ESET Online Help

Search English
Select the topic

Real-time file system protection

Real-time file system protection controls all malware-related events in the system. All files are scanned for malicious code when they are opened, created, or run on your computer. By default, Real-time file system protection launches at system start-up and provides uninterrupted scanning.

In special cases (for example, if there is a conflict with another real-time scanner), real-time protection can be disabled by disengaging Enable Real-time file system protection.

ESET Server Security is compatible with machines using Azure File Sync agent with cloud tiering enabled. ESET Server Security recognizes files with attribute FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS.

Media to scan

By default, all types of media are scanned for potential threats:

Local drives – Controls all system hard drives.

Removable media – Controls CD/DVD's, USB storage, Bluetooth devices, etc.

Network drives – Scans all mapped drives.

We recommend that you use default settings and only modify them in specific cases, such as when scanning certain media significantly slows data transfers. Also, we recommend turning off real-time protection only temporarily.

Scan on

All files are scanned by default when opened, created, or executed. We recommend keeping default settings for maximum real-time protection for your computer:

File open – Scanning when files are opened / accessed.

File creation – Scanning when files are created / modified.

File execution – Scanning when files are executed.

Removable media access – Boot sector scanning when accessing removable storage. When you insert removable media containing a boot sector, ESET Server Security immediately scans the boot sector. To scan the data on the removable media, check the Media to scan setting above. Ensure the Boot sectors/UEFI option is enabled in the ThreatSense parameters for the boot sector scanning to work properly.

Processes exclusions

Enables you to exclude specific processes. For example, processes of the backup solution, all file operations attributed to such excluded process are ignored and considered safe, thus minimizing the interference with the backup process.

ThreatSense parameters

Real-time file system protection checks all media types and is triggered by various system events, such as file access. It can be configured to treat newly created files differently than existing files. For example, you can configure it to monitor newly created files more closely.

To minimize the system footprint while using real-time protection, files that have already been scanned will not be scanned again unless they have been modified. After each update to the detection engine database, the files are scanned again. This process is managed by the Smart Optimization feature. If Smart optimization is disabled, all files will be scanned each time they are accessed.

Additional ThreatSense parameters

You can modify detailed options of the Additional ThreatSense parameters for newly created and modified files or Additional ThreatSense parameters for executed files.