1

ESET Endpoint Antivirus 3 ESET Endpoint Antivirus 5 Protection status () 5 Computer scan () 7 12 Update () 13 Setup () 15 Real-time file system protection 18 ThreatSense 19 Advanced setup 28 Document protection 30 Computer scan 31 Startup scan 32 Exclusions by path 33 Removable media 36 Device control 38 HIPS 44 Advance setup HIPS 53 Web access protection 56 HTTP, HTTPs 57 Active mode 58 URL address management 59 Email client protection 63 Email client integration 64 Email client 65 POP3, POP3s 66 IMAP, IMAPs 67 Protocol filtering 68 Excluded application 69 Excluded IP addresses 70 SSL 72

2

Certificates 73 Trusted Certificates 74 Excluded Certificates 75 Update 76 Advanced 77 Log files 78 Proxy Server 79 License 80 Quarantine 82 Scheduler 83 Remote Administration 84 NAP 85 Alerts and notifications 86 ESET Live Grid 87 System updates 89 Diagnostics 90 Graphics 91 Alerts and notifications 92 Hidden message boxes 94 Access setup 95 Context menu 96 Presentation Mode 97 Tools () 98 Compress File 111

3

ESET Endpoint Antivirus

1. ESET Endpoint Antivirus (1)

(1)

2. () (2)

(2)

3. ESET Endpoint Antivirus (3)

(3)

4

4. (4) Protection status ESET Endpoint Antivirus Computer scan

Update Setup , Tools , , ,

, , , ESET SysInspector () ESET SysRescue ()

Help and support , ESET ESET

(4)

5

ESET Endpoint Antivirus

1. Protection status () , ESET Endpoint Antivirus (5)

(5)

6

** **

- :

, ( ,)

Start all antivirus and antispyware protection modules (6)

(6)

7

2. Computer scan () 2.1 ESET Endpoint Antivirus Computer scan 2 Smart scan

Custom scan

Custom scan (7)

(7)

8

2.2 Custom scan Scan targets Profile Scan profile (8)

( ) By profile setting Removable media ,, USB ,/ Local drives - Network drives No selection

(8)

9

2.3 Profile Scan (9)

(9)

2.4 Scan (10)

(10)

10

2.5 Show scan with log in a new windows (11)

(11)

11

: ( pagefile.sys )

Scan progress

Target Number of threats Pause - Stop To background -

2.6 OK (12)

(12)

- Number of scanned objects : - Number of infected objects : - Number of cleaned objects :

12

, ,

(USB, , , , ) ESET Endpoint Antivirus

(13)

(13) : Default (Clean) Clean (Delete) (Quarantine)

13

3. Update () 3.1 ESET Endpoint Antivirus ESET Last successful update Version signature database version -

ESET

(14)

14

3.2 Update virus signature database

Abort (15)

(15)

15

4. Setup () Setup : Computer Web and email

Computer : Real-time file system protection - Device control - HIPS - Presentation mode ( Full Screen) Anti-Stealth protection

Web and email : Web access protection HTTP HTTPS Email client protection POP3

IMAP

(16)

16

4.1 Computer Setup Computer (17)

(17)

17

4.1.1 Real-time file system protection Configure.. (18)

(18)

18

4.1.1.1 Real-time file system protection (19) Media to scan ()

Local drives Removable media , /,

USB Network drives -

Scan on ( ) File open File creation File execution Removable media access

Start real-time file system protection automatically

(19)

19

4.1.1.2 ThreatSense ThreatSense (, , , ) ThreatSense Rootkit

Setup ThreatSense (20)

ThreatSense : Real-time file system protection Document protection Email client protection Web access protection Computer scan

(20)

20

Setup

Objects: (21)

Operating memory Boot sectors Email files - : DBX (Outlook Express) EML Archives : ARJ, BZ2, CAB, CHM, DBX, GZIP,

ISO/BIN/NRG, LHA, MIME, NSIS, RAR, SIS, TAR,TNEF, UUE, WISE, ZIP, ACE

Self-extracting archives Runtime packer -

(21)

