ESET Online Help

Search English
Select the topic

Real-time file system protection

Real-time file system protection controls all files in the system for malicious code when opened, created, or run.


By default, Real-time file system protection launches at system start-up and provides uninterrupted scanning. We do not recommend disabling Enable Real-time file system protection in Advanced setup > Protections > Real-time file system protection > Real-time file system protection.

Media to scan

By default, all types of media are scanned for potential threats:

  • Local drives—Scans all system and fixed hard drives (example: C:\, D:\).
  • Removable media—Scans CD/DVDs, USB storage, memory cards, etc.
  • Network drives—Scans all mapped network drives (example: H:\ as \\store04) or direct access network drives (example: \\store08).

We recommend that you use default settings and only modify them in specific cases, such as when scanning certain media significantly slows data transfers.

Scan on

By default, all files are scanned when opened, created, or executed. We recommend that you keep these default settings, as they provide the maximum level of real-time protection for your computer:

  • File open—Scans when a file is opened.
  • File creation—Scans a created or modified file.
  • File execution—Scans when a file is executed or run.
  • Removable media boot sector access—When removable media that contains a boot sector is inserted into the device, the boot sector is immediately scanned. This option does not enable removable media file scanning. Removable media file scanning is located Media to scan > Removable media. For Removable media boot sector access to work correctly, keep Boot sectors/UEFI enabled in ThreatSense.

Processes exclusions

See Processes exclusions.


Real-time file system protection checks all types of media and is triggered by various system events, such as accessing a file. Using ThreatSense technology detection methods (as described in ThreatSense), Real-time file system protection can be configured to treat newly created files differently than existing files. For example, you can configure Real-time file system protection to monitor newly created files more closely.

To ensure a minimal system footprint when using real-time protection, files that have already been scanned are not scanned repeatedly (unless they have been modified). Files are scanned again immediately after each detection engine update. This behavior is controlled using Smart optimization. If this Smart optimization is disabled, all files are scanned each time they are accessed. To modify this setting, open Advanced setup > Protections > Real-time file system protection. Click ThreatSense > Other and select or deselect Enable Smart optimization.

Real-time file system protection also enables you to configure Additional ThreatSense parameters.