Proactive protection
Proactive protection detects only files from the following sources:
•Files downloaded using a supported web browser
•Downloaded from a mail client
•Files extracted from an unencrypted or encrypted archive using one of the supported archive utilities
•Executed and opened files located on a removable device
If a file is suspicious, Proactive protection blocks its execution until the detection layers complete the analysis.
Supported applications and devices
This function is available for products and devices running on:
•Windows - All supported ESET Endpoint products and ESET Server Security 7.2 and later, ESET Mail Security 7.2 and later.
•Linux - all supported products.
Supported applications on Windows
Web browsers |
Mail Clients |
Archive utilities |
Removable devices |
|---|---|---|---|
Internet Explorer |
Microsoft Outlook |
WinRAR |
USB flash drive |
Microsoft Edge |
Mozilla Thunderbird |
WinZIP |
USB hard drive |
Chrome |
Microsoft Mail |
Microsoft Explorer built-in unpacker |
CD/DVD |
Firefox |
|
7zip |
Floppy disk |
Opera |
|
|
Built-in card reader |
Brave Browser |
|
|
|
|
Files copied using Microsoft Explorer from an excluded location to a protected location get blocked by Proactive protection because ESET LiveGuard Advanced recognizes explorer.exe as an archive utility. |
Supported applications on Linux
Web browsers |
Mail Clients |
Archive utilities |
Removable devices |
|---|---|---|---|
Chrome |
Mozilla Thunderbird |
Not supported on Linux |
USB flash drive |
Firefox |
Evolution |
|
USB hard drive |
Opera |
Mailspring |
|
CD/DVD |
Brave Browser |
KMail |
|
Floppy disk |
Vivaldi |
Geary |
|
Built-in card reader |
|
Mutt |
|
|
|
claws mail |
|
|
|
Alpine |
|
|
ESET Cloud Office Security users
Proactive protection is not available in ESET Cloud Office Security.
Configuration of ESET Endpoint Antivirus
Configure the proactive protection settings using an policy.
In the Web Console, navigate to policies > create a new one or edit existing policy > select target ESET product > Detection Engine > Cloud-based protection > ESET LiveGuard Advanced > Proactive protection.
•Allow execution immediately - The user can execute the file even if it is still being analyzed. When the result of the analysis is delivered, the ESET product responds accordingly.
•Block execution until receiving the analysis result - The user needs to wait until file analysis is complete to execute the file.
Using Proactive protection
When a suspicious file is detected, your operating system may display a warning when running the file for the first time. The ESET product displays information about the file being analyzed. If the analysis is completed before you execute the file for the first time, the File in analysis notice is not displayed.
Windows users
Depending on your configuration settings, Windows allows or denies running the file during analysis.
Linux users
ESET Server Security products on Linux do not display the warning about the ongoing analysis. If you try to run a file locked by proactive protection:
•Linux system displays the Access denied information.
•Linux terminal returns Operation not permitted message.
ESET Endpoint Security displays graphical warning, when used in Linux with graphical interface:
Result of analysis
The result is delivered in time
In the configuration, you can set the maximum wait time for the analysis. Results delivered within this time are displayed on the screen:
•The file is safe:
•The file is malicious and blocked:
The result could not be delivered in time
If analysis is taking longer than the maximum wait time, the file is released for use, and you will be informed about the ongoing analysis.
If the analysis proves the file to be malicious, the ESET product displays a warning and responds accordingly.