ESET Endpoint Security – Table of Contents

Protections

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Detection Responses

Detection Responses are defined as part of protection settings. For each category of infiltrations you can set the level of Reporting and Protection ranging from Aggressive to Balanced, Cautious or you can turn Off the detection completely. Types of infiltrations for which you can modify detection responses are listed below:

Malware Detections

Malware are pieces of malicious code that are a part of existing files on your computer.

Potentially Unwanted Applications

Grayware or potentially unwanted applications (PUAs) is a broad software category whose intent is not as unequivocally malicious as other malware types, such as viruses or trojans. However, these applications could install additional unwanted software, change the behavior of the digital device or perform unapproved or unexpected activities. See the Glossary for more about these applications.

Suspicious Applications

These include programs compressed with packers or protectors. These protectors are often exploited by malware authors to evade detection. A packer is a runtime self-extracting executable that rolls up several kinds of malware into a single package. The most common packers are UPX, PE_Compact, PKLite and ASPack. The same malware may be detected differently when compressed using a different packer. Packers can also make their "signatures" mutate over time, making malware more difficult to detect and remove.

Potentially Unsafe Applications

These applications are commercial, legitimate software that can be abused by attackers if installed without user consent. This classification includes programs such as remote access tools. This option is disabled by default.

HTTPS Traffic Scanning

HTTPS traffic uses an encrypted channel to transfer information between server and client. ESET Endpoint Security checks communication utilizing the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols.

Enable SSL/TLS

If disabled, the program will not scan communication over SSL/TLS.

SSL/TLS mode

In Automatic mode, SSL/TLS is active only for automatically chosen applications, like web browsers and email clients. The behavior can be overridden per application or server certificate.

In Policy-based mode, all SSL/TLS connections are scanned except configured exclusions. You can exclude either applications or server certificates.

Application scan rules

Application scan rules enable you to customize how your ESET security product handles specific applications communicating over SSL/TLS protocols. Applications specified here will be excluded from future scanning. Only exclude an application if you are certain you trust it, as doing otherwise could expose your device to security risks.

The Application scan rules window consists of:

Columns:

•Application—Specify the path to an executable file.

•Scan action:

Auto—Depends on SSL/TLS filtering mode.

Scan—Scan secure communication for the application.

Ignore—Exclude secure communication from scanning for the application.

Control elements:

•Add—Add filtered application.

•Edit—Select the application you want to configure and click Edit.

•Remove—Select the application you want to remove and click Remove.

•Import/Export—Import applications from a file or save your current list of applications to a file.

Certificate Rules

Certificate scan rules enable you to customize how your ESET security product handles specific certificates used in SSL/TLS communications. Only exclude a certificate if you trust its issuer, as excluding untrusted certificates could expose your device to security risks.

You can the add a new certificate rule by clicking Add, remove an existing rule by clicking Remove or modify it by clicking Edit. Once you Import the certificate, the certificate name, issuer and subject will fill automatically. For each imported certificate you can specify access and scan actions as listed below:

Access Action

•Auto - Allow trusted certificates and ask about untrusted ones.

•Allow - Allow communication secured by this certificate regardless of its trustworthiness.

•Block - Block communication secured by this certificate regardless of its trustworthiness.

Scan Action

•Auto - Depends on SSL/TLS filtering mode.

•Scan - Scan communication secured by the specified certificate.

•Ignore - Exclude communication secured by the specified certificate from scanning.

Do not scan traffic from domains trusted by ESET

Use the toggle to turn this setting on or off. By default it is turned on, meaning that the traffic from domains that are trusted by ESET is not scanned.

Block traffic encrypted with obsolete SSL 2.0

Use the toggle to turn this setting on or off. By default it is turned on, meaning that the traffic encrypted with obsolete SSL 2.0 is blocked.

Action to take if certificate trust cannot be established

You can decide between two options:

•Ask about certificate validity - always get notification and decide if the certificate is valid.

•Block communication that uses the certificate - automatically block the communication that uses the certificate.

˄˅