Configure HIPS rules for ESET business products to protect against ransomware
Configure additional ESET Remote Administrator (6.3 and later) HIPS rules in the following ESET productsto protect against Filecoder (ransomware) malware
ESET Endpoint Security
ESET Endpoint Antivirus
ESET Mail Security for Microsoft Exchange
ESET File Security for Microsoft Windows Server
Click each image to open a new window for additional anti-ransomware best practices and additional policy configurations:
ESET's Host-based Intrusion Prevention System (HIPS) is included in ESET Endpoint Security, ESET Endpoint Antivirus, ESET Mail Security for Microsoft Exchange, and ESET File Security for Microsoft Windows Server. HIPS monitors system activity and uses a pre-defined set of rules to recognize suspicious system behavior. When this type of activity is identified, the HIPS self-defense mechanism stops the offending program or process from carrying out potentially harmful activity. Changes to the Enable HIPS and Enable Self-defense settings take effect after the Windows operating system is restarted.
End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM
ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.
ESET Remote Administrator version 6.4 is currently in basic support status and is expected to reach End of Life status in December 2019.
The MDM functionality in ESET Remote Administrator version 6 is in Basic Support status as of April 11, 2019. After this date, MDM version 6 will no longer be available for download.
See our instructions for migrating ESET Remote Administrator to version 7 (ESMC).
To further help prevent ransomware malware on your Windows systems, create the following policy rules in ESET Remote Administrator version 6.3 or later:
Do not adjust policies on production systems
The following policy settings are additional configurations and the specific settings needed for your security environment may vary. We recommend that you test the settings for each implementation in a test environment before using them in a production environment.