Proactive protection

About the function

The Proactive protection detects files from the following sources:

files downloaded using a supported web browser

downloaded from a mail client

files extracted from an unencrypted or encrypted archive using one of the supported archive utilities

executed and opened files located on a removable device

If a file is suspicious, Proactive protection blocks its execution during the analysis in ESET cloud by ESET Dynamic Threat Defense.

Supported applications and devices

This function is available only for products and devices running on a Windows OS.

ESET security products

Web browsers

Mail Clients

Archiver utilities

Removable devices

ESET Endpoint Security 7.2 and later

MS Internet Explorer

MS Outlook

WinRAR

USB flash drive

ESET Endpoint Antivirus 7.2 and later

MS Edge

Mozilla Thunderbird

WinZIP

USB hard drive

 

Chrome

MS Mail

Microsoft Explorer built-in unpacker

CD/DVD

 

Firefox

 

7Zip

Floppy disk

 

Opera

 

 

Built-in card reader

 

Brave Browser

 

 

 

Configuration

Configure the proactive protection settings using a policy in ESMC.

Navigate to ESET Endpoint for Windows policy settings > Detection Engine > Cloud-based protection > ESET Dynamic Threat Defense > Proactive protection.

Allow execution immediately- The user can execute the file even if it is still being analyzed. When the result of the analysis is delivered, the ESET product acts accordingly.

Block execution until receiving the analysis result - The user needs to wait until the file analysis is complete to execute the file.

 

proactive

Using Proactive protection

When a suspicious file is detected, Windows may display a warning when running the file for the first time. The ESET product displays information about the file being analyzed. If the analysis is completed before you execute the file for the first time, the File in analysis notice is not displayed.

 
Depending on your configuration settings (see the chapter above), Windows allows or denies running the file during analysis.
 

proactive1

 

Result of analysis

The result is delivered in time

In the configuration, you can set the maximum wait time for the analysis. Result delivered within this time are displayed on the screen:

The file is safe:
proactive4
 

The file is malicious and blocked:
proactive5

 

The result could not be delivered in time

If the analysis is taking longer than the maximum wait time, the file is released for use, and you will be informed about the ongoing analysis.

proactive6

If the analysis proves the file to be malicious, the ESET product displays a warning and acts accordingly.