ESET SMART SECURITY 4 - FOR MICROSOFT WINDOWS 7-VISTA-XP-2000-2003-2008, Smart Security 4 User Manual
User Guide
Microsoft® Windows® 7 / Vista / XP / 2000 / 2003 / 2008
Contents
1. ESET Smart Security 4 .............................4
1.1 What’s new .................................................................. 4
1.2 System requirements .................................................... 5
2. Installation ............................................6
2.1 Typical installation ........................................................ 6
2.2 Custom installation ....................................................... 7
2.3 Using original settings ...................................................9
2.4 Entering Username and Password ................................... 9
2.5 On‑demand computer scan ............................................ 9
3. Beginner’s guide ................................... 10
3.1 Introducing user interface design – modes ......................10
3.1.1 Checking operation of the system ......................... 10
3.1.2 What to do if the program doesn’t work properly ... 10
3.2 Update setup ................................................................11
3.3 Trusted zone setup ........................................................11
3.4 Proxy server setup ........................................................ 12
3.5 Settings protection ...................................................... 12
4. Work with ESET Smart Security ..............13
4.1 Antivirus and antispyware protection ............................ 13
4.1.1 Real‑time file system protection ............................13
4.1.1.1 Control setup........................................................13
4.1.1.1.1 Media to scan ...................................................... 13
4.1.1.1.3 Advanced scan options.......................................... 13
4.1.1.2 Cleaning levels ...................................................... 13
4.1.1.3 When to modify real‑time protection configuration 14
4.1.1.4 Checking real‑time protection ...............................14
4.1.1.5 What to do if real‑time protection does not work ....14
4.1.2 Email client protection ..........................................14
4.1.2.1 POP3 checking ......................................................14
4.1.2.1.1 Compatibility .......................................................15
4.1.2.2 Integration with email clients ................................ 15
4.1.2.2.1 Appending tag messages to email body ..................15
4.1.2.3 Removing infiltrations ..........................................16
4.1.3 Web access protection ..........................................16
4.1.3.1 HTTP, HTTPs .........................................................16
4.1.3.1.1 Address management ...........................................16
4.1.3.1.2 Web browsers .......................................................16
4.1.4 On‑demand computer scan ................................... 17
4.1.4.1 Type of scan .......................................................... 17
4.1.4.1.1 Smart scan ...........................................................17
4.1.4.1.2 Custom scan......................................................... 17
4.1.4.2 Scan targets ......................................................... 17
4.1.4.3 Scan profiles .........................................................18
4.1.5 Protocol filtering ...................................................18
4.1.5.1 SSL .......................................................................18
4.1.5.1.1 Trusted certificates ...............................................18
4.1.5.1.2 Excluded certificates .............................................18
Copyright © 2009 by ESET, spol. s r. o.
ESET Smart Security 4 was developed by ESET, spol. s r.o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be
reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying,
recording, scanning, or otherwise without permission in
writing from the author.
ESET, spol. s r.o. reserves the right to change any of the
described application software without prior notice.