21

Options: (22)

(22)

Heuristics - ()

Advanced heuristics/DNA/Smart signatures- ESET Worm

Potentially unwanted applications (PUA)-

Potentially unsafe application

ESET Live Grid ESET (Cloud-based Technology)

22

Cleaning: 3 (23)

No cleaning

Standard cleaning

Strict cleaning

(23)

23

Extensions: (24)

Scan all files

(24)

24

Scan all files (25)

(25)

25

(26) 1. Extension ( DOC) 2. Add 3. DOC 4. OK

(26)

26

Limits: (27) Maximum object size: (, , , )

Maximum scan time for object (sec.): ()

Archive nesting level:

Maximum size of file in archive:

(27)

27

Other: (28) Scan alternate data streams (ADS) - NTFS

Run background scans with low priority -

Log all objects -

Enable Smart optimization -

Preserve last access timestamp Scroll scan log /

(28)

28

4.1.1.3 Advanced setup Compter -> Antivirus and antispaware -> Real-time file system protection -> Advanced setup (29)

(29)

Additional ThreatSense parameters for newly created and modified files ( ) (.sfx) () 10

29

Additional ThreatSense parameters for executed files ( ) - ( Advanced heuristics on file execution) (USB) Advanced heuristics on file execution from removable media

30

4.1.1.4 Document protection (30) Microsoft Office Internet Explorer Microsoft ActiveX

Integrate into system ThreatSense engine parameter setup Setup

ThreatSense (19)

(30)

31

4.1.1.5 Computer scan (31)

Selected profile Profile In-depth scan My profile Context menu scan Smart scan

Profiles Profile ThreatSense engine parameter setup Setup

ThreatSense (19) Scan targets Setup (7)

(31)

32

4.1.1.6 Startup scan (32)

ThreatSense engine parameter setup: Setup ThreatSense (19)

(32)

33

4.1.1.7 Exclusions by path (33)

(33)

34

(34) 1. Add Add Exclusions 2. path Exclusion 3. OK

(34)

35

4. OK path list (35)

(35)

36

4.1.1.8 Removable media (36)

(36)

Action to take after connecting external devices devices - /

Show scan options (37) Scan now Scan later Setup...

Automatic device scan -

(37)

37

4.1.2 Device control Configure.. (38)

ESET Endpoint Antivirus (//USB/...) ,

(38)

38

4.1.2.1 Device control (39) Integrate into system

Configure rules

(39)

39

USB Drive 1. Configure Rule Device Control Rules Editor

(40) Add Edit Copy Delete Top Up Down Bottom

(40)

40

2. Add (41) Flash drive

(41)

41

3. Rule Editor (42) Name: Enable: / Device Type: Rights: (Read/Write, Read Only, Block) Vendor: Model: Serial Number: User List:

(42)

42

4. (43)

(43)

5. (44)

(44)

43

4.1.3 HIPS Configure.. (45)

(HIPS)

HIPS

(45)

44

4.3.1.1 HIPS (46) ESET Endpoint Antivirus

Enable HIPS - HIPS Enable Self-defense -

Filtering mode

Automatic mode with rules: Interactive mode:

Policy-based mode:

Learning mode:

Rule editor - Configure rules Notify about learning mode expiration in days -

(46)

45

HIPS 1. Configure Rule (47)

(47)

46

2. HIPS system settings management (48) New Edit Remove

(48)

47

3. New (49)

(49)

48

4. Name Action (Allow, Block, Ask) Source applications (50)

Add Path Select File OK

(50)

49

Target Files (51) Operations Delete file - Write to file - Direct access to disk - Install global hook - SetWindowsHookEx MSDN Library Load drive Use for all operations

Over these files Add - Edit - Remove -

(51)

50

Target Application (52) Allow operations Debugging another application - Intercept events from another application - Terminate/suspend another application - / Start new application - Modify state of another application - Use for all operations

Over these files Add Edit - Remove -

(52)

