Depth Scan. Devices with threats marked as resolved will still be displayed in the filtered until scanning is performed.

Threats_details

Filtering threats

By default, all threat types from the last seven days are shown, including threats that have been successfully cleaned. To add multiple filtering criteria, click Add filter on the and select an item from the list. You can filter the results by Computer Muted, Threat Resolved, Name (name of the threat), Cause (cause of the threat) the IP Address of the client that reported this threat or the name of the Scan. By default, all threat types are displayed, but you can filter by Antivirus, Firewall and HIPS threats for a more specific view.

Filter presets

Filters can be saved to your user profile so that you can use them again in the future. Click Add Filter and then set the filter to your preference. Under Presets the following options are available:

Filter sets - your saved filters, click one to apply it. The applied filter is denoted with a apply_default check mark. Select Include visible columns, sorting and paging to save these parameters to the preset.

add_new_defaultSave filter set - Save your current filter configuration as a new preset. Once the preset is saved, you can not edit the filter configuration in the preset.

edit_defaultManage filter sets - Remove or rename existing presets. Click Save to apply the changes to presets.

Clear filter values - Click to remove only the current values from the selected filters. Saved presets will remain unchanged.

Remove filters - Click to remove the selected filters. Saved presets will remain unchanged.

Remove unused filters - Remove filter fields with no value.

details_hoverNOTE

Some filters are enabled by default. If threats are indicated on the left menu button but you cannot see them in the list of threats, check to see which filters are enabled.

 

Ransomware Shield

ESET business products (version 7 and later) include Ransomware Shield. This new security feature is a part of HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in ECA Web Console in Threats. For more information about Ransomware Shield, see the ESET Endpoint Security online help.

You can remotely configure Ransomware Shield from the ECA Web Console using the Policy settings for your ESET business product:

Enable Ransomware Shield - ESET business product automatically blocks all the suspicious applications that behave like ransomware.

Enable Audit Mode - When you enable the Audit Mode, potential threats detected by the Ransomware Shield are not blocked and are reported in ECA Web Console. The administrator can decide to block the potential detected threat or exclude it by selecting Add Exclusion to Policy. This Policy setting is available only via ECA Web Console.

validation-status-icon-warning IMPORTANT

By default, Ransomware Shield blocks all applications with potential ransomware behavior, including legitimate applications. We recommend that you Enable Audit Mode for a short period on a new managed computer, so that you can exclude legitimate applications that are detected as ransomware based on their behavior (false positives). We do not recommend that you use the Audit Mode permanently, because ransomware on the managed computers is not automatically blocked when Audit Mode is enabled.

Scan computers - Using this option will run the On Demand Scan task on the device that reported the selected threat.

Mark As Resolved / Mark As Not Resolved - Threats can now be marked as resolved in the threats section or under details for a specific client.

Expand Actions to perform the current actions:

play_default Run Task - Run an existing task and create a trigger to complete the task.

scan_default Scan Path - This action will open the task and pre-define the paths and targets. This is only available for threats with known paths.

Add Exclusion To Policy - Select an existing endpoint policy to which you want to add an exclusion for the threat. It will be excluded from future scans. You can exclude the threat based on the following criteria:

oUse Threat Name - Exclusion is defined based on the detected threat name (malware family).

oUse URI - Exclusion is defined by the path to the file, e.g. file:///C:/Users/user/AppData/Local/Temp/34e1824e/ggdsfdgfd.pdf.exe

oUse Hash - Exclusion is defined by the Hash of the detected file.

You can find threat details (threat name, URI, and hash) when you click on the threat and select Show Details.

validation-status-icon-error WARNING

Use exclusions with caution - they may result in an infected computer.

details_hoverNOTE

Not all threats found on client devices are moved to quarantine. Threats that are not quarantined include:

Threats that cannot be deleted.

Threats that are suspicious based on their behavior, but are not detected as malware, for example, PUAs.

Threat details

To learn more about a threat, click the threat in a Static or Dynamic Group and then click Show Details. Only threats found during a scan will displayed information about that scan.

Computers

Click a threat. In the drop down menu the Computers sub-menu offers you a list of actions that you can perform on the computer where the threat was found. This list is the same as the one in the Computers section.

Table columns

Click the gear icon gear_icon in the upper right corner, select Edit columns and select the columns you want to add to table. Various columns are available, select them using check box.