Customer Care Worldwide: www.eset.eu/support
Customer Care North America: www.eset.com/support
REV.20090408‑008
4.1.6 ThreatSense engine parameters setup ...................18
4.1.6.1 Objects setup .......................................................19
4.1.6.2 Options ................................................................19
4.1.6.3 Cleaning ..............................................................20
4.1.6.4 Extensions ...........................................................20
4.1.6.5 Limits .................................................................. 20
4.1.6.6 Other ..................................................................20
4.1.7 An infiltration is detected ......................................21
4.2 Personal firewall ..........................................................21
4.2.1 Filtering modes ....................................................21
4.2.2 Block all network trac: disconnect network ........ 22
4.2.3 Disable filtering: allow all trac ........................... 22
4.2.4 Configuring and using rules .................................. 22
4.2.4.1 Creating new rules ............................................... 22
4.2.4.2 Editing rules ........................................................ 23
4.2.5 Configuring zones ................................................ 23
4.2.6 Establishing connection – detection ..................... 23
4.2.7 Logging ............................................................... 24
4.3 Antispam protection ....................................................24
4.3.1 Self‑learning Antispam ......................................... 24
4.3.1.1 Adding addresses to whitelist and blacklist............ 24
4.3.1.2 Marking messages as spam .................................. 25
4.4 Updating the program ..................................................25
4.4.1 Update setup ....................................................... 25
4.4.1.1 Update profiles .................................................... 25
4.4.1.2 Advanced update setup ........................................ 26
4.4.1.2.1 Update mode ...................................................... 26
4.4.1.2.2 Proxy server ......................................................... 26
4.4.1.2.3 Connecting to the LAN ......................................... 27
4.4.1.2.4 Creating update copies – Mirror ............................ 27
4.4.1.2.4.1 Updating from the Mirror ..................................... 28
4.4.1.2.4.2 Troubleshooting Mirror update problems .............. 29
4.4.2 How to create update tasks .................................. 29
4.5 Scheduler ................................................................... 29
4.5.1 Purpose of scheduling tasks .................................. 29
4.5.2 Creating new tasks .............................................. 29
4.6 Quarantine ................................................................. 30
4.6.1 Quarantining files ................................................ 30
4.6.2 Restoring from Quarantine ..................................30
4.6.3 Submitting file from Quarantine ...........................30
4.7 Log files ....................................................................... 31
4.7.1 Log maintenance ..................................................31
4.8 User interface .............................................................. 31
4.8.1 Alerts and notifications ........................................ 32
4.9 ThreatSense.Net ..........................................................32
4.9.1 Suspicious files .................................................... 33
4.9.2 Statistics ............................................................. 33
4.9.3 Submission .......................................................... 34
4.10 Remote administration ................................................34
4.11 Licenses ......................................................................34
5. Advanced user ..................................... 35
5.2 Import and export settings ...........................................36
5.2.1 Import settings .................................................... 36
5.2.2 Export settings .................................................... 36
5.3 Command Line .............................................................36
5.4 ESET SysInspector ........................................................37
5.4.1 User Interface and application usage .................... 37
5.4.1.1 Program Controls................................................. 37
5.4.1.2 Navigating in ESET SysInspector ........................... 37
5.4.1.3 Compare ............................................................. 38
5.4.1.4 SysInspector as part of ESET Smart Security 4 ........38
5.5 ESET SysRescue ...........................................................39
5.5.1 Minimum requirements ....................................... 39
5.5.2 How to create rescue CD ......................................39
5.5.2.1 Folders ................................................................39
5.5.2.2 ESET Antivirus...................................................... 39
5.5.2.3 Advanced ............................................................ 39
5.5.2.4 Bootable USB device ............................................40
5.5.2.5 Burn ....................................................................40
5.5.3 Working with ESET SysRescue ..............................40
5.5.3.1 Using ESET SysRescue ..........................................40
6. Glossary .............................................. 41
6.1 Types of infiltration ......................................................41
6.1.1 Viruses .................................................................41
6.1.2 Worms .................................................................41
6.1.3 Trojan horses ........................................................41
6.1.4 Rootkits ...............................................................41
6.1.5 Adware ................................................................41
6.1.6 Spyware .............................................................. 42
6.1.7 Potentially unsafe applications ............................. 42
6.1.8 Potentially unwanted applications ....................... 42
6.2 Types of remote attacks ................................................42
6.2.1 DoS attacks ......................................................... 42
6.2.2 DNS Poisoning ..................................................... 42
6.2.3 Worm attacks ...................................................... 42
6.2.4 Port scanning ...................................................... 42
6.2.5 TCP desynchronization ......................................... 42
6.2.6 SMB Relay ........................................................... 43
6.2.7 ICMP attacks ....................................................... 43
6.3 Email ..........................................................................43
6.3.1 Advertisements ................................................... 43
6.3.2 Hoaxes ................................................................ 43
6.3.3 Phishing .............................................................. 43
6.3.4 Recognizing spam scams ..................................... 44
6.3.4.1 Rules ................................................................... 44
6.3.4.1 Bayesian filter ...................................................... 44
6.3.4.2 Whitelist .............................................................44
6.3.4.3 Blacklist ..............................................................44
6.3.4.5 Server‑side control ...............................................44
4
1. ESET Smart Security 4
ESET Smart Security 4 is the first representative of a new approach to
truly integrated computer security. It utilizes the speed and precision
of ESET NOD32 Antivirus, which is guaranteed by the most recent
version of the ThreatSense® scanning engine, combined with the
tailor‑made Personal firewall and Antispam modules. The result is an
intelligent system that is constantly on alert for attacks and malicious
software endangering your computer.
