advertisement
7. Beginner's guide
This chapter provides an overview of ESET File Security, the main parts of the menu, functionalities and basic settings.
7.1 The user interface
The main program window of ESET File Security is divided into two main sections. The primary window on the right displays information that corresponds to the option selected from the main menu on the left.
The different sections of the main menu are described below:
Monitoring - Provides information about the protection status of ESET File Security, license validity, last update of the virus signature database, basic statistics and system information.
Log files - Accesses log files that contain information about all important program events that have occurred. These files provide an overview of detected threats as well as other security related events.
Scan - Allows you to configure and launch a Storage Scan, Smart scan, Custom scan or Removable media scan. You can also repeat the last scan that was run.
Update - Displays information about the virus signature database and notifies you if an update is available. Product activation can also be performed from this section.
Setup - Here you can adjust your Server and Computer security settings.
Tools - Provides additional information about your system and protection in addition to tools that help you further
manage your security. The Tools section contains the following items:
Running processes
Watch activity
ESET Log
Collector
Protection statistics
Cluster
,
ESET Shell
ESET SysInspector
ESET SysRescue Live
USB and
Scheduler
Submit a sample for analysis
Quarantine
Help and support - Provides access to help pages, the
ESET Knowledgebase
and other Support tools. Also available are links to open a Customer Care support request and information about product activation.
21
22
The Protection status screen informs you about the current protection level of your computer. The green Maximum
protection status indicates that maximum protection is ensured.
The status window also displays quick links to frequently used features in ESET File Security and information about the last update.
What to do if the program doesn't work properly?
Modules that are working properly are assigned a green check. Modules that are not fully functional are assigned a red exclamation point or an orange notification icon. Additional information about the module is shown in the upper part of the window. A suggested solution for fixing the module is also displayed. To manage the status of a specific module, click Setup in the main menu and then click the desired module.
The red icon with a "!" signals critical problems - maximum protection of your computer is not ensured. This status is displayed when:
Antivirus and antispyware protection disabled - You can re-enable antivirus and antispyware protection by clicking Enable Real-time protection in the Protection status pane or Enable Antivirus and antispyware protection in the Setup pane of the main program window.
You are using an outdated virus signature database.
The product is not activated.
Your license is expired - This is indicated by the protection status icon turning red. The program is not able to update after the license expires. We recommend following the instructions in the alert window to renew your license.
The orange icon with an "i" indicates that your ESET product requires attention for a non - critical problem.
Possible reasons include:
Web access protection is disabled - You can re-enable Web access protection by clicking on the security notification and then clicking Enable Web access protection.
Your license will expire soon - This is indicated by the protection status icon displaying an exclamation point.
After your license expires, the program will not be able to update and the Protection status icon will turn red.
23
24
If you are unable to solve a problem using the suggested solutions, click Help and support to access the help files or search the
ESET Knowledgebase
. If you still need assistance, you can submit an ESET Customer Care support request.
ESET Customer Care will respond quickly to your questions and help find a resolution.
To view your Protection status, click the top option from the main menu. A status summary about the operation of
ESET File Security will be displayed in the primary window, and a submenu with two items will appear: Watch
activity and Statistics. Select either of these to view more detailed information about your system.
When ESET File Security runs with full functionality, the Protection status icon appears in green. When attention is required, it appears in orange or red.
Click Watch activity to view a real-time graph of file-system activity (horizontal axis). The vertical axis shows the amount of read data (blue line) and the amount of written data (red line).
The Statistics sub-menu allows you to see the number of infected, cleaned and clean objects for a particular module. There is a number of modules you can choose from by selecting from the drop-down list.
7.2 Setting up virus DB update
Updating the virus signature database and program components is an important part of providing complete protection against malicious code. Please pay careful attention to its configuration and operation. From the main menu, go to Update and then click Update now to check for a newer signature database.
You can configure update settings from the Advanced setup window (press the F5 key on your keyboard). To configure advanced update options such as the update mode, proxy server access, LAN connection and virus signature copy settings (mirror), click Update in the Advanced setup window on the left. If you experience problems with an update, click Clear cache to clear the temporary update folder. The Update server menu is set to
AUTOSELECT by default. AUTOSELECT means that the update server, from which the virus signature updates are downloaded, is chosen automatically. We recommend that you leave the default option selected. If you do not want the the system tray notification at the bottom right corner of the screen to appear, select Disable display
notification about successful update.
For optimal functionality, it is important that the program is automatically updated. This is only possible if the correct License key is entered in Help and support > Activate License.
If you did not activate your product following installation, you can do so at any time. For more detailed information
How to activate ESET File Security
and enter the license data you received with your ESET
security product into the License details window.
