ESET Online Help

Search English
Select the category
Select the topic

Ransomware Shield

ESET business products (version 7 and later) include Ransomware Shield. This new security feature is a part of HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in the ESET PROTECT Web Console under Detections. To filter only ransomware detections, click Add Filter > Scanner > Anti-Ransomware scanner. For more information about Ransomware Shield, see the ESET Glossary.

You can remotely configure Ransomware Shield from the ESET PROTECT Web Console using the Policy settings for your ESET business product:

Enable Ransomware Shield - The ESET business product automatically blocks all the suspicious applications that behave like ransomware.

Enable Audit Mode - When you enable the Audit Mode, detections identified by the Ransomware Shield are reported in the ESET PROTECT Web Console, but the ESET security product does not block them. The administrator can decide to block the reported detection or exclude it by selecting Create Exclusion. This Policy setting is available only via ESET PROTECT Web Console.



By default, Ransomware Shield blocks all applications with potential ransomware behavior, including legitimate applications. We recommend that you Enable Audit Mode for a short period on a new managed computer, so that you can exclude legitimate applications that are detected as ransomware based on their behavior (false positives). We do not recommend that you use the Audit Mode permanently, because ransomware on the managed computers is not automatically blocked when Audit Mode is enabled.