ESET Smart Security is not a clumsy conglomerate of various products
in one package, as oered by other vendors. It is the result of a
long‑term eort to combine maximum protection with minimum
system footprint. The advanced technologies, based on artificial
intelligence, are capable of proactively eliminating infiltration by
viruses, spyware, trojan horses, worms, adware, rootkits, and other
Internet‑borne attacks without hindering system performance or
disrupting your computer.
1.1 What’s new
The long‑time development experience of our experts is demonstrated
by the entirely new architecture of ESET Smart Security, which
guarantees maximum detection with minimum system requirements.
This robust security solution contains modules with several advanced
options. The following list oers you a brief overview of these
modules.
• Antivirus & antispyware
This module is built upon the ThreatSense® scanning engine, which
was used for the first time in the award‑winning NOD32 Antivirus
system. ThreatSense® is optimized and improved with the new ESET
Smart Security architecture.
Feature Description
Improved Cleaning The antivirus system now intelligently cleans
and deletes most detected infiltrations
without requiring user intervention.
Background
Scanning Mode
Computer scanning can be launched in
the background without slowing down
performance.
Smaller Update Files Core optimization processes keep the size of
update files smaller than in version 2.7. Also,
the protection of update files against damage
has been improved.
Popular Email Client
Protection
It is now possible to scan incoming email not
only in Microsoft Outlook but also in Outlook
Express, Windows Mail, Windows Live Mail
and Mozilla Thunderbird.
Other Minor
Improvements
–
Direct access to file systems for high speed
and throughput.
–
Blocked access to infected files
– Optimization for the Windows Security
Center, including Vista.
• Personal firewall
The Personal firewall monitors all trac between a protected
computer and other computers in the network. ESET Personal firewall
contains the advanced functions listed below.
Feature Description
Low Layer Network
Communication
Scanning
Network communication scanning on the
Data Link Layer enables ESET Personal firewall
to overcome a variety of attacks that would
otherwise be undetectable.
IPv6 Support ESET Personal firewall displays IPv6 addresses
and allows users to create rules for them.
Executable File
Monitoring
Monitoring changes in executable files in
order to overcome infection. It is possible to
allow file modification of signed applications.
File Scanning
Integrated with
HTTP(s) and POP3(s)
Integrated file scanning of HTTP(s) and
POP3(s) application protocols. Users are
protected when browsing the Internet or
downloading emails.
Intrusion Detection
System
Ability to recognize the character of network
communication and various types of network
attacks with an option to automatically ban
such communication.
Interactive,
Policy‑based,
Learning, Automatic
and Automatic mode
with exceptions
Users can select whether the Personal firewall
actions will be executed automatically
or if they want to set rules interactively.
Communication in Policy‑based mode is
handled according to rules predefined by the
user or the network administrator. Learning
mode automatically creates and saves rules
and is suitable for initial configuration of the
firewall.
Supersedes
Integrated Windows
Firewall
Supersedes the Integrated Windows Firewall
and interacts with the Windows Security
Center to monitor security status. ESET
Smart Security installation turns o the
Windows firewall by default.
5
• Antispam
ESET Antispam filters unsolicited email and therefore increases the
security and comfort of electronic communication.
Feature Description
Incoming Mail
Scoring
All incoming mail is assigned a rating from 0
(a message is not spam) to 100 (a message is
spam) and filtered accordingly into the Junk
Mail folder or into a custom folder created by
the user. Parallel scanning of incoming email
is possible.
Supports a Variety of
Scanning Techniques
–
Bayes analysis.
– Rule‑based scanning.
– Global fingerprint database check.
Full Integration with
Email Clients
Antispam protection is available to users
of Microsoft Outlook, Outlook Express,
Windows Mail, Windows Live Mail and
Mozilla Thunderbird clients.