25
7.2.1 Settings protection
ESET File Security settings can be very important from the perspective of your organization’s security policy.
Unauthorized modifications can potentially endanger the stability and protection of your system. To access User
interface setup, click Setup in the main menu and then click Advanced setup, or press F5 on your keyboard. Click
User interface > Access setup, select Password protect settings and click Set password.
26
Enter a password in the New password and Confirm password fields and click OK. This password will be required for any future modifications to ESET File Security.
7.3 Proxy server setup
If you use a proxy server for the Internet connection on a system where ESET File Security is installed, proxy settings must be configured in Advanced setup. To access the proxy server configuration window, press F5 to open the
Advanced setup window and click Update > HTTP proxy. Select Connection through a proxy server from the Proxy
mode drop-down menu and fill in your proxy server details: Proxy server (IP address), Port number and Username and Password (if applicable).
If you are unsure about proxy server details, you can try to automatically detect your proxy server settings by selecting Use global proxy server settings from the drop-down list.
NOTE: Proxy server options for various update profiles may differ. If this is the case, configure the different update profiles in Advanced setup by clicking Update > Profile.
27
7.4 Log files
Log files contain information about all important program events that have occurred and provide an overview of detected threats. Logs are an essential tool in system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction. Information is recorded based on the current log verbosity settings. It is possible to view text messages and logs directly from the ESET File Security environment. It is also possible to archive log files using export.
28
Log files are accessible from the main program window by clicking Log files. Select the desired log type from the drop-down menu. The following logs are available:
Detected threats - The threat log offers detailed information about infiltrations detected by ESET File Security modules. The information includes the time of detection, name of infiltration, location, the performed action and the name of the user logged in at the time the infiltration was detected. Double-click any log entry to display its details in a separate window.
Events - All important actions performed by ESET File Security are recorded in the event log. The event log contains information about events and errors that have occurred in the program. It is designed to help system administrators and users resolve problems. Often the information found here can help you find a solution for a problem occurring in the program.
Computer scan - All scan results are displayed in this window. Each line corresponds to a single computer control.
Double-click any entry to view the details of the respective scan.
HIPS - Contains records of specific rules that are marked for recording. The protocol shows the application that called the operation, the result (whether the rule was permitted or prohibited) and the name of the rule created.
Filtered websites - This list is useful if you want to view a list of websites that were blocked by
Web access protection
. In these logs you can see the time, URL, user and application that opened a connection to the
particular website.
Device control - Contains records of removable media or devices that were connected to the computer. Only devices with a Device control rule will be recorded to the log file. If the rule does not match a connected device, a log entry for a connected device will not be created. Here you can also see details such as device type, serial number, vendor name and media size (if available).
In each section, the displayed information can be copied to the clipboard (keyboard shortcut Ctrl + C) by selecting the entry and clicking Copy. The CTRL and SHIFT keys can be used to select multiple entries.
Click the switch icon Filtering to open the Log filtering window where you can define the filtering criteria.
You can bring up the context menu by right-clicking a specific record. The following options are available in the context menu:
Show - Shows more detailed information about the selected log in a new window (same as double-click).
Filter same records - This activates log filtering, showing only records of the same type as the one selected.
Filter... - After clicking this option, the
Log filtering
window will allow you to define filtering criteria for specific
log entries.
Enable filter - Activates filter settings. You need to define filtering criteria the first time you use it, after that it will simple turn one the filter with previously defined criteria.
Disable filter - Turns filtering off (same as clicking the switch at the bottom). This option is only available when filtering is turned on.
Copy - Copies information of selected/highlighted record(s) into the clipboard.
Copy all - Copies information of all the records in the window.
Delete - Deletes selected/highlighted record(s) -this action requires administrator privileges.
Delete all - Deletes all the record(s) in the window -this action requires administrator privileges.
Export... - Exports information of selected/highlighted record(s) into an XML file.
Find... - Opens
Find in log
window and lets you define search criteria. Works on already filtered content - useful
when there are still too many record for example.
Find next - Finds next occurrence with previously defined search (above).
Find previous - Finds previous occurrence.
Scroll log - Leave this option enabled to auto scroll old logs and view active logs in the Log files window.
29
7.5 Scan
The on-demand scanner is an important part of ESET File Security. It is used to perform scans of files and folders on your computer. From a security point of view, it is essential that computer scans are not just run when an infection is suspected, but regularly as part of routine security measures. We recommend that you perform regular (for example once a month) in-depth scans of your system to detect viruses not detected by
Real-time file system protection
. This can happen if Real-time file system protection was disabled at the time, if the virus database was obsolete or if the file was not detected as a virus when it was saved to the disk.
