ESET Online Help

Select the category
Select the topic


ESET Inspect provides the ability to match incoming events against the rules. Rules are defined using an XML-based language to predicate conditions over events property (Module name, Hash, Signer, Popularity).

Rules can be edited/enabled/disabled when events reception is provided to the RuleEngine component to be compiled and matched against the events, eventually raising a detection.

For this reason, the possibility to filter/exclude some detections is needed.

As most of the filtering is going to be based on exactly the same property used in the rules, exclusions are defined using the same language used by the rules. This has the notable advantage of allowing for fair reuse of much of the existing machinery.

Provides an editing tool wizard, as exclusions are usually strictly related to some existing rule. Starting from an existing detection, this wizard will provide some initial values for the exclusion rule conditions.

Set of pre-defined exclusions (enabled by default) that you can enable later.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the list of displayed items. Tags are also powerful when searching for a specific computer, detection, incident, executable, or script. Also you can click the gear gear_icon icon for table options to manage the main table.

Right-click an exclusion name to take further actions:


Go to the update exclusion window.







Access group

Displays currently assigned access group. Click Move to assign different access group.


Assign tag(s) to an exclusion from the list of existing, or create a new custom tag(s).


Quick filters, depending on the column where you activated the context menu (Show only this, Hide this).

New exclusion

Go to the Create exclusion window.


Starts the export process of the rule, depending on the used web browser. The format of the file is XML.


Opens the window for import the XML rule file.