ESET SMART SECURITY 4 - QUICK START GUIDE FOR MICROSOFT WINDOWS 7-VISTA-XP-2000-2003-2008 Betriebsanweisung

ESET ENDPOINT SECURITYUser Guide Microsoft® Windows® 7 / Vista / XP / 2000 / Home Server / 2003 / 2008Click here to download the most recent version o

102.2 Custom installationCustom installation mode is designed for users who have experience with fine-tuning programs and who wish tomodify advanced

1004.7.5 Program menuSome of the most important setup options and features are available in the main program menu.Frequently used – Displays the mos

101the operating system and system resources.4.7.6 Context menuThe context menu is displayed after right-clicking on the selected object. The menu l

1025. Advanced user5.1 Proxy server setupIn large LAN networks, the connection of your computer to the Internet can be mediated by a proxy server. I

1035.3 Keyboard shortcutsKey shortcuts that can be used when working with the ESET Endpoint Security include:Ctrl+Gdisables GUI in the productCtrl+I

104/max-sfx-size=SIZEonly scan the files in a self-extracting archive if they are smaller than SIZE megabytes(default 0 = unlimited)/mailscan email fi

1055.5.1.1 Starting ESET SysInspectorTo start ESET SysInspector, simply run the SysInspector.exe executable you downloaded from ESET's website.

106HelpContains information about the application and its functions.DetailThis setting influences the information displayed in the Main window to make

107Network connectionsThe Description window contains a list of processes and applications communicating over the network using theprotocol selected i

1088risky, risk level 8-9 items are displayed9risky, risk level 9 items are displayed-decreases risk level+increases risk levelCtrl+9filtering mode, e

109NOTE: If you compare two log files, select File > Save log to save it as a ZIP file; both files are saved. If you open this filelater, the conta

11To configure your proxy server settings, select I use a proxy server and click Next. Enter the IP address or URL of yourproxy server in the Address

1105.5.4 Service ScriptService script is a tool that provides help to customers that use ESET SysInspector by easily removing unwanted objectsfrom t

111Example:02) Loaded modules:- c:\windows\system32\svchost.exe- c:\windows\system32\kernel32.dll+ c:\windows\system32\khbekhb.dll- c:\windows\system3

112Example:06) Important registry entries:* Category: Standard Autostart (3 items) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run- HotKeysCmds = C

1135.5.4.3 Executing Service scriptsMark all desired items, then save and close the script. Run the edited script directly from the ESET SysInspecto

114What is Anti-Stealth technology ?Anti-Stealth technology provides effective rootkit detection.If the system is attacked by malicious code that beha

1155.6.1 Minimum requirementsESET SysRescue works in the Microsoft Windows Preinstallation Environment (Windows PE) version 2.x, which is basedon Wi

1165.6.4.1 FoldersTemporary folder is a working directory for files required during ESET SysRescue compilation.ISO folder is a folder, where the res

1175.6.4.5 Bootable USB deviceIf you have selected a USB device as your target medium, you can select one of the available USB devices on the Bootab

1186. Glossary6.1 Types of infiltrationAn Infiltration is a piece of malicious software trying to enter and/or damage a user’s computer.6.1.1 Viru

1196.1.4 RootkitsRootkits are malicious programs that grant Internet attackers unlimited access to a system, while concealing theirpresence. Rootkit

12This installation step allows you to designate how automatic program updates will be handled on your system. Click Change... to access the advanced

1206.1.8 Potentially unwanted applicationsPotentially unwanted applications (PUAs) are not necessarily intended to be malicious, but may affect thep

1216.2.5 TCP desynchronizationTCP desynchronization is a technique used in TCP Hijacking attacks. It is triggered by a process in which the sequenti

1226.3 EmailEmail, or electronic mail, is a modern form of communication with many advantages. It is flexible, fast and direct, andplayed a crucial

1236.3.4 Recognizing spam scamsGenerally, there are a few indicators which can help you identify spam (unsolicited emails) in your mailbox. If a mes