Manual Spam
Selection is Available
Option to manually select or deselect email
as spam.
• Others
Feature Description
ESET SysRescue ESET SysRescue enables user to create a
bootable CD/DVD/USB containing ESET
Smart Security, which is capable of running
independent of the operating system. It is
best used to get the system rid of hard‑to‑
remove infiltrations.
ESET SysInspector ESET SysInspector, an application that
thoroughly inspects your computer, is now
integrated directly in ESET Smart Security.
If you contact our Customer Care Service
using the Help and support > Customer Care
support request (recommended) option,
you can opt to include an ESET SysInspector
status snapshot from your computer.
Document
protection
The Document protection serves to scan
Microsoft Oce documents before they are
opened and files downloaded automatically
by Internet Explorer, such as Microsoft
ActiveX elements.
Self Defense The new Self Defense technology protects
ESET Smart Security components against
deactivation attempts.
User interface The user interface is now capable of working
in the non‑graphical mode, which allows for
keyboard control of ESET Smart Security.
The increased compatibility with screen‑
reading application lets sight‑impaired people
control the program more eciently.
1.2 System requirements
For seamless operation of ESET Smart Security and ESET Smart
Security Business Edition, your system should meet the following
hardware and software requirements:
ESET Smart Security:
Windows 2000, XP 400 MHz 32‑bit / 64‑bit (x86 / x64)
128 MB RAM of system memory
130 MB available space
Super VGA (800 × 600)
Windows 7, Vista 1 GHz 32‑bit / 64‑bit (x86 / x64)
512 MB RAM of system memory
130 MB available space
Super VGA (800 × 600)
ESET Smart Security Business Edition:
Windows 2000,
2000 Server, XP, 2003
Server
400 MHz 32‑bit / 64‑bit (x86 / x64)
128 MB RAM of system memory
130 MB available space
Super VGA (800 × 600)
Windows 7, Vista,
Windows Server
2008
1 GHz 32‑bit / 64‑bit (x86 / x64)
512 MB RAM of system memory
130 MB available space
Super VGA (800 × 600)
6
2. Installation
After purchase, the ESET Smart Security installer can be downloaded
from the ESET website. It comes as awn ess_nt**_***.msi (ESET Smart
Security) or essbe_nt**_***.msi (ESET Smart Security Business Edition)
package. Launch the installer and the installation wizard will guide
you through the basic setup. There are two types of installation
available with dierent levels of setup details:
1. Typical installation
2. Custom installation
2.1 Typical installation
Typical installation provides configuration options appropriate for
most users. The settings provide excellent security coupled with
ease of use and high system performance. Typical installation is the
default option and is recommended if you do not have particular
requirements for specific settings.
After selecting the installation mode and clicking Next, you will
be prompted to enter your username and password for automatic
updates of the program. This plays a significant role in providing
constant protection of your system.
Enter your Username and Password, i.e., the authentication data
you received after the purchase or registration of the product, into the
corresponding fields. If you do not currently have your username and
password available, authentication data can be inserted at any time
later on, from within the user interface.
The next step is configuration of the ThreatSense.Net Early Warning
System. The ThreatSense.Net Early Warning System helps ensure
that ESET is immediately and continuously informed about new
infiltrations in order to quickly protect its customers. The system
allows for submission of new threats to ESET‘s Threat Lab, where they
are analyzed, processed and added to the virus signature database.
By default, the Enable ThreatSense.Net Early Warning System
option is selected, which will activate this feature. Click Advanced
setup... to modify detailed settings for the submission of suspicious
files.
The next step in the installation process is to configure Detection
of potentially unwanted applications. Potentially unwanted
applications are not necessarily malicious, but can often negatively
aect the behavior of your operating system.
These applications are often bundled with other programs and may
be dicult to notice during the installation process. Although these
applications usually display a notification during installation, they can
easily be installed without your consent.
Select the Enable detection of potentially unwanted applications
option to allow ESET Smart Security to detect this type of threat
(recommended).
The final step in Typical installation mode is to confirm installation by
clicking the Install button.
