Proactive protection

About the function

The Proactive protection detects files from the following sources:

files downloaded using a supported web browser

downloaded from a mail client

files extracted from an unencrypted or encrypted archive using one of the supported archive utilities

executed and opened files located on a removable device

If a file is suspicious, Proactive protection blocks its execution during the analysis in ESET cloud by ESET Dynamic Threat Defense.

Supported applications and devices

This function is available only for products and devices running on a Windows OS.

ESET security products

Web browsers

Mail Clients

Archiver utilities

Removable devices

ESET Endpoint Security 7.2 and later

MS Internet Explorer

MS Outlook


USB flash drive

ESET Endpoint Antivirus 7.2 and later

MS Edge

Mozilla Thunderbird


USB hard drive



MS Mail

Microsoft Explorer built-in unpacker






Floppy disk





Built-in card reader


Brave Browser





Configure the proactive protection settings using a policy in ESMC.

Navigate to ESET Endpoint for Windows policy settings > Detection Engine > Cloud-based protection > ESET Dynamic Threat Defense > Proactive protection.

Allow execution immediately- The user can execute the file even if it is still being analyzed. When the result of the analysis is delivered, the ESET product acts accordingly.

Block execution until receiving the analysis result - The user needs to wait until the file analysis is complete to execute the file.



Using Proactive protection

When a suspicious file is detected, Windows may display a warning when running the file for the first time. The ESET product displays information about the file being analyzed. If the analysis is completed before you execute the file for the first time, the File in analysis notice is not displayed.

Depending on your configuration settings (see the chapter above), Windows allows or denies running the file during analysis.



Result of analysis

The result is delivered in time

In the configuration, you can set the maximum wait time for the analysis. Result delivered within this time are displayed on the screen:

The file is safe:

The file is malicious and blocked:


The result could not be delivered in time

If the analysis is taking longer than the maximum wait time, the file is released for use, and you will be informed about the ongoing analysis.


If the analysis proves the file to be malicious, the ESET product displays a warning and acts accordingly.