30
Two types of Computer scan are available. Smart scan quickly scans the system with no need for further configuration of the scan parameters. Custom scan allows you to select any of the predefined scan profiles and define specific scan targets.
See
Scan progress
for more information about the scanning process.
Storage scan
Scans all shared folders on the local server. If Storage scan is not available, it means there are no shared folders on your server.
Smart scan
Smart scan allows you to quickly launch a computer scan and clean infected files with no need for user intervention.
The advantage of Smart scan is that it is easy to operate and does not require detailed scanning configuration. Smart scan checks all files on local drives and automatically cleans or deletes detected infiltrations. The cleaning level is
automatically set to the default value. For more detailed information on types of cleaning, see
Cleaning
Custom scan
Custom scan is an optimal solution if you want to specify scanning parameters such as scan targets and scanning methods. The advantage of Custom scan is the ability to configure the parameters in detail. Configurations can be saved to user-defined scan profiles, which can be useful if scanning is repeatedly performed using the same parameters.
To select scan targets, select Computer scan > Custom scan and select an option from the Scan targets drop-down menu, or select specific targets from the tree structure. A scan target can also be specified by entering the path of the folder or file(s) you want to include. If you are only interested in scanning the system without additional cleaning actions, select Scan without cleaning. When performing a scan, you can choose from three cleaning levels by clicking Setup > ThreatSense parameters > Cleaning.
Performing computer scans with Custom scan is only recommended for advanced users with previous experience using antivirus programs.
Removable media scan
Similar to Smart scan - quickly launch a scan of removable media (such as CD/DVD/USB) that are connected to the computer. This may be useful when you connect a USB flash drive to a computer and want to scan its content for malware and other potential threats.
This type of scan can be also initiated by clicking Custom scan and then selecting Removable media from the Scan
targets drop-down menu and clicking Scan.
Repeat last scan
Runs the last scan, whichever it was (Storage, Smart, Custom, etc.), with the exact same settings.
NOTE: We recommend that you run a computer scan at least once a month. Scanning can be configured as a
scheduled task
from Tools > Scheduler.
31
7.6 Update
Regularly updating ESET File Security is the best method to maintain the maximum level of security on your computer. The Update module ensures that the program is always up to date in two ways, by updating the virus signature database and by updating system components.
By clicking Update in the main program window, you can find the current update status including the date and time of the last successful update and whether an update is needed. The primary window also contains the virus signature database version. This numeric indicator is an active link to the ESET website, listing all signatures added within the given update.
To begin the update process, click Update now. Updating the virus signature database and updating program components are important parts of maintaining complete protection against malicious code.
Last successful update - The date of the last update. Make sure it refers to a recent date, which means that the virus signature database is current.
Virus signature database version - The virus signature database number, which is also an active link to the ESET website. Click this to view a list of all signatures added in a given update.
32
Update process
After clicking Update now, the download process begins and the progress of the update is displayed. To interrupt the update click Cancel update.
Important: Under normal circumstances, when updates are downloaded properly the message Update is not
necessary -the virus signature database is up to date will appear in the Update window. If this is not the case, the program is out of date and more vulnerable to infection. Please update the virus signature database as soon as possible. Otherwise, one of the following messages will be displayed:
Virus signature database is out of date -This error will appear after several unsuccessful attempts to update the virus signature database. We recommend that you check the update settings. The most common reason for this
error is incorrectly entered authentication data or incorrectly configured
connection settings
.
The previous notification is related to the following two Virus signature database update failed messages about unsuccessful updates:
Invalid license - The license key has been entered incorrectly in update setup. We recommend that you check your authentication data. The Advanced setup window (press F5 on your keyboard) contains additional update options. Click Help and support > Manage license from the main menu to enter a new license key.
An error occurred while downloading update files - A possible cause of this error is incorrect
Internet connection settings
. We recommend that you check your Internet connectivity by opening any website in your web browser. If the website does not open, it is likely that an Internet connection is not established or there are connectivity problems with your computer. Please check with your Internet Service Provider (ISP) if you do not have an active Internet connection.
NOTE: For more information please visit this
ESET Knowledgebase article
.
33
34
7.7 Tools
The Tools menu includes modules that help simplify program administration and offer additional options. It includes the following tools:
Running processes
Watch activity
ESET Log Collector
Protection statistics
Cluster
ESET Shell
ESET SysInspector
ESET SysRescue Live
Scheduler
Submit sample for analysis
Quarantine
7.7.1 Running processes
Running processes displays the running programs or processes on your computer and keeps ESET immediately and continuously informed about new