7
2.2 Custom installation
Custom installation is designed for users who have experience
fine‑tuning programs and who wish to modify advanced settings
during installation.
After selecting the installation mode and clicking Next, you will be
prompted to select a destination location for the installation. By
default, the program installs in C:\Program Files\ESET\ESET Smart
Security\. Click Browse… to change this location (not recommended).
Next, enter your Username and Password. This step is the same as in
Typical installation (see section 2.1, “ Typical installation”).
After entering your username and password, click Next to proceed to
Configure your Internet connection.
If you use a proxy server, it must be correctly configured for virus
signature updates to work correctly. If you do not know whether you
use a proxy server to connect to the Internet, leave the default setting
I am unsure if my Internet connection uses a proxy server. Use the
same settings as Internet Explorer (Recommended) and click Next.
If you do not use a proxy server, select the I do not use a proxy server
option.
To configure your proxy server settings, select I use a proxy server
and click Next. Enter the IP address or URL of your proxy server in the
Address field. In the Port field, specify the port where the proxy server
accepts connections (3128 by default). In the event that the proxy
server requires authentication, enter a valid Username and Password
to grant access to the proxy server. Proxy server settings can also be
copied from Internet Explorer if desired. To do this, click Apply and
confirm the selection.
8
Click Next to proceed to Configure automatic update settings. This
step allows you to designate how automatic program component
updates will be handled on your system. Click Change... to access the
advanced settings.
If you do not want program components to be updated, select the
Never update program components option. Select the Ask before
downloading program components option to display a confirmation
window before downloading program components. To download
program component upgrades automatically, select the Always
update program components option.
NOTE: After a program component update, a restart is usually
required. We recommend selecting the If necessary, restart
computer without notifying option.
The next installation window is the option to set a password to
protect your program settings. Select the Protect configuration
settings with a password option and choose a password to enter in
the New password and Confirm new password fields.
The next two Custom installation steps, ThreatSense.Net Early
Warning System and Detection of potentially unwanted
applications, are the same as Typical installation (see section 2.1,
“Typical installation”).
The final step in Custom installation is to select the Personal firewall
filtering mode. Five modes are available:
• Automatic mode
• Automatic mode with exceptions (user‑defined rules)
• Interactive mode
• Learning mode
• Policy‑based mode
9
2.4 Entering Username and Password
For optimal functionality, it is important that the program is
automatically updated. This is only possible if the correct username
and password are entered in the Update setup.
If you did not enter your username and password during installation,
you can now. From the main program window, click Update and then
click Username and Password setup.... Enter the license data you
received with your ESET security product into the License details
window.
2.5 On‑demand computer scan
After installing ESET Smart Security, a computer scan for malicious
code should be performed. From the main program window, click
Computer scan and then click Smart scan. For more information
about On‑demand computer scan, see section 4.1.4, “On‑demand
computer scan”.
Automatic mode – Recommended for most users. All standard
outgoing connections are enabled (automatically analyzed using
predefined settings) and unsolicited incoming connections are
automatically blocked.
Automatic mode with exceptions (user‑defined rules) – In addition
to the rules in Automatic mode, this mode enables you to add custom
rules.
Interactive mode –This mode is suitable for advanced users.
Communications are handled by user‑defined rules. If there is no rule
defined for a communication, ESET Smart Security prompts you to
allow or deny the communication.
Policy‑based mode – Evaluates communications based on
predefined rules created by an administrator. If no rule is available,
the connection is automatically blocked without a warning message.
We recommend that you only select Policy‑based mode if you are an
administrator who intends to configure network communication.
Learning mode – Automatically creates and saves rules. No user
interaction is required because ESET Smart Security saves rules
according to predefined parameters. Learning mode is suitable for
initial configuration of the Personal firewall and should only be used
until all rules for required communications have been created.
Click Install in the Ready to install window to complete installation.
2.3 Using original settings
If you reinstall ESET Smart Security, the Use current settings option
will display. Select this option to transfer setup parameters from the
original installation to the new one.
10
3. Beginner’s guide
This chapter provides an initial overview of ESET Smart Security and
its basic settings.
