ESET Online Help

Search
Select the category
Select the topic

Edit User Actions/Remediation

Modify and execute user actions triggered by a rule.

Edit User Actions

To open, select the rule actions window, right-click a rule/detection name and select edit_icon Edit User Actions. Here you can find the following details:

Rule—The rule’s name. Click the rule name to open the details in a new window.

Unresolved Detections—The number of unresolved detections triggered by this rule.

Built-in actions—Actions that are set by default.

These actions are available in the select rule actions window:

Protect network—Actions to prevent executables from spreading across the network.

Block executable—Prevents the executable from running by blocking it based on the SHA-1 hash and lists it in the Blocked Hashes section.

Clean & block executable—Deletes the executable file and adds it to Blocked Hashes.

Isolate computer from network—Blocks all network communication on the computer except between ESET security products.

Block suspicious modules used by process—Blocks all suspicious modules loaded by the process, and other processes cannot use these modules.

 

Protect Computer—Actions to prevent executables from harming the computer.

Kill process on this computer—Kills the running process that triggered the detection.

Shutdown computer—Sends the command to shut down the computer.

Log out—Logs the currently logged user out.

 

Apply rule actions—Actions will be applied when the rule is triggered.

Cancel—Closes the select rule actions window.

Remediation

To open the remediate threat window, open the detection details and click Remediation.

The remediate threat window displays:

Computer—The computer's name, where the rule raised the detection. Click to open the computer details.

Executable—The executable’s name that triggered the rule. Click to open the executable details.

Reputation (LiveGrid®)—A number from 1–9, indicating how safe the file is: 1–2 (red) is malicious, 3–7 (yellow) is suspicious, 8–9 (green) is safe.

The remediate threat window displays:

Protect network—Actions to prevent executables from spreading across the network.

Block executable—Prevents the executable from running by blocking it based on the SHA-1 hash and lists it in the Blocked Hashes section.

Clean & block executable—Deletes the executable file and adds it to Blocked Hashes.

Isolate computer from network—Blocks all network communication on the computer except between ESET security products.

 

Protect Computer—Actions to prevent executables from harming the computer.

Kill process on this computer—Kills the running process that triggered the detection.

Shutdown computer—Sends the command to shut down the computer.

Scan computer for malware—Starts an On-demand scan on the affected computer.

 

Trigger actions automatically for this rule—When checked, actions you set in the select rule actions window after clicking Remediate will be applied.

 

Remediate—Execute user actions immediately; an additional confirmation window appears.

Cancel—Closes the remediate threat window.