Detections

To access detection reports, click Detections in the Web Console menu on the left. The Detections panel gives you an overview of all detections found on computers in your network.

threats_details

You can browse groups and view detections on members of a given group. You can filter the view; all detection types from the last seven days are visible by default. Detections can be Marked as resolved in the Detections section or under details for a specific client.

Detections are aggregated by time and other criteria to simplify their resolution. Detections older than 24 hours are aggregated automatically every midnight. You can identify aggregated detections by the X/Y (resolved items/total items) value in the Resolved column. You can see the list of aggregated detections in the Occurrences tab in detection details.

You can find the quarantined detections in icon_moreMore > Quarantine.

Exclusions

You can exclude selected item(s) in Detections from being detected in the future. Click a detection and select icon_create_exclusion Create Exclusion. You can exclude only icon_antivirusAntivirus detections and icon_firewall Firewall detections - IDS rules. You can create an exclusion and apply it to more computers and groups.

warning

Use exclusions with caution. They may result in an infected computer.

The icon_moreMore > Exclusions section contains all created exclusions, increases their visibility, and simplifies their management.

Detections in archives

If one or more detections are found in an archive, the archive and each detection inside the archive are reported in Detections.

warning

Excluding an archive file that contains a detection does not exclude the detection. You must exclude the individual detections inside the archive. The maximum file size for files contained in archives is 3 GB.

The excluded detections will not be detected anymore, even if they occur in another archive or are unarchived.

Ransomware Shield

ESET business products (version 7 and later) include Ransomware Shield. This new security feature is a part of HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in the ESET PROTECT Web Console under Detections. To filter only ransomware detections, click Add Filter > Scanner > Anti-Ransomware scanner. For more information about Ransomware Shield, see the ESET Glossary.

You can remotely configure Ransomware Shield from the ESET PROTECT Web Console using the Policy settings for your ESET business product:

Enable Ransomware Shield - The ESET business product automatically blocks all the suspicious applications that behave like ransomware.

Enable Audit Mode - When you enable the Audit Mode, detections identified by the Ransomware Shield are reported in the ESET PROTECT Web Console, but the ESET security product does not block them. The administrator can decide to block the reported detection or exclude it by selecting Create Exclusion. This Policy setting is available only via ESET PROTECT Web Console.

 

important

By default, Ransomware Shield blocks all applications with potential ransomware behavior, including legitimate applications. We recommend that you Enable Audit Mode for a short period on a new managed computer, so that you can exclude legitimate applications that are detected as ransomware based on their behavior (false positives). We do not recommend that you use the Audit Mode permanently, because ransomware on the managed computers is not automatically blocked when Audit Mode is enabled.