1246.3.4.4 Server-side controlServer-side control is a technique for identifying mass spam based on the number of received messages and thereactions

13The next installation window offers the option to set a password to protect your program settings. Select the Protectconfiguration settings with a p

142.3 Entering username and passwordFor optimal functionality, it is important that the program is automatically updated. This is only possible if t

152.5 Computer scanAfter installing ESET Endpoint Security, you should perform a computer scan to check for malicious code. In the mainprogram windo

163. Beginner's guideThis chapter provides an initial overview of ESET Endpoint Security and its basic settings.3.1 Introducing user interface

173.2 What to do if the program doesn't work properlyIf the modules enabled are working properly, they are assigned a green check. If not, a re

18If you are unable to solve a problem using the suggested solutions, click Help and support to access the help files orsearch the ESET Knowledgebase.

19The Advanced setup window (click Setup in the main menu and then click Enter advanced setup..., or press F5 on yourkeyboard) contains additional upd

ESET ENDPOINT SECURITYCopyright ©2012 by ESET, spol. s r. o.ESET Endpoint Security was developed by ESET, spol. s r. o.For more information visit www.

203.5 Settings protectionESET Endpoint Security settings can be very important from the perspective of your security policy. Unauthorizedmodificatio

213.6 Trusted zone setupIt is necessary to configure the Trusted zone to protect your computer in a network environment. You can allow otherusers to

224. Work with ESET Endpoint SecurityThe ESET Endpoint Security setup options allow you to adjust the protection levels of your computer and network.T

23The Web and Email protection setup allows you to enable or disable the following components:Web access protection – If enabled, all traffic through

244.1 ComputerThe Computer module can be found in the Setup pane after clicking on the Computer title. It shows an overview of allprotection modules

25database update. This behavior is configured using Smart optimization. If this is disabled, all files are scanned eachtime they are accessed. To mod

264.1.1.1.3 Advanced scan optionsMore detailed setup options can be found under Computer > Antivirus and antispyware > Real-time systemprotect

274.1.1.1.5 When to modify real-time protection configurationReal-time protection is the most essential component of maintaining a secure system. Al

284.1.1.3 Computer scanThe on-demand scanner is an important part of your antivirus solution. It is used to perform scans of files and folderson you

294.1.1.3.1.2 Custom scanCustom scan is an optimal solution if you wish to specify scanning parameters such as scan targets and scanningmethods. The

Contents...5ESET Endpoint Security1...

304.1.1.3.4 Scan progressThe scan progress window shows the current status of the scan and information about the number of files found thatcontain m

31To background – You can run another parallel scan. The running scan will be minimized to the background.Click Bring to foreground to bring a scan to

32Lists of files to be scanned are fixed for each group.Scan priority – A level of priority to use for the scan start:Normal – at an average system lo

33ExamplesIf you wish to exclude all files in a folder, type the path to the folder and use the mask “*.*”. To exclude an entire drive including all f

344.1.1.6.2 OptionsUse the Options section to select the methods used when scanning the system for infiltrations. The following optionsare available

354.1.1.6.4 ExtensionAn extension is a part of a file name delimited by a period. An extension defines the type and content of a file. Thissection o

364.1.1.6.6 OtherYou can configure the following options in the Other section:Log all objects – If this option is selected, the log file will show a

37Cleaning and deletingIf there is no predefined action to take for Real-time file system protection, you will be asked to select an option in analert

384.1.2 Removable mediaESET Endpoint Security provides automatic removable media (CD/DVD/USB/...) scanning. This module allows you toscan an inserte

394.1.3.1 Device control rulesThe Device control rules editor window displays existing rules and allows for precise control of external devices that

...87ESET Live Grid4.6.6...

