Proactive protection

Proactive protection detects only files from the following sources:

Files downloaded using a supported web browser

Downloaded from a mail client

Files extracted from an unencrypted or encrypted archive using one of the supported archive utilities

Executed and opened files located on a removable device

If a file is suspicious, Proactive protection blocks its execution until the detection layers complete the analysis.

Supported applications and devices

This function is available for products and devices running on:

Windows - All supported ESET Endpoint products and ESET Server Security 7.2 and later, ESET Mail Security 7.2 and later.

Linux - all supported products.

Supported applications on Windows

Web browsers

Mail Clients

Archive utilities

Removable devices

MS Internet Explorer

MS Outlook

WinRAR

USB flash drive

MS Edge

Mozilla Thunderbird

WinZIP

USB hard drive

Chrome

MS Mail

Microsoft Explorer built-in unpacker

CD/DVD

Firefox

 

7zip

Floppy disk

Opera

 

 

Built-in card reader

Brave Browser

 

 

 

Supported applications on Linux

Web browsers

Mail Clients

Archive utilities

Removable devices

Chrome

Mozilla Thunderbird

Not supported on Linux

USB flash drive

Firefox

Evolution

 

USB hard drive

Opera

Mailspring

 

CD/DVD

Brave Browser

KMail

 

Floppy disk

Vivaldi

Geary

 

Built-in card reader

 

Mutt

 

 

 

claws mail

 

 

 

Alpine

 

 

Configuration of ESET Endpoint Antivirus

Configure the proactive protection settings using an policy.

In the Web Console, navigate to policies > create a new one or edit existing policy > select target ESET product > Detection Engine > Cloud-based protection > ESET Dynamic Threat Defense > Proactive protection.

Allow execution immediately - The user can execute the file even if it is still being analyzed. When the result of the analysis is delivered, the ESET product responds accordingly.

Block execution until receiving the analysis result - The user needs to wait until file analysis is complete to execute the file.

 

proactive

Using Proactive protection

When a suspicious file is detected, your operating system may display a warning when running the file for the first time. The ESET product displays information about the file being analyzed. If the analysis is completed before you execute the file for the first time, the File in analysis notice is not displayed.

Windows users

Depending on your configuration settings, Windows allows or denies running the file during analysis.
proactive1

Linux users

ESET Server Security products on Linux do not display the warning about the ongoing analysis. If you try to run a file locked by proactive protection:

Linux system displays the Access denied information.

Linux terminal returns Operation not permitted message.

ESET Endpoint Security displays graphical warning, when used in Linux with graphical interface:

proactive_linux

Result of analysis

The result is delivered in time

In the configuration, you can set the maximum wait time for the analysis. Results delivered within this time are displayed on the screen:

The file is safe:
proactive4
 

The file is malicious and blocked:
proactive5

 

The result could not be delivered in time

If analysis is taking longer than the maximum wait time, the file is released for use, and you will be informed about the ongoing analysis.

proactive6

If the analysis proves the file to be malicious, the ESET product displays a warning and responds accordingly.