Business article search

Restore a PUA in ESET Remote Administrator using a hash value and exclude it from detection (6.5)

Issue

  • Create a policy to exclude PUAs by their hash value in ESET Remote Administrator 

Solution

  1. Click Tools → Quarantine on the client machine that has already detected the PUA, and verify that the PUA is listed in the Quarantine list.

Figure 1-1
 

  1. Open ESET Remote Administrator Web Console and click Admin → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.

Figure 1-2
Click the image to view larger in new window
 

  1. Click Admin → Client Tasks → Quarantine management  New. Enter the necessary information in the Basic section. 
     
  1. Expand the Settings section and select Restore object(s) and Exclude in Future from the Action drop-down menu. Select Hash items from the Filter Type drop-down menu.
     
  1. Click Add in the Hash Item(s) section under Filter Settings, select the check box next to the PUA that was detected on the client machine and click OK.
     
  2. Create a trigger and click Finish to complete the task.

Figure 1-3
Click the image to view larger in new window
 

  1. On the client machine, navigate to Exclusions. The PUA is now listed as an exclusion in the Exclusions list.

Figure 1-4
 

  1. In ESET Remote Administrator Web Console, click Computers, select the client computer and click Show detailsConfiguration → Request Configuration.
     
  2. Select Security product and click Convert to Policy.

Figure 1-5
Click the image to view larger in new window

  1. Open the policy you just created and enter the necessary information in the Basic section. Expand the Settings section, click Antivirus → Edit Exclusions
     
  2. Select the PUA exclusion and click Edit. Select the slider bar next to Exclude for this computer and click OK Save. The policy with this excluded PUA is now available to use for any client computer.

Figure 1-6



Was this information helpful?