[KB6372] Exclude PUAs using their hash value in ESET Remote Administrator

Issue

  • Create a policy to exclude PUAs by their hash value in ESET Remote Administrator

Solution

End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM

ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.

ESET Remote Administrator version 6.4 is currently in basic support status and is expected to reach End of Life status in December 2019.

The MDM functionality in ESET Remote Administrator version 6 is in Basic Support status as of April 11, 2019. After this date, MDM version 6 will no longer be available for download.

  1. Click ToolsQuarantine on the client machine that has already detected the PUA, and verify that the PUA is listed in the Quarantine list.

Figure 1-1

  1. OpenESET Remote Administrator Web Consoleand click AdminQuarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.

Figure 1-2
Click the image to view larger in new window

  1. Click AdminClient Tasks Quarantine management New. Enterthe necessary information in theBasicsection.
  1. Expand the Settings section and select Restore object(s) and Exclude in Futurefrom theActiondrop-down menu. SelectHash itemsfrom theFilter Typedrop-down menu.
  1. Click Add in the Hash Item(s)sectionunder Filter Settings, select the check box next to the PUA that was detected on the client machine andclick OK.
  2. Create a trigger and clickFinish to complete the task.

Figure 1-3
Click the image to view larger in new window

  1. On the client machine, navigate toExclusions. The PUA is now listed as an exclusion in the Exclusions list.

Figure 1-4

  1. InESET Remote Administrator Web Console,click Computers, select the client computer and clickShow detailsConfigurationRequest Configuration.
  2. Select Securityproductand click Convert to Policy.

Figure 1-5
Click the image to view larger in new window

  1. Open the policy you just created andenterthe necessary information in theBasicsection. Expand the Settings section, click AntivirusEditExclusions.
  2. Select the PUA exclusion and clickEdit. Select the slider bar next to Exclude for this computerand click OKSave. The policy with this excludedPUA is nowavailable to use for any client computer.

Figure 1-6