Edit User Actions/Remediation
Lets you modify and execute user actions taken triggered by the rule.
Edit User Actions
To open select rule actions window, right-click a rule/detection name and select Edit User Actions.
In the select rule actions window you can find the following details:
•Rule—The name of the rule. Click the rule name to open details of the rule in the new window.
•Unresolved Detections—The number of the unresolved detections triggered by this rule.
•Built-in actions—Actions that are set by default (Report detection, Store event).
These actions are available in the select rule actions window:
Protect network—Actions to prevent executable spread across the network.
•Block executable—Prevents the executable from running by blocking the executable based on the SHA-1 hash. The blocked executable will appear in the Blocked Hashes section.
•Clean & block executable—Deletes the executable file and adds the executable to the Blocked Hashes.
•Isolate computer from network—Blocks all network communication on the computer except the connection between ESET security products.
•Block suspicious modules used by process—Blocks all suspicious modules loaded by the process. The other processes cannot use these modules.
Protect Computer—Actions to prevent executable harm the computer.
•Kill process on this computer—Kills the running process that triggered the detection.
•Shutdown computer—Sends the command to shut the computer down.
•Log out—Sends the command to log the currently logged user out.
Apply rule actions—Depending which action boxes you checked , these rule actions will be applied when the rule is triggered.
Cancel—Closes the select rule actions window.
Remediation
To open remediate threat window, open details of the detection and click Remediation.
In the remediate threat window you can find the following details:
•Computer—The name of the computer, where the detection was raised by the rule. Click the name of the computer to open the computer details in the new window.
•Executable—The name of the executable, which triggered the rule. Click the name of the executable to open the executable details in the new window.
•Reputation—Displays reputation score from LiveGrid®. 1–2 Red is malicious, 3–7 Yellow is suspicious, 8–9 Green is safe.
These actions are available in the remediate threat window:
Protect network—Actions to prevent executable spread across the network.
•Block executable—Prevents the executable from running by blocking the executable based on the SHA-1 hash. The blocked executable will appear in the Blocked Hashes section.
•Clean & block executable—Deletes the executable file and adds the executable to the Blocked Hashes.
•Isolate computer from network—Blocks all network communication on the computer except the connection between ESET security products.
Protect Computer—Actions to prevent executable harm the computer.
•Kill process on this computer—Kills the running process that triggered the detection.
•Shutdown computer—Sends the command to shut the computer down.
•Scan computer for malware—Starts on-demand scan on the affected computer.
Trigger actions automatically for this rule—When checked, actions you set in the select rule actions window after clicking Remediate will be applied.
Remediate—Execute user actions immediately. Additional confirmation window with selected actions will appear.
Cancel—Closes the remediate threat window.