51

Target registry (53) Allow operations Modify startup settings - Delete from registry - Rename registry key - Modify registry - Use for all operations -

Over these files Add Edit - Remove -

(53)

52

(54) registry driver

(54)

53

4.3.1.2 Advance setup HIPS (55) HIPS Compter -> HIPS -> Advanced setup

Log all blocked operations log Allow changes to the application part of the registry for which there is no rule

defined - Allow changes to data files for which there is no rule defined -

Notify when changes occur in Startup applications -

(55)

54

4.2 Web and email Setup Web and email (56)

(56)

55

4.2.1 Web access protection Configure.. (57)

(57)

56

4.2.1.1 Web access protection (58)

ThreatSense engine parameter setup: Setup ThreatSense (19)

(58)

57

4.2.1.2 HTTP, HTTPs (59)

HTTP scanner setup Enable HTTP protocol checking -

HTTP

Ports used by HTTP protocol - HTTP ,

HTTPS filtering mode - HTTPS Do not use HTTPS protocol checking - HTTPS Use HTTPS protocol checking for selected ports -

HTTPS Ports used by HTTPS protocol - HTTPS

,

(59)

58

4.2.1.3 Active mode (60)

: ESET Endpoint Antivirus

(60)

59

4.2.1.4 URL address management (61) URL HTTP ,

List of addresses excluded from filtering URL List of blocked addresses/marks URL List of allowed addresses URL Lists - Allow access only to URL addresses in the list of allowed addresses -

URL List active URL Notify when applying address from the list -

Add - URL Edit - URL Remove - URL Export - .txt

(61)

60

URL (List of blocked address) (62) 1. List of blocked address 2. Add 3. URL 4. OK URL list

(62)

61

5. www.facebook.com (63)

(63)

62

4.2.2 Email client protection Configure.. (64)

POP3 IMAP Microsoft Outlook ESET Endpoint Antivirus (POP3, MAPI, IMAP, HTTP) ThreatSense

(64)

63

4.2.2.1 Email client protection (65) ThreatSense engine parameter setup: Setup

ThreatSense (19) Append tag message to received and read email

Never To infected email only

() To all scanned email

Append note to the subject of received and read infected email -

Append tag message to sent email Never To infected email only

() To all scanned email

Append note to the subject of sent infected email -

Template added to the subject of infected email -

(65)

64

4.2.2.2 Email client integration (66) ESET Endpoint Antivirus

ESET Endpoint Antivirus

ESET Endpoint Antivirus

(66)

Integrate into Microsoft Outlook - Microsoft Outlook

Integrate into Outlook Express/Windows Mail - Outlook Express/Windows Mail

Integrate into Windows Live Mail - Windows Live Mail

Integrate into Mozilla Thunderbird - Mozilla Thunderbird

Disable checking upon inbox content change -

65

4.2.2.3 Email client (67) : Microsoft Outlook, Outlook

Express, Windows Mail, Windows Live Mail Mozilla Thunderbird

Email to scan Received email ( ), Sent email (), Read email ()

Action to perform on infected email No action ( ) Delete email () Move email to the Deleted items folder () Move email to folder ( )

Repeat scan after update Accept scan results from other modules

(67)

66

4.2.2.4 POP3, POP3s (68) POP3

ESET Endpoint Antivirus

Enable POP3 protocol checking - POP3 Ports used by POP3 Protocol - POP3

, POP3S filtering mode POP3S

Do not use POP3S checking - POP3S Use POP3S protocol checking for selected ports POP3S

Ports used by POP3S protocol - POP3S

,

(68)

67

4.2.2.5 IMAP, IMAPs (69) Internet Message Access Protocol (IMAP)

IMAP POP3 ,

ESET Endpoint Antivirus

Enable IMAP protocol checking - POP3

Ports used by POP3 Protocol - POP3 ,

IMAPS filtering mode IMAPS Do not use IMAPS checking - IMAPS Use IMAPS protocol checking for selected ports -

IMAPS Ports used by IMAPS protocol - IMAPS

,

(69)