404.1.3.2 Adding Device control rulesA Device control rule defines the action that will be taken when a device meeting the rule criteria is connecte

41Rules can be limited to certain users or user groups by adding them to the User list:Add – Opens the Object type: Users or Groups dialog window that

42A dialog window is shown every time if Ask is the default action. It allows the user to choose to Deny or Allow theoperation. If the user does not c

434.2 NetworkThe Personal firewall controls all network traffic to and from the system. This is accomplished by allowing or denyingindividual networ

444.2.1 Filtering modesFive filtering modes are available for the ESET Endpoint Security Personal firewall. Filtering modes can be found in Advanced

454.2.2 Firewall profilesProfiles can be used to control the behavior of the ESET Endpoint Security Personal firewall.. When creating or editing aPe

464.2.3 Configuring and using rulesRules represent a set of conditions used to meaningfully test all network connections and all actions assigned to

474.2.3.1 Rules setupRules setup allows you to view all rules applied on the traffic generated by individual applications within trusted zonesand th

48remote IP addresses or zones for a given rule.Protocol represents the transfer protocol used for the rule. Click Select protocol... to open the Prot

494.2.4 Configuring zonesIn the Zone setup window you can specify the zone name, description, network address list and zone authentication(see Zone

51. ESET Endpoint SecurityESET Endpoint Security represents a new approach to truly integrated computer security. The most recent version ofthe Threat

50There are two authentication types available:1) Using ESET authentication serverZone authentication searches for a specific server in the network an

51Server configuration).The name of the authentication zone does not match the server zone.The configured zone name does not correspond with the authe

524.2.5 Establishing connection - detectionThe Personal firewall detects each newly-created network connection. The active firewall mode determines

53A thorough analysis of this data can help detect attempts to compromise system security. Many other factors indicatepotential security risks and all

54the email client (POP3, MAPI, IMAP, HTTP).The Antispam protection filters unsolicited email messages.Disable – Deactivates web/email/antispam protec

55Use HTTPS protocol checking for selected ports – HTTPS checking only for ports defined in Ports used by HTTPSprotocol.Use HTTPS protocol checking fo

56addresses, because the list should only contain trusted and safe addresses. Similarly, it is necessary to ensure that thesymbols * and ? are used co

57Template added to the subject of infected email – Edit this template if you wish to modify the subject prefix formatof an infected email. This funct

584.3.2.2 IMAP, IMAPS protocol controlThe Internet Message Access Protocol (IMAP) is another Internet protocol for email retrieval. IMAP has someadv

59Even if integration is not enabled, email communication is still protected by the email client protection module (POP3,IMAP).4.3.2.3.1 Email clien

6Regularly scan your computer for virusesA regular automatic scan of your computer with the proper settings can remove infiltrations that may have bee

604.3.3 Antispam protectionUnsolicited email, called spam, ranks among the greatest problems of electronic communication. Spam represents upto 80 pe

61Start email client antispam protection automatically – When enabled, antispam protection will be automaticallyactivated at system startup.Enable adv

624.3.4.2 Excluded applicationsTo exclude communication of specific network-aware applications from content filtering, select them in the list. HTTP

634.3.4.3 Excluded IP addressesThe entries in the addresses list will be excluded from the protocol content filtering. HTTP/POP3/IMAP communicationf

644.3.4.4 SSL protocol checkingESET Endpoint Security enables you to check protocols encapsulated in SSL protocol. You can use various scanningmodes

654.3.4.4.1.2 Excluded certificatesThe Excluded certificates section contains certificates that are considered safe. The content of encryptedcommuni

66not be checked at all.4.4 Web controlThe Web control section allows you to configure settings that prevent your company from risk of legal liabili

674.4.2 Adding Web control rulesThe Web control rules window allows you to manually create or modify the existing Web control filtering rule.Enter a

684.4.3 Group editorThe Group Editor window is divided into two parts. The right part of the window contain a list of categories andsubcategories. S

69Last successful update – The date of the last update. Make sure it refers to a recent date, which means that the virussignature database is current.

