Detection engine guards against malicious system attacks by controlling file, email and internet communication. For example, if an object classified as malware is detected, remediation will start. The detection engine can eliminate it by first blocking it and then cleaning, deleting or moving it to quarantine.
To configure the detection engine settings in detail, click Advanced Setup or press F5.
Warning Changes to the Detection engine settings should only be made by an experienced user. Incorrect configuration of settings can lead to a decreased level of protection. |
In this section:
•Real-time & Machine learning protection categories
Changes to the detection engine scanner configuration In version 13.1 and later, the Detection engine section no longer provides ON/OFF switches as for version 13.0 and below. The ON/OFF buttons are replaced with four thresholds – Aggressive, Balanced, Cautious and Off. |
Real-time & Machine learning protection categories
Real-time & Machine learning protection for all protection modules (for example, Real-time file system protection, Web access protection, …) allows you to configure reporting and protection levels for the following categories:
•Malware – A computer virus is a piece of malicious code that is prepended or appended to existing files on your computer. However, the term “virus” is often misused. “Malware” (malicious software) is a more accurate term. Malware detection is performed by the detection engine module combined with the machine learning component. Read more about these types of applications in the Glossary.
•Potentially unwanted applications – Grayware or potentially unwanted applications (PUAs) is a broad category of software, whose intent is not as unequivocally malicious as other types of malware, such as viruses or trojan horses. However, it could install additional unwanted software, change the behavior of the digital device, or perform activities not approved or expected by the user. Read more about these types of applications in the Glossary.
•Suspicious applications – include programs compressed with packers or protectors. These types of protectors are often exploited by malware authors to evade detection.
•Potentially unsafe applications – Refers to legitimate commercial software that has the potential to be misused for malicious purposes. Examples of potentially unsafe applications (PUAs) include remote access tools, password-cracking applications, and keyloggers (programs recording each keystroke typed by a user). Read more about these types of applications in the Glossary.
Improved protection Advanced machine learning is now a part of the detection engine as an advanced layer of protection which improves detection based on machine learning. Read more about this type of protection in the Glossary. |
Malware scans
Scanner settings can be configured separately for the real-time scanner and the on-demand scanner. By default, Use real-time protection settings is enabled. When enabled, relevant On-demand scan settings are inherited from the Real-time & Machine Learning protection section.
Reporting setup
When a detection occurs (e.g., a threat is found and classified as malware), information is recorded to the Detections log, and Desktop notifications occur if configured in ESET Smart Security Premium.
A reporting threshold is configured for each category (referred to as “CATEGORY”):
1.Malware
2.Potentially unwanted applications
3.Potentially unsafe
4.Suspicious applications
Reporting is performed with the detection engine, including the machine learning component. It is possible to set a higher reporting threshold than the current protection threshold. These reporting settings do not influence blocking, cleaning or deleting objects.
Read the following before modifying a threshold (or level) for CATEGORY reporting:
Threshold |
Explanation |
Aggressive |
CATEGORY reporting configured to maximum sensitivity. More detections are reported. The Aggressive setting can falsely identify objects as CATEGORY. |
Balanced |
CATEGORY reporting configured as balanced. This setting is optimized to balance the performance and accuracy of detection rates and the number of falsely reported objects. |
Cautious |
CATEGORY reporting configured to minimize falsely identified objects while maintaining a sufficient level of protection. Objects are reported only when the probability is evident and matches CATEGORY behavior. |
Off |
Reporting for CATEGORY is not active, and detections of this type are not found, reported or cleaned. As a result, this setting disables protection from this detection type. |
Availability of ESET Smart Security Premium protection modules
Availability (enabled or disabled) of a protection module for a selected CATEGORY threshold is as follows:
* Available in ESET Smart Security Premium version 13.1 and later. |
Determine product version, program module versions and build dates
1.Click Help and support > About ESET Smart Security Premium. 2.In the About screen, the first line of text displays the version number of your ESET product. 3.Click Installed components to access information about specific modules. |
Keynotes
Several keynotes when setting up an appropriate threshold for your environment:
•The Balanced threshold is recommended for most of the setups.
•The Cautious threshold represents a comparable level of protection from previous versions of ESET Smart Security Premium (13.0 and below). This is recommended for environments where the priority focuses on minimizing false identified objects by security software.
•The higher reporting threshold, the higher detection rate but a higher chance of falsely identified objects.
•From the real-world perspective, there is no guaranty of a 100% detection rate as well as a 0% chance to avoid incorrect categorization of clean objects as malware.
•Keep ESET Smart Security Premium and its modules up-to-date to maximize the balance between performance and accuracy of detection rates and the number of falsely reported objects.
Protection setup
If an object classified as CATEGORY is reported, the program blocks the object and then cleans, deletes or moves it to Quarantine.
Read the following before modifying a threshold (or level) for CATEGORY protection:
Threshold |
Explanation |
Aggressive |
Reported aggressive (or lower) level detections are blocked, and automatic remediation (i.e., cleaning) is started. This setting is recommended when all endpoints have been scanned with aggressive settings and falsely reported objects have been added to detection exclusions. |
Balanced |
Reported balanced (or lower) level detections are blocked, and automatic remediation (i.e., cleaning) is started. |
Cautious |
Reported cautious level detections are blocked, and automatic remediation (i.e., cleaning) is started. |
Off |
Useful to identify and exclude falsely reported objects. |
Conversion table for ESET Smart Security Premium 13.0 and below
When upgrading from versions 13.0 and below to version 13.1 and later, the new threshold state will be as follows:
|
Source : Official ESET Brand
Editor by : BEST Antivirus KBS Team