ESET Online Help

Search English
Select the topic

ThreatSense parameters

ThreatSense is comprised of many complex threat detection methods. This technology is proactive, which means it also protects during the early spread of a new threat. It uses a combination of code analysis, code emulation, generic signatures, and virus signatures which work in unity to enhance system security significantly. The scanning engine is capable of controlling several data streams simultaneously, maximizing efficiency and detection rate. ThreatSense technology also successfully eliminates rootkits.

ThreatSense engine setup options allow you to specify several scan parameters:

File types and extensions to be scanned

The combination of various detection methods

Cleaning levels, etc.

To enter the setup window, click Setup > Detection engine, select one of the modules mentioned below, click ThreatSense parameters. Different security scenarios may require different configurations. With this in mind, ThreatSense is individually configurable for the following protection modules:

Real-time file system protection

Malware scans

Remote scanning

ThreatSense parameters are highly optimized for each module, and their modification can significantly influence system operation. For example, changing parameters to scan runtime packers always or enabling advanced heuristics in the Real-time file system protection module could result in system slow-down (usually, only newly-created files are scanned using these methods).

Objects to scan

This section allows you to define which computer components and files will be scanned for infiltrations.

Boot sectors/UEFI – Scans boot sectors/UEFI for the presence of viruses in the master boot record

Email files – The program supports the following extensions: DBX (Outlook Express) and EML

Archives – The program supports the following extensions: ARJ, BZ2, CAB, CHM, DBX, GZIP, ISO/BIN/NRG, LHA, MIME, NSIS, RAR, SIS, TAR, TNEF, UUE, WISE, ZIP, ACE, and many others

Self-extracting archives – Self-extracting archives (SFX) are archives that can extract themselves

Runtime packers – After being executed, runtime packers (unlike standard archive types) decompress in memory. In addition to standard static packers (UPX, yoda, ASPack, FSG, etc.), the scanner is able to recognize several additional types of packers through the use of code emulation


Real-time file system protection does not scan the content of archive files. It scans the content of certain self-extracting archives when downloaded to the hard drive.

Scan options

Select the methods used when scanning the system for infiltrations. The following options are available:

Heuristics – A heuristic is an algorithm that analyzes the (malicious) activity of programs. The main advantage of this technology is the ability to identify malicious software which did not exist, or was not covered by the previous virus signatures database. The disadvantage is a (very small) probability of false alarms

Advanced heuristics/DNA signatures – Advanced heuristics are a unique heuristic algorithm developed by ESET, optimized for detecting computer worms and trojan horses and written in high-level programming languages. The use of advanced heuristics greatly increases the threat detection capabilities of ESET products. Signatures can reliably detect and identify viruses. Utilizing the automatic update system, new signatures are available within a few hours of a threat discovery. The disadvantage of signatures is that they only detect viruses they know (or slightly modified versions of these viruses)


An extension is the part of a filename delimited by a period. An extension defines the type and content of a file. This section of the ThreatSense parameter setup lets you define the types of files to be excluded from scan.


When configuring ThreatSense engine parameters setup for a On-demand computer scan, the following options in Other section are also available:

Run background scans with low priority – Each scanning sequence consumes a certain amount of system resources. If you work with programs that place a high load on system resources, you can activate low priority background scanning and save resources for your applications

Enable Smart optimization – With Smart Optimization enabled, the most optimal settings are used to ensure the most efficient scanning level, while simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of different scanning methods and applying them to specific file types. If the Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the specific modules are applied when performing a scan.

Preserve last access timestamp – Select this option to keep the original access time of scanned files instead of updating them (for example, for use with data backup systems)


The Limits section allows you to specify the maximum size of objects and levels of nested archives to be scanned.

Object settings

To modify object settings, disable Default object settings.

Maximum object size – Defines the maximum size of objects to be scanned. The given antivirus module will then scan only objects smaller than the size specified. This option should only be changed by advanced users who may have specific reasons for excluding larger objects from scanning. Default value: unlimited

Maximum scan time for object (sec.) – Defines the maximum time value for scanning of an object. If a user-defined value has been typed here, the antivirus module will stop scanning an object when that time has elapsed, regardless of whether the scan has finished. Default value: unlimited

Archive scan setup

To modify archive scan settings, disable Default archive scan settings.

Archive nesting level – Specifies the maximum depth of archive scanning. Default value: 10

Maximum size of file in archive – This option allows you to specify the maximum file size for files contained in archives (when they are extracted) that are to be scanned. Default value: unlimited


Default values

We do not recommend changing the default values; under normal circumstances, there should be no reason to modify them.