Rules Sets

This dialog controls which new detection rules are enabled after the installation.

New means that are added with the new install pack and in Web Console in Admin->Detection Rules tab can be found after filtering by Tag New.

When updating the EEI Server, if ESET updated the default rule, it is marked with a tag Updated.

Enable detection rules with Threat, Warning, and Information severity—ideal for advanced users who want complete visibility and users are already familiar with EEI, which prefer to customize everything manually.

Enable detection rules with Threat and Warning severity—ideal for skilled users who want to do Threat Hunting and wish to evaluate not only malicious but also potentially malicious events.

Enable only detection rules with Threat severity—ideal for new users who know cyber attacks but want to evaluate only confirmed threats.

Disable all detection rules—ideal for new users with no previous experience with EDR solutions and want to start with an analysis of confirmed malware and attacks detected and blocked by the ESET Endpoint product.

The more severities are enabled, the more sensitive the product will react to threats and generate more detections.

Rules can be enabled or disabled at any time in the Admin->Detection rules section of the product:

The first option can be achieved by filtering the view by severity, enabling all three Threat, Warning, Info.

The second option can be achieved by filtering the view by severity, enabling Warning, Info.

The third option can be achieved by filtering the view by severity, enabling Info.

After selecting the filter of your choice, choose all rules by clicking the check box on the left side of the first row (Rule Name (count)). Click the Enable/Disable button.