Issue

• Create a policy to exclude potentially unwanted applications (PUAs) by their hash value in ESET PROTECT

Solution

1. On the client machine that has already detected the PUA, open your ESET endpoint product and click Tools → Quarantine. Verify that the PUA is listed in the Quarantine list.

   

2. Open the ESET PROTECT On-Prem Web Console in your web browser and log in.

3. Click More → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.

   

4. Click Tasks → Client Tasks → ESET Security Product → Quarantine Management → New → Client Task.

   

5. In the Basic section, type the name for the task. Click Settings and from the Action drop-down menu select Restore Object(s) and Exclude in Future. From the Filter type drop-down menu, select Hash items. In the Hash item(s) section, click Add.

   

6. Select the check boxes next to the PUAs that you want to create an exclusion for and click OK.

   

7. Click Finish to complete the task and create a Trigger for this Client Task.

   

8. On the client machine, open the main program window of your Windows ESET endpoint product. Press the F5 key on your keyboard to open Advanced Setup.

9. Click Detection Engine, expand Exclusions, and click Edit next to Detection exclusions. The PUA is now listed as an exclusion in the Exclusions list.

   

10. In ESET PROTECT Web Console, click Computers, select the client computer and click Actions → Show Details.

    

11. Click Request Configuration. When the configuration opens, click Security product → Open configuration.

    

12. Click Convert to Policy.

    

13. In the Name field, type a name for your policy and click Finish. The policy with this excluded PUA is now available to use for any client computer.

    

14. Assign the policy with the PUA exclusion to other computers.