68

4.3 Protocol filtering (70)

Integrate into system ESET Endpoint Antivirus

Enable application protocol content filtering HTTP(S), POP3(S) IMAP(S)

(70)

69

4.3.1 Excluded application (71) (HTTP/POP3)

(71)

70

4.3.2 Excluded IP addresses (72) IP address (HTTP/POP3) IP address

Add IPv4 address/ Add IPv6 address - IP address (HTTP/POP3)

Single address IP address Address range IP Address Subnet IP Address

(72)

71

IP Address (HTTP/POP3) (73)

(73)

72

4.3.3 SSL (74) ESET Endpoint Antivirus SSL

SSL SSL

SSL Always scan SSL protocol - SSL

SSL Ask about non-visited sites (exclusions can be set)

() SSL (

Do not scan SSL protocol - SSL SSL

Apply created exceptions based on certificates - SSL Protocol filtering -> SSL -> Always scan SSL protocol

Block encrypted communication utilizing the obsolete protocol SSL v2 - SSL v2 SSL

(74)

73

4.3.4 Certificates (75) SSL /

ESET, spol. s r.o. ( )

(75)

Add the root certificate to known browsers - SSL / ESET, spol s r.o. ( ) ESET ( Opera, Firefox, Chrome) ( Internet Explorer)

If the certificate cannot be verified using the TRCA certificate store - TRCA Ask about certificate validity () Block communication that uses the certificate ( )

74

If the certificate is invalid or corrupt: Ask about certificate validity () Block communication that uses the certificate ()

4.3.5 Trusted Certificates (76) Trusted certificates

Remove Show

(76)

75

4.3.6 Excluded Certificates (77) Excluded certificates

Remove Show

(77)

76

4.4 Update (78) Select profile Profile Profile Profile Update server Edit Username Password Regular update , Pre-release update

, Delayed update

Advanced update setup Setup Clear update cache Clear Do not display notification about successful update

(78)

77

4.4.1 Advanced (79) Create snapshots for update files

Number of locally stored snapshots Rollback

Available action Roll back

(79)

78

4.5 Log files (80) Minimum logging verbosity

Diagnostic - ( ) Informative - ""

Warning - Errors - Critical errors -

Automatically delete records order than - log files Optimize log files automatically log files Log files

If the number of unused records exceeds -

Optimize now - Text protocol - Enable text protocol Target directory - Browse () Type - Plain, CSV Event Delete log - log files

(80)

79

4.6 Proxy Server (81)

Use proxy server

Proxy server requires authentication

Detect proxy server

(81)

80

4.7 License (82)

Add License Add (63) Remove License Oder License

(82)

81

Add License (83) 1. Add Open 2. License License nod32.lic

Open

(83)

82

4.8 Quarantine (84)

Rescan quarantine files after every update -

(84)

83

4.9 Scheduler (85)

Show system tasks Schedule log files

(85)

84

4.10 Remote Administration (86)

Connect to Remote Administrator server -

Interval between connections to server (min) -

Primary server Secondary server

Remote Administrator server requires authentication -

Never connect to server with unsecured communication -

(86)

85

4.11 NAP (87)

Enable NAP support - NAP (Network access protection)

(87)

NAP (Network access protection) NAP

86

4.12 Alerts and notifications (88)

Send event notifications by email SMTP

SMTP server requires authentication SMTP SMTP

Sender address: Recipient address:

Send event notifications to LAN computers by means of the Messenger service ( (,) )

: service messenger

(88)

87

4.13 ESET Live Grid (89)

Participate in ESET Live Grid (ESETs lab)

Do not submit statistics Do not submit files

(89)

88

Advanced setup Advanced setup (90) Exclusion filter

Add Edit Delete

Contact email (optional) Submission

By means of Remote Administrator or directly to ESET ESET

By means of Remote Administrator directly to ESET ESET

Enable logging

(90)

89

4.14 System updates (91)

No updates Optional updates

Recommended updates

Important updates -

Critical updates -

(91)

90

4.15 Diagnostics (92)

Application memory dump Dump type

Do not generate memory dump Minidump

Complete memory dump

Taget directory

(92)

91

4.16 Graphics (93)

User interface elements

Graphical user interface Show splash-screen at startup

Show tooltips Select active control element

Effects

Use animation controls

Use animation icons for progress indication

Use sound signal

(93)

92

4.17 Alerts and notifications (94)

(94)

Display alerts Close message boxes automatically after (sec.)

