Issue
- Create a policy to exclude PUAs by their hash value in ESET Remote Administrator
Solution
- Click Tools → Quarantine on the client machine that has already detected the PUA, and verify that the PUA is listed in the Quarantine list.
Figure 1-1
- Open ESET Remote Administrator Web Console and click Admin → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.
Figure 1-2
Click the image to view larger in new window
- Click Admin → Client Tasks → Quarantine management → New. Enter the necessary information in the Basic section.
- Expand the Settings section and select Restore object(s) and Exclude in Future from the Action drop-down menu. Select Hash items from the Filter Type drop-down menu.
- Click Add in the Hash Item(s) section under Filter Settings, select the check box next to the PUA that was detected on the client machine and click OK.
- Create a trigger and click Finish to complete the task.
Figure 1-3
Click the image to view larger in new window
- On the client machine, navigate to Exclusions. The PUA is now listed as an exclusion in the Exclusions list.
Figure 1-4
- In ESET Remote Administrator Web Console, click Computers, select the client computer and click Show details → Configuration → Request Configuration.
- Select Security product and click Convert to Policy.
Figure 1-5
Click the image to view larger in new window
- Open the policy you just created and enter the necessary information in the Basic section. Expand the Settings section, click Antivirus → Edit → Exclusions.
- Select the PUA exclusion and click Edit. Select the slider bar next to Exclude for this computer and click OK → Save. The policy with this excluded PUA is now available to use for any client computer.
Figure 1-6
Reactie toevoegen
Log in of registreer om een reactie te plaatsen.