72. InstallationOnce you launch the installer, the installation wizard will guide you through the setup process.Important: Make sure that no other ant

70Important: Under normal circumstances, when updates are downloaded properly the message Update is notnecessary – Virus signature database is up to d

712. An error occurred while downloading update files – A possible cause of the error is incorrect Internet connectionsettings. We recommend that you

72The currently used update profile is displayed in the Selected profile drop-down menu. Click Profiles... to create a newprofile.The list of availabl

734.5.1.2.1 Update modeThe Update mode tab contains options related to the program component update. The program enables you topredefine its behavio

74proxy server.4.5.1.2.3 Connecting to the LANWhen updating from a local server with an NT-based operating system, authentication for each network c

75The first step in configuring the Mirror is to select the Create update mirror option. Selecting this option activatesother Mirror configuration opt

76Append your Certificate chain file, or generate a self-signed certificate if you wish to run HTTP server with HTTPS (SSL)support. The following type

77mode for more information about program component updates.4.5.1.2.4.2 Troubleshooting Mirror update problemsIn most cases, problems during an upda

78used to update other workstations located in the network. If a newer version of EULA is available when updating, adialog window with 60 seconds time

794.6 ToolsThe Tools menu includes modules that help simplify program administration and offer additional options for advancedusers.This menu includ

82.1 Typical installationTypical installation mode provides configuration options appropriate for most users. These settings provide excellentsecuri

804.6.1 Log filesLog files contain information about all important program events that have occurred and provide an overview ofdetected threats. Log

81how the filtering rules were applied.Device control – Contains records of removable media or devices that were connected to the computer. Onlydevice

824.6.2 SchedulerScheduler manages and launches scheduled tasks with predefined configuration and properties.The Scheduler can be accessed from the

833. Enter a name of the task and select one of the timing options:Once – The task will be performed only once, at the predefined date and time.Repeat

844.6.2.1 Creating new tasksTo create a new task in Scheduler, click the Add... button or right-click and select Add... from the context menu. Fivet

854.6.3 Protection statisticsTo view a graph of statistical data related to ESET Endpoint Security's protection modules, click Tools > Prote

864.6.4 Watch activityTo see the current File system activity in graph form, click Tools > Watch activity. At the bottom of the graph is atimelin

87The following actions are available:Compare – Compares two existing logs.Create... – Creates a new log. Please wait until the ESET SysInspector log

88you if further information is required for analysis. Please note that you will not receive a response from ESET unlessmore information is needed.In

89Time of discovery – Period of time since the application was discovered by ESET Live Grid technology.NOTE: When an application is marked as Unknown

9By default, the I agree to participate in ESET Live Grid option is selected, which will activate this feature.The next step in the installation proce

90Application/Local IP – Name of application, local IP addresses and communication ports.Remote IP – IP address and port number of the particular remo

914.6.9 QuarantineThe main function of the quarantine is to safely store infected files. Files should be quarantined if they cannot becleaned, if it

924.6.10 Submission of files for analysisThe file submission dialog enables you to send a file to ESET for analysis and can be found in Tools > S

93Send event notifications to LAN computers by means of Messenger service – Select this checkbox to send messagesto LAN computers via the Windows® mes

944.6.13 DiagnosticsDiagnostics provides application crash dumps of ESET's processes (e.g. ekrn). If an application crashes, a dump will begene

954.6.15 Remote administrationESET Remote Administrator (ERA) is a powerful tool to manage security policy and to obtain an overview of the overalls

964.7 User interfaceThe User interface section allows you to configure the behavior of the program's Graphical user interface (GUI).Using the G

974.7.2 Alerts and notificationsThe Alerts and notifications section under User interface allows you to configure how threat alerts and systemnotifi

98The Display only notifications requiring user’s interaction option allows you to toggle alerts and notifications thatrequire no user interaction. Se

994.7.4 Access setupIn order to provide maximum security for your system, it is essential for ESET Endpoint Security to be correctlyconfigured. Any