Display notifications on desktop

93

Configure notifications Duration Transparency

Display balloon tips in taskbar (for sec.)

Display only notifications requiring user intervention

Display only notifications requiring user intervention when running applications in full screen mode

94

4.18 Hidden message boxes (95) Do not show this message again

() action

Show Remove

(95)

95

4.19 Access setup (96)

Password protection setting

Set password Password setup Require administrator rights (system without UAC support)

Administrator Administrator ( UAC Windows Vista, Windows 7)

(96)

96

4.20 Context menu (97)

Integrate into the context menu ()

Menu type

Full (scan first) ,Clean

Full (clean first) ,Clean Clean

Only scan Only clean Clean

(97)

97

4.21 Presentation Mode (98)

Enable Presentation mode automatically, when running applications in full-screen mode

Disable Presentation mode automatically after minutes

(98)

Presentation Mode (Full Screen) ESET Endpoint Antivirus

98

5. Tools () : (99)

Log files Protection statistics Watch activity Running processes Scheduler Quarantine ESET SysInspector Submit file for analysis ESET SysRescue

(99)

99

5.1 Log files:

Log files (Detected threats), (Events), (Computer scan), HIPS (Device Control) (100)

(100)

100

5.2 Protection statistics: (101) Antivirus and antispyware File system protection Email client protection Web access protection

(101)

101

5.3 Watch activity: () ( ) (102)

(102)

102

5.4 Running processes:

ESET ESET Endpoint Antivirus ESET Live Grid (103)

(103)

103

5.5 Scheduler:

Tool -> Scheduler (104)

Add Edit Delete

(104)

104

(105) 1. Add Add task 2. Scheduled task 3. Computer scan 4. Next >

(105)

105

5. Task name ( Scan Computer) 6. Run the task

Once Repeatedly Daily Weekly Event triggered

7. Do not run the task if the computer is running on battery

8. Next > (106)

(106)

106

9. Time of task execution 10. Next > (107)

(107)

11. If task did not run Wait until next scheduled time (108)

(108)

107

12. Finish (109)

(109)

108

5.6 Quarantine:

ESET Endpoint Antivirus ESET (110)

(110)

109

5.7 ESET SysInspector:

ESET SysInspector (111) 1. Create 2. Comment Test 3. Add 4. log

(111)

110

5. log (112)

(112)

6. ESET SysInspector Log Windows XP -> C:\Documents and Settings\All Users\Application Data\ESET\ESET

Endpoint Antivirus\SysInspector

Windows Vista, 7 -> C:\ProgramData\ESET\ESET Endpoint Antivirus\SysInspector

7. log ESET Thailand support@activemedia.co.th

111

Compress File

1. Compress Add to archive (113)

(113)

112

2. Archive Name and parameters Archive Name (114)

(114)

3. Advanced Set password (115)

(115)

113

4. Archiving with password password OK

(116)

(116)

5. Archive Name and parameters OK (117)

(117)

114

6. Compress OK

(118)

(118)

7. compress

OK (119)

(119)

ActiveMedia (Thailand) Co.,Ltd. : Cyber World Tower A,24th Fl., Room No. 2403-2405 90 Rajchadapisek Rd., Huaykwang, Bangkok, 10310, Thailand Call Center : +66(0)2683-5100 Fax : +66(0)2645-4299 E-mail : support@activemedia.co.th Website : http://www.activemedia.co.th

()

Email : support@activemedia.co.thLive Chat : http://support.activemedia.co.thCall Center : --- . - . .

Website : http://www.eset.co.th

Binder1 ESET Endpoint Client.pdf