Issue
- Create a policy to exclude potentially unwanted applications (PUAs) by their hash value in ESET PROTECT On-Prem
Solution
-
On the client machine that has already detected the PUA, open your ESET endpoint product and click Tools → Quarantine. Verify that the PUA is listed in the Quarantine list.
-
Open ESET PROTECT On-Prem in your web browser and log in.
-
Click More → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.
-
Click Tasks → Client Tasks → ESET Security Product → Quarantine Management → New → Client Task.
-
In the Basic section, type the name for the task. Click Settings and from the Action drop-down menu select Restore Object(s) and Exclude in Future. From the Filter type drop-down menu, select Hash items. In the Hash item(s) section, click Add.
-
Select the check boxes next to the PUAs that you want to create an exclusion for and click OK.
-
Click Finish to complete the task and create a Trigger for this Client Task.
-
On the client machine, open the main program window of your Windows ESET endpoint product. Press the F5 key on your keyboard to open Advanced Setup.
-
Click Detection Engine, expand Exclusions, and click Edit next to Detection exclusions. The PUA is now listed as an exclusion in the Exclusions list.
-
In the ESET PROTECT On-Prem Web Console, click Computers, select the client computer and click Actions → Show Details.
-
Click Request Configuration. When the configuration opens, click Security product → Open configuration.
-
Click Convert to Policy.
-
In the Name field, type a name for your policy and click Finish. The policy with this excluded PUA is now available to use for any client computer.
-
Assign the policy with the PUA exclusion to other computers.