3.1 Introducing user interface design – modes
The main program window of ESET Smart Security is divided into two
main sections. The primary window on the right displays information
that corresponds to the option selected from the main menu on the
left.
The following is a description of options within the main menu:
Protection status – Provides information about the protection status
of ESET Smart Security. If Advanced mode is activated, the Watch
activity, Network connections and Statistics submenus will display.
Computer scan – Allows you to configure and launch an On‑demand
computer scan.
Update – Displays information about updates to the virus signature
database.
Setup – Select this option to adjust your computer’s security level. If
Advanced mode is activated, the Antivirus and antispyware, Personal
firewall, and Antispam module submenus will display.
Tools – Provides access to Log files, Quarantine, Scheduler and
SysInspector. This option only displays in Advanced mode.
Help and support – Provides access to help files, the ESET
Knowledgebase, ESET’s website and links to open a Customer Care
support request.
The ESET Smart Security user interface allows users to toggle between
Standard and Advanced mode. To toggle between modes, click
Change... in the bottom left corner of the main program window, or
press CTRL + M on your keyboard.
Standard mode provides access to features required for common
operations. It does not display any advanced options.
Toggling to Advanced mode adds the Tools option to the main menu.
The Tools option allows you to access the submenus for Log files,
Quarantine, Scheduler and SysInspector.
NOTE: All remaining instructions in this guide take place in Advanced
mode.
3.1.1 Checking operation of the system
To view the Protection status, click the top option from the main
menu. A status summary about the operation of ESET Smart Security
will display in the primary window, and a submenu with three items
will appear: Watch Activity, Network Connections and Statistics.
Select any of these to view more detailed information about your
system.
3.1.2 What to do if the program doesn’t work properly
If the protection modules are enabled and working properly, a green
check mark will display next to the name. If not, a red exclamation
point or orange notification icon will display, and additional
information about the module with a suggested solution will display
in the upper part of the window. To change the status of individual
modules, click Setup from the main menu and click the desired
module.
11
If you are unable to solve a problem using the suggested solutions,
click Help and support to access the help files or search the
Knowledgebase. If you still need assistance, you can submit an ESET
Customer Care support request. ESET Customer Care will respond
quickly to your questions and help determine a resolution.
3.2 Update setup
Updating the virus signature database and updating program
components are an important part of providing complete protection
against malicious code. Please pay attention to their configuration
and operation. From the main menu, select Update and then click
Update virus signature database in primary window to check for a
newer database update. Username and Password setup... displays a
dialog box where the username and password received at the time of
purchase should be entered.
If the username and password were entered during installation of
ESET Smart Security you will not be prompted for them at this point.
The Advanced Setup window (click Setup from the main menu and
then click Enter entire advanced setup tree..., or press F5 on your
keyboard) contains additional update options. Click Update from the
Advanced Setup tree . The Update server: drop‑down menu should be
set to Choose automatically. To configure advanced update options
such as the update mode, proxy server access, LAN connections and
creating virus signature copies (ESET Smart Security Business Edition),
click the Setup... button.
3.3 Trusted zone setup
Trusted zone configuration is necessary to protect your computer
in a network environment. You can allow other users to access your
computer by configuring the Trusted zone to allow sharing. Click
Setup > Personal firewall > Change the protection mode of your
computer in the network.... A window will display allowing you to
choose the desired protection mode of your computer in the network.
Trusted zone detection occurs after ESET Smart Security installation
and whenever your computer connects to a new network. Therefore,
there is usually no need to define the Trusted zone. By default, a dialog
window displays upon detection of a new zone which allows you to
set the protection level for that zone.
12
Warning: An incorrect trusted zone configuration may pose a security
risk to your computer.
NOTE: By default, workstations from a Trusted zone are granted
access to shared files and printers, have incoming RPC communication
enabled, and also have remote desktop sharing available.
3.4 Proxy server setup
If you use a proxy server to control Internet connections, it must be
specified in Advanced Setup. To access the Proxy server configuration
window, press F5 to open the Advanced Setup window and click
Miscellaneous > Proxy server from the Advanced Setup tree. Select
the Use proxy server option, and then fill in the Proxy server (IP
address) and Port fields. If needed, select the Proxy server requires
authentication option and then enter the Username and Password.
