The detection engine protects against malicious system attacks by scanning files, emails, and network communications. When it detects an object classified as malware, it initiates a remediation process. The engine can eliminate the threat by first blocking it and then taking further actions, such as cleaning, deleting, or moving the malware to quarantine.
|
|
Incorrectly configuring settings may reduce the level of protection.
|
Malware detections (powered by machine learning)
A computer virus is a malicious code prepended or appended to existing files on your computer. However, the term "virus" is often misused. "Malware" (malicious software) is a more accurate term. Malware detection is performed by the detection engine module combined with the Machine learning component. Read more about these types of applications in the ESET Glossary.
Potentially unwanted applications
A Potentially unwanted application is a software with an intent not unequivocally malicious, however; it may install additional unwanted software, change the behavior of the digital device, perform activities not approved or expected by the user or has unclear objectives.
This category includes advertising display software, download wrappers, various browser toolbars, software with misleading behavior, bundleware, trackware, etc. Read more about these types of applications in the ESET Glossary.
Suspicious applications
Is a software compressed with packers or protectors frequently used to deter reverse engineering or to obfuscate the content of the executable (for example, to hide the presence of malware) by proprietary methods of compression and/or encryption.
This category includes: all unknown applications that are compressed with a packer or protector frequently used to compress malware.
Potentially unsafe applications
This classification is given for commercial, legitimate software that might be misused for malicious purposes. An unsafe application refers to legitimate commercial software that has the potential to be misused for malicious purposes.
This category includes: cracking tools, license key generators, hacking tools, remote access or control tools, password-cracking applications and keyloggers (programs that record each keystroke typed by a user). This option is disabled by default. Read more about these types of applications in the ESET Glossary.
Read the following before modifying a threshold (or level) for category Reporting or Protection:
Reporting is performed by the detection engine and machine learning component. You can set the reporting threshold to better suit your environment and needs. There is not a single correct configuration. Therefore, we recommend that you monitor the behavior within your environment and decide whether a different Reporting setting is more suitable.
Reporting does not take action with objects, it passes information to a respective protection layer, and the protection layer takes action accordingly.
Aggressive
|
Reporting configured to maximum sensitivity. More detections are reported. While the Aggressive setting may appear to be the safest, it can often be too sensitive, which might even be counterproductive.
|
|
The aggressive setting may falsely identify objects as malicious, and action will be taken with such objects (depending on Protection settings).
|
|
Balanced
|
This setting is an optimal balance between performance and accuracy of detection rates and the number of falsely reported objects.
|
Cautious
|
Reporting configured to minimize falsely identified objects while maintaining a sufficient level of protection. Objects are reported only when the probability is evident and matches malicious behavior.
|
Off
|
Reporting is not active. Detections are not found, reported or cleaned.
|
|
Malware reporting cannot be deactivated; therefore, the Off setting is not available for Malware.
|
|
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next to the section header. Any changes you have made in this section will be lost.
|
When an object is reported based on the configuration above and the machine learning results, it is blocked and and action is taken (cleaned, deleted or moved to Quarantine).
Aggressive
|
Reported aggressive (or lower) level detections are blocked, and automatic remediation (i.e., cleaning) is started.
|
Balanced
|
Reported balanced (or lower) level detections are blocked, and automatic remediation (i.e., cleaning) is started.
|
Cautious
|
Reported cautious level detections are blocked, and automatic remediation (i.e., cleaning) is started.
|
Off
|
Reporting is not active, no detections are not found, reported or cleaned.
|
|
Malware reporting cannot be deactivated, therefore the Off setting is not available for Malware.
|
|
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next the to section header. Any changes you have made in this section will be lost.
|
|
|
By default, the above machine learning protection settings apply to On-demand computer scan as well. If required, you can configure On-demand & detection responses settings separately. Click the switch icon to disable Use real-time protection settings and proceed with configuration.
|
Reporting
Performed by detection engine and the machine learning component. Reporting does not take an action with objects (this is done by respective protection layer).
Protection
Configure parameters in Hyper-V scan section to affect what action is taken with reported objects.
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next the to section header. Any changes you have made in this section will be lost.
Configure Machine learning protection using eShell. The Context name in eShell is MLP. Open eShell in interactive mode and navigate to MLP:
computer hyperv mlp
See what is the current reporting setting for Suspicious applications:
get suspicious-reporting
If you want less strict reporting, change the setting to Cautious:
set suspicious-reporting cautious
|
Reporting
Performed by detection engine and the machine learning component. Reporting does not take an action with objects (this is done by respective protection layer).
Protection
Configure parameters in Mail transport protection to affect what action is taken with reported objects. Also, you can configure a custom rule:
|
|
Core installation example:
Objective: Quarantine messages that contain malware or attachment that is password protected, encrypted or damaged
Create the following rule for Mail transport protection:
Condition
Type: Antivirus scan result
Operation: is
Parameter: Infected – not cleaned
Action
Type: Quarantine message
|
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next the to section header. Any changes you have made in this section will be lost.
Configure Machine learning protection using eShell. The Context name in eShell is MLP. Open eShell in interactive mode and navigate to MLP:
server av transport mlp
See what is the current reporting setting for Suspicious applications:
get suspicious-reporting
If you want less strict reporting, change the setting to Cautious:
set suspicious-reporting cautious
|
Reporting
Performed by detection engine and the machine learning component. Reporting does not take an action with objects (this is done by respective protection layer).
Protection
Configure parameters in Mailbox database protection to affect what action is taken with reported objects.
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next the to section header. Any changes you have made in this section will be lost.
Configure Machine learning protection using eShell. The Context name in eShell is MLP. Open eShell in interactive mode and navigate to MLP:
server av database mlp
See what is the current reporting setting for Suspicious applications:
get suspicious-reporting
If you want less strict reporting, change the setting to Cautious:
set suspicious-reporting cautious
|
Reporting
Performed by detection engine and the machine learning component. Reporting does not take an action with objects (this is done by respective protection layer).
Protection
Configure parameters in Mailbox database scan to affect what action is taken with reported objects.
If you want to Revert settings in this section to their default values, click the "U-turn" arrow next the to section header. Any changes you have made in this section will be lost.
Configure Machine learning protection using eShell. The Context name in eShell is MLP. Open eShell in interactive mode and navigate to MLP:
server av on-demand mlp
See what is the current reporting setting for Suspicious applications:
get suspicious-reporting
If you want less strict reporting, change the setting to Cautious:
set suspicious-reporting cautious
|
