Detections
The Detections section gives you an overview of detections found on managed devices.
Group structure is displayed on the side. You can browse groups and view detections found on members of a given group. To view all detections found on clients assigned to groups for your account, select the All group and remove any applied filters.
See the ESET Glossary for more details about ESET technologies and the types of detections/attacks they protect against. |
Detection status
There are two types of detections based on their status:
•Active detections - Active detections are detections that have not been cleaned yet. To clean the detection, run an In-Depth Scan with cleaning enabled on the folder that contains the detection. The scan task must finish successfully to clean the detection and have no more detections. If a user does not resolve an active detection within 24 hours from its discovery, it loses the Active status but it stays unresolved.
•Resolved detections - These are detections that have been marked by a user as resolved, however they have not yet been scanned using In-Depth Scan. Devices with detections marked as resolved will still be displayed in the filtered results list until scanning is performed.
A Detection handled status indicates whether an ESET security product took action against a detection (depending on detection type and cleaning level settings):
•Yes - The ESET security product took action against the detection (delete, clean, or quarantine).
•No - The ESET security product did not take action against the detection.
You can use Detection handled as a filter in Reports, Notifications, and Dynamic Group Templates.
Not all detections found on client devices are moved to quarantine. Detections that are not quarantined include: •Detections that cannot be deleted •Detections that are suspicious based on their behavior, but are not identified as malware, for example, PUAs |
Aggregation of detections
Detections are aggregated by time and other criteria to simplify their resolution. If the same detection occurs repeatedly, the Web Console will display it in a single line to make its resolution easier. Detections older than 24 hours are aggregated automatically every midnight. You can identify aggregated detections by the X/Y (resolved items/total items) value in the Resolved column. You can see the list of aggregated detections in the Occurrences tab in detection details.
Detections in archives
If one or more detections are found in an archive, the archive and each detection inside the archive are reported in Detections.
Excluding an archive file that contains a detection does not exclude the detection. You must exclude the individual detections inside the archive. The maximum file size for files contained in archives is 3 GB. |
The excluded detections will not be detected anymore, even if they occur in another archive or are unarchived.
Filtering detections
By default, all detection types from the last seven days are shown, including detections that have been successfully cleaned. You can filter the detections by several criteria: Computer Muted and Occurred are enabled by default.
Some filters are enabled by default. If detections are indicated on the Detections button in the main menu, but you cannot see them in the list of detections, check to see which filters are enabled. |
Grouping of detections
To group detections, select from the drop-down menu:
•Ungrouped—default view
•Grouped by computer—detections grouped by a computer name
•Grouped by category—detections grouped by a detection category
•Grouped by type—detections grouped by a detection category and its detection type
•Grouped by hash—detections grouped by a hash
•Grouped by cause—detections grouped by a cause
•Grouped by user—detections grouped by a user
To view all detections grouped in a specific row, click any row and click Open detection list. Information about the detection group is then displayed at the top of the page. Click the Down Arrow icon to navigate between grouped detections. Click the Back Arrow icon to go back to the detection groups.
For a more specific view, you can add other filters, such as:
•Detection Category - Antivirus, Blocked files, Firewall, HIPS, and Web protection.
•Detection Type
•IP Address of the client that reported the detection
•Scanner—Select the scanner type that reported the detection. For example, the Anti-Ransomware scanner shows the detections reported by the Ransomware Shield.
•Action—Select the action performed on the detection. ESET security products report the following actions to ESET PROTECT:
ocleaned—The detection was cleaned.
odeleted/cleaned by deleting—The detection was deleted.
owas a part of a deleted object—An archive that contained the detection was deleted.
oblocked/connection terminated—The access to the detected object was blocked.
oretained—No action was performed due to various reasons, for example:
➢ In the interactive alert, the user manually selected not to perform any action.
➢ In the ESET security product detection engine settings, the Protection level for the detection category is set lower than the Reporting level.
Filters and layout customization
You can customize the current Web Console screen view:
•Manage the side panel and main table.
•Add filters and filter presets. You can use tags for filtering the displayed items.