If this information is not available, you can try to automatically detect
proxy server settings by clicking the Detect proxy server button.
NOTE: Proxy server options for various update profiles may dier. If this
is the case, configure the dierent update profiles in Advanced Setup by
clicking Update from the Advanced Setup tree.
3.5 Settings protection
ESET Smart Security settings can be very important for your
organization’s security. Unauthorized modifications can endanger
network stability and protection. To password protect the settings,
from the main menu click Setup > Enter entire advanced setup
tree... > User interface > Access setup, select the Password protect
settings option and click the Set password... button.
Enter a password in the New password and Confirm new password
fields and click OK. This password will be required for any future
modifications to ESET Smart Security settings.
13
4. Work with ESET Smart Security
4.1 Antivirus and antispyware protection
Antivirus protection guards against malicious system attacks by
controlling file, email and Internet communication. If a threat with
malicious code is detected, the Antivirus module can eliminate
it by first blocking it, and then cleaning, deleting or moving it to
quarantine.
4.1.1 Real‑time file system protection
Real‑time file system protection controls all antivirus‑related events
in the system. All files are scanned for malicious code at the moment
they are opened, created or run on your computer. Real‑time file
system protection is launched at system startup.
4.1.1.1 Control setup
The Real‑time file system protection checks all types of media, and
control is triggered by various events. Using ThreatSense technology
detection methods (as described in section 4.1.6, “ThreatSense engine
parameter setup”), real‑time file system protection may vary for newly
created files and existing files. For newly created files, it is possible to
apply a deeper level of control.
To provide the minimum system footprint when using real‑time
protection, files which have already been scanned are not scanned
repeatedly (unless they have been modified). Files are scanned again
immediately after each virus signature database update. This behavior
is configured using Smart optimization. If this is disabled, all files are
scanned each time they are accessed. To modify this option, open the
Advanced Setup window and click Antivirus and antispyware > Real‑
time file system protection from the Advanced Setup tree. Then click
the Setup... button next to ThreatSense engine parameter setup,
click Other and select or deselect the Enable Smart optimization
option.
By default, Real‑time protection launches at system startup and
provides uninterrupted scanning. In special cases (e.g., if there is a
conflict with another Real‑time scanner), the real‑time protection
can be terminated by deselecting the Start Real‑time file system
protection automatically option.
4.1.1.1.1 Media to scan
By default, all types of media are scanned for potential threats.
Local drives – Controls all system hard drives
Removable media – Diskettes, USB storage devices, etc.
Network drives – Scans all mapped drives
We recommend that you keep the default settings and only modify
them in specific cases, such as when scanning certain media
significantly slows data transfers.
4.1.1.1.2 Scan on (Event‑triggered scanning)
By default, all files are scanned upon opening, creation or execution.
We recommend that you keep the default settings, as these provide
the maximum level of real‑time protection for your computer.
The Diskette access option provides control of the diskette boot
sector when this drive is accessed. The Computer shutdown option
provides control of the hard disk boot sectors during computer
shutdown. Although boot viruses are rare today, we recommend
that you leave these options enabled, as there is still the possibility of
infection by a boot virus from alternate sources.
4.1.1.1.3 Advanced scan options
More detailed setup options can be found under Antivirus and
antispyware > Real‑time system protection > Advanced setup.
Additional ThreatSense parameters for newly created and
modified files – The probability of infection in newly‑created or
modified files is comparatively higher than in existing files. That
is why the program checks these files with additional scanning
parameters. Along with common signature‑based scanning methods,
advanced heuristics are used, which greatly improves detection rates.
In addition to newly‑created files, scanning is also performed on
self‑extracting files (.sfx) and runtime packers (internally compressed
executable files). By default, archives are scanned up to the 10th
nesting level and are checked regardless of their actual size. To modify
archive scan settings, deselect the Default archive scan settings
option.
Additonal ThreatSense parameters for executed files – By default,
advanced heuristics are not used when files are executed. However,
in some cases you may want to enable this option (by checking the
Advanced heuristics on file execution option). Note that advanced
heuristics may slow the execution of some programs due to increased
system requirements.
