ESET Mail Security scans all emails, however Dynamic Threat Defense only scans emails received from outside of the organization.
If a threat is detected in a known clean sample, the product will most likely have remediated the threat and put the sample in Quarantine. If this happens, the admin can exclude the sample by clicking on the sample in "Submitted Files" and selecting "Add exclusion to Policy". After that, create a task to move the sample out of quarantine. The sample will never be scanned again.
The Admin can select from 5 categories of file types that will be sent from each ESET product using a policy. The file types include: Executables, Archives, Scripts, Documents, and others. The admin can also create an exclusion list based on file extension or directory.
Any file can be analyzed by ESET Dynamic Threat Defense. However, only samples that can harm a computer or contain or can download malicious content are automatically sent for analysis. So we specify that executables, scripts, and documents are supported (also in case they are stored in an archive).
ESET Dynamic Threat Defense works on all operating systems supported by ESET security products. The analysis starts on the operating system, where the sample has highest chance to do harmful actions. It's not possible to define this parameter manually.
When ESET Dynamic Threat Defense is not available, notifications about its protection status will be displayed in the Status Overview section in ESET Security Management Center.
Visit our Knowledgebase article for the list of all required addresses and ports for ESET products: https://support.eset.com/kb332/
To view the samples that were sent to ESET Dynamic Threat Defense as well as other data that was sent to ESET, including LiveGrid and diagnostics data, log in to ESET PROTECT (or ESET Security Management Center) and click More → Submitted Files.
ESET Mail Security for Exchange postpones delivery of email for a pre-defined time or until the results are received. The list of postponed mail is available in the Mail Security for Exchange user interface under Tools → ESET Dynamic Threat Defense.
It typically takes up to 5 minutes to analyze a sample that has never been analyzed by ESET Dynamic Threat Defense before. If a sample has already analyzed, the result will be received in the next product request cycle which can take up to 2 minutes.
ESET PROTECT refreshes in 1-minute intervals which updates the newly sent sample data and associated results.
All samples are encrypted and sent through HTTPS. They are then stored on a dedicated storage server with limited access by ESET employees for the predefined time set by the senders computer policy, after which they are deleted or stored securely.
The data arrives in an anonymous format: our systems only have access to the customer ID from their ESET Business Account, or ESET MSP Administrator. However, the customer ID is not associated with the data sent from a particular computer that has sent a sample for analysis. By default, the customer ID and the customer name are not available to any employee.
All samples are sent to ESET HQ, located in Bratislava, Slovakia, Europe.
Once the analysis is finished, the hash and result are stored in the ESET Cloud which runs on an MS Azure data center hosted in the US and in Europe. All computers request the results from MS Azure, not ESET HQ.
Once the samples sent to Dynamic Threat Defense are received, they are stored on a dedicated storage server with exceptional security. They are not stored on the same server as the LiveGrid samples. As an additional layer of security, only selected employees have access to the Dynamic Threat Defense samples. Since this is your data, you determine when the clean samples should be deleted from our servers once they have been analyzed. This setting is located in your product and includes the following delete options:
This option is available only when you've purchased ESET Dynamic Threat Defense service. Document samples are always deleted from ESET servers. Please note that if the sample is found to be malicious, it will be kept for further analysis and to enhance our detection systems.
It is possible that as our Machine Learning models or Scanning Engine are updated, a sample that was classified as clean, might be reclassified as Suspicious or Malicious. If this occurs, we will re-analyze stored samples and notify you with the updated result, which detects a new type of advanced persistent threat in your infrastructure.
No. We cooperate with other vendors to exchange malicious samples sent via LiveGrid to improve our knowledge. However, samples sent to Dynamic Threat Defense are never shared with other parties. ESET does not share any of the samples or metadata sent to Dynamic Threat Defense with any 3rd party entity. We believe in consumer privacy, and have put in place countless measures to be considered a trustworthy partner, with whom you can trust your data. All samples always stay in ESET HQ, and all hardware is owned by and located in ESET facilities, which stores or processes samples.
Once Dynamic Threat Defense is purchased, the administrator can set per-computer policy to delete samples like executables, scripts, archives or others immediately after analysis, after 30 days or never if the result is clean. For documents, admin can set only immediately after analysis or after 30 days after the result of the analysis is clean. If the sample is detected as suspicious or worse, we'll keep the sample for further analysis. We're also keeping metadata for improving the service.
At ESET HQ, where we're analyzing your data, all systems are in high-availability mode and under 24/7/365 monitoring.
For the ESET Cloud in Microsoft Azure, all systems are in a high-availability mode within a data center. The systems in our data centers are under 24/7/365 monitoring. If the US or Europe data center is not available, they are still in high-availability mode between each other and all information is synchronized among data centers. Therefore no degradation of service should ever occur. As a precaution however, all samples are stored in a queue, and once processed the results are delivered as soon as possible.