[KB7914] Enable Ransomware Shield Audit mode and exclude an application from detection in ESET PROTECT or ESET PROTECT On-Prem

Issue

Details

Click to expand

ESET business products (version 8 and later) include Ransomware Shield. This new security feature is a part of HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in ESET PROTECT or ESET PROTECT On-Prem Web Console in Detections.

By default, Ransomware Shield blocks all applications with potential ransomware behavior. If there is a legitimate application or script automatically running on the managed computer and performing operations that are evaluated as ransomware behavior (moving files across folders, encrypting files and folders), you may want to exclude it from being blocked by ESET business product.

Solution

ESET PROTECT or ESET PROTECT On-Prem Web Console Policy settings for ESET business products include Ransomware Shield Audit mode. When Ransomware Shield Audit mode is enabled, applications with ransomware behavior are allowed to run and are logged in Detections. The administrator can decide to block the potential detected threat or allow it permanently by adding it to exclusions.

Enable Ransomware Shield in ESET PROTECT or ESET PROTECT On-Prem

  2. Click Policies, select the policy for ESET business product, and then click Policies Edit.

Figure 1-1

  1. Click Settings Detection EngineHIPS.

Figure 1-2

  1. Click the toggle next to Enable Ransomware Shield Audit mode to enable this setting and click Finish to apply the Policy settings.

Protection against ransomware

When you apply Enable Ransomware Shield Audit mode, automatic ransomware protection is turned off and the managed computer is not protected against ransomware.

Figure 1-3

Create an exclusion in Ransomware Shield

  1. On the managed computer, run the application with ransomware behavior.

  2. In ESET PROTECT or ESET PROTECT On-Prem Web Console click Detections. You can see the information about the potential ransomware application detected on the client computer.

Figure 2-1

  1. Click the detection and click Show Details. Verify the path to the application in Uniform Resource Identifier (URI) and make sure that you want to exclude the detection. Click Close.

Use Exclusions with caution

Exclusions increase the exposure of managed computer to malware.

Figure 2-2

  1. Click the detection and select Create Exclusion.

Figure 2-3

  1. The Exclusion criteria is pre-selected based on the detection type. Select the check box Resolve matching alerts to automatically resolve the alerts covered by the exclusion. Optionally, you can add a Comment. Read more about creating exclusions in ESET Online Help.

Figure 2-4

  1. Click Target. Select computers or groups where the exclusion will be applied and click Finish.

Figure 2-5

  1. Ransomware Shield no longer detects the excluded application.

  2. Edit the policy selected in step 2 and click the toggle next to Enable Ransomware Shield Audit mode to disable it and ensure the automatic ransomware protection of the managed computer.

Figure 2-6
Last Updated: Jan 28, 2025

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?