Create a policy to exclude PUAs by their hash value in ESET Remote Administrator
Solution
Click Tools → Quarantine on the client machine that has already detected the PUA, and verify that the PUA is listed in the Quarantine list.
Figure 1-1
Open ESET Remote Administrator Web Console and click Admin → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.
Figure 1-2 Click the image to view larger in new window
Click Admin → Client Tasks → Quarantine management → New. Enter the necessary information in the Basic section.
Expand the Settings section and select Restore object(s) and Exclude in Future from the Action drop-down menu. Select Hash items from the Filter Type drop-down menu.
Click Add in the Hash Item(s) sectionunder Filter Settings, select the check box next to the PUA that was detected on the client machine and click OK.
Create a trigger and click Finish to complete the task.
Figure 1-3 Click the image to view larger in new window
On the client machine, navigate to Exclusions. The PUA is now listed as an exclusion in the Exclusions list.
Figure 1-4
In ESET Remote Administrator Web Console, click Computers, select the client computer and click Show details → Configuration → Request Configuration.
Select Security product and click Convert to Policy.
Figure 1-5 Click the image to view larger in new window
Open the policy you just created and enter the necessary information in the Basic section. Expand the Settings section, click Antivirus → Edit → Exclusions.
Select the PUA exclusion and click Edit. Select the slider bar next to Exclude for this computer and click OK → Save. The policy with this excluded PUA is now available to use for any client computer.