4.1.1.2 Cleaning levels
The real‑time protection has three cleaning levels (to access, click the
Setup... button in the Real‑time file system protection section and
then click the Cleaning branch).
• The first level displays an alert window with available options
for each infiltration found. You must choose an action for each
infiltration individually. This level is designed for more advanced
users who know which steps to take in the event of an infiltration.
• The default level automatically chooses and performs a
predefined action (depending on the type of infiltration).
Detection and deletion of an infected file is signaled by an
information message located in the bottom right corner of the
screen. However, an automatic action is not performed if the
infiltration is located within an archive which also contains clean
files, and it is not performed on objects for which there is no
predefined action.
• The third level is the most “aggressive” – all infected objects are
cleaned. As this level could potentially result in the loss of valid
files, we recommend that it be used only in specific situations.
14
4.1.1.3 When to modify real‑time protection configuration
Real‑time protection is the most essential component of maintaining
a secure system. Therefore, please be careful when modifying its
parameters. We recommend that you only modify its parameters
in specific cases. For example, if there is a conflict with a certain
application or real‑time scanner of another antivirus program.
After installation of ESET Smart Security, all settings are optimized to
provide the maximum level of system security for users. To restore the
default settings, click the Default button located at the bottom‑right
of the Real‑time file system protection window (Advanced Setup >
Antivirus and antispyware > Real‑time file system protection).
4.1.1.4 Checking real‑time protection
To verify that real‑time protection is working and detecting viruses,
use a test file from eicar.com. This test file is a special harmless file
detectable by all antivirus programs. The file was created by the EICAR
company (European Institute for Computer Antivirus Research) to test
the functionality of antivirus programs. The file eicar.com is available
for download at http://www.eicar.org/download/eicar.com
NOTE: Before performing a real‑time protection check, it is necessary
to disable the firewall. If the firewall is enabled, it will detect the file
and prevent test files from downloading.
4.1.1.5 What to do if real‑time protection does not work
In the next chapter, we describe problem situations that may arise
when using real‑time protection, and how to troubleshoot them.
Real‑time protection is disabled
If real‑time protection was inadvertently disabled by a user, it needs to
be reactivated. To reactivate real‑time protection, navigate to Setup
> Antivirus and antispyware and click Enable in the Real‑time file
system protection section of the main program window.
If real‑time protection is not initiated at system startup, it is probably
due to the disabled option Automatic real‑time file system
protection startup. To enable this option, navigate to Advanced
Setup (F5) and click Real‑time file system protection in the
Advanced Setup tree. In the Advanced setup section at the bottom
of the window, make sure that the Automatic real‑time file system
protection startup checkbox is selected.
If Real‑time protection does not detect and clean infiltrations
Make sure that no other antivirus programs are installed on your
computer. If two real‑time protection shields are enabled at the same
time, they may conflict with each other. We recommend that you
uninstall any other antivirus programs on your system.
Real‑time protection does not start
If real‑time protection is not initiated at system startup (and the
Automatic real‑time file system protection startup option is
enabled), it may be due to conflicts with other programs. If this is the
case, please consult ESET‘s Customer Care specialists.
4.1.2 Email client protection
Email protection provides control of email communication received
through the POP3 protocol. Using the plug‑in program for Microsoft
Outlook, ESET Smart Security provides control of all communications
from the email client (POP3, MAPI, IMAP, HTTP). When examining
incoming messages, the program uses all advanced scanning
methods provided by the ThreatSense scanning engine. This means
that detection of malicious programs takes place even before being
matched against the virus signature database. Scanning of POP3
protocol communications is independent of the email client used.
4.1.2.1 POP3 checking
The POP3 protocol is the most widespread protocol used to receive
email communication in an email client application. ESET Smart
Security provides protection for this protocol regardless of the email
client used.
The protection module providing this control is automatically initiated
at system startup and is then active in memory. For the module to
work correctly, please make sure it is enabled – POP3 checking is
performed automatically with no need for reconfiguration of the
email client. By default, all communication on port 110 is scanned, but
other communication ports can be added if necessary. Port numbers
must be delimited by a comma.
Encrypted communication is not controlled.
Loading...