Ransomware Shield

ESET business products (version 7 and later) include Ransomware Shield. This new security feature is a part of HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in the ESMC Web Console under Detections. To filter only ransomware detections, click Add Filter > Scanner > Anti-Ransomware scanner. For more information about Ransomware Shield, see the ESET Glossary.

You can remotely configure Ransomware Shield from the ESMC Web Console using the Policy settings for your ESET business product:

Enable Ransomware Shield - ESET business product automatically blocks all the suspicious applications that behave like ransomware.

Enable Audit Mode - When you enable the Audit Mode, potential detections identified by the Ransomware Shield are not blocked and are reported in the ESMC Web Console. The administrator can decide to block the potential reported detection or exclude it by selecting Create Exclusion. This Policy setting is available only via ESMC Web Console.




By default, Ransomware Shield blocks all applications with potential ransomware behavior, including legitimate applications. We recommend that you Enable Audit Mode for a short period on a new managed computer, so that you can exclude legitimate applications that are detected as ransomware based on their behavior (false positives). We do not recommend that you use the Audit Mode permanently, because ransomware on the managed computers is not automatically blocked when Audit Mode is enabled.