What's new in 1.6

Granular User Access rights (permission sets in ESET PROTECT)

Incidents view

Remote Connection method (available in Server Settings)

"Lightweight" mode (ability to configure the product to reduce the number of stored low-level data and shorten data retention to achieve more than 10x decrease in database size)



A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc. These can be seen in the Events view.

Reduction of “Detection overload”

Learning mode

Protection against noisy Rules

Default Exclusions suggestions

Profile-based configuration in the installer to set up the product for various user types:

oChoice of 3 preset Profiles

oChoice of Rules to enable based on four Severity levels

oChoice of Data collection options

oChoice of Data retention periods


Database improvements

Event Filters created automatically for noisy Computers

DB Purge process improvement

Display estimated DB required space on Dashboard

Warning for sub-optimal DB configuration

Warning in case of lack of space


User Interface improvements

Questions view

Improved Details view

Filtering in Raw Events view

Categorization for Rules

Expose PEDrop module hash in UI


Detection capability improvements

Ability to detect brute-forcing of accounts

Ability to detect misuse of trusted DLLs

Ability to monitor discovery techniques using the WMI GetObject method

Re-evaluation of Rules severity values (based on latest telemetry statistics)

Change of Rule set to reflect the compromised flag


REST API improvements

Ability to disable/enable Rules

Ability to create/manage Exclusions

Ability to trigger Network Isolation

Added Trigger Event for Detections​​​​​​​


Other improvements

Ease of deployment – All-in-one installer with EEI Agent (ESET PROTECT 8.1 required)

Performance and scaling improvements

Renaming of ESMC to ESET PROTECT within the EEI interface