Cloud-based protection
ESET LiveGrid® is an advanced early warning system comprised of several cloud-based technologies. It helps to detect emerging threats based on reputation and improves scanning performance utilizing whitelisting.
By default, ESET Endpoint Security is configured to submit suspicious files to the ESET Research Lab for analysis. Files with certain extensions such as .doc or .xls are always excluded. You can also add other extensions if there are specific files that you or your organization want to avoid sending.
To configure the ESET Endpoint Security remotely:
1.In ESET PROTECT, click Policies > New policy and type a name for the policy.
To adjust the settings in an existing policy for ESET Endpoint for macOS (V7+), click the policy you want to change in the list of policies and click Edit > Settings. |
2.Click Settings and select ESET Endpoint for macOS (V7+) from the drop-down menu.
3.Adjust the desired settings.
4.Click Continue > Assign and select the appropriate group of computers.
5.Click Finish.
To configure the ESET Endpoint Security locally see application preferences. |
In Detection Engine > Cloud-based protection, you can configure the following settings:
Cloud-based protection
Enable ESET LiveGrid® reputation system (recommended)
ESET LiveGrid® reputation system improves the efficiency of ESET anti-malware solutions by comparing scanned files to a database of whitelisted and blacklisted items in the cloud.
Enable ESET LiveGrid® feedback system
Data will be sent to the ESET Virus Lab for further analysis.
Submit crash reports and diagnostic data
Submit data such as crash reports, modules or memory dumps.
Help improve the product by submitting anonymous usage statistics
Allow ESET to collect information about newly detected threats such as the threat name, date and time of detection, detection method and associated metadata, scanned files (hash, filename, origin of the file, telemetry), blocked and suspicious URL's, product version and configuration, including information about your system.
Contact email (optional)
Contact email can be included with any suspicious files and may be used to contact the user if further information is required for analysis. Please note that user will not receive a response from ESET unless more information is needed.
Submission of samples
Automatic submission of detected samples
Based on the selected option, this can submit infected samples to ESET Research Lab for analysis and improve future detection.
•All detected samples
•All samples except documents
•Do not submit
Automatic submission of suspicious samples
Suspicious samples resembling threats and samples with unusual characteristics or behavior are submitted to ESET Research Lab for analysis.
Executables – Includes executable files: .exe, .dll, .sys
Archives – Includes archive file types: .zip, .rar, .7z, .arch, .arj, .bzip2, .gzip, .ace, .arc, .cab
Scripts – Includes script file types: .bat, .cmd, .hta, .js, .vbs, .ps1
Other – Includes file types: .jar, .reg, .msi, .swf, .lnk
Delete executables, archives, scrips and other samples from ESET's servers – Default value is set to Never
Exclusions
Click Edit next to Exclusions to exclude specific files or folders from submission. The excluded files will not be sent to ESET Research Lab even if they contain a suspicious code.
Maximum size of samples (MB)
Define the maximum size of samples (range 1-64 MB).
ESET LiveGuard
ESET LiveGuard is a feature that adds a layer of cloud-based protection specifically designed to mitigate never-before-seen threats. When enabled, suspicious samples not yet confirmed as malicious and potentially carrying malware are automatically submitted to the ESET cloud. Submitted samples are run in a sandbox and are evaluated by our advanced malware detection engines.
Enable ESET LiveGuard
Enabling ESET LiveGuard provides another level of security by utilizing cloud-based technology to analyze and detect new types of threats. ESET LiveGuard can be enabled only if ESET LiveGrid® is enabled.
Detection threshold
Results with selected and higher threshold value will be detected as threats. Threshold value can be set to Suspicious, Highly Suspicious and Malicious threats.
Action after detection
Choose what should be done after a threat is detected. The options are Kill running process and clean or Clean on next file access.
Proactive protection
The modes offered are Allow execution immediately or Block execution until receiving the analysis result. Proactive protection in blocking mode helps to better protect computers. It will evaluate a file before execution if it has been downloaded using a supported web browser or email client, was located on removable media or extracted from an archive.
Maximum wait time for the analysis result
Consider the average analysis time before adjusting this settings. After this time, a user can execute the sample regardless of the analysis results.
Automatic submission of suspicious samples
Documents – Includes documents created in Microsoft Office, Libre Office or other office tool, or PDF's with active content.
Delete documents from ESET's servers – this value can be set to Never, After 30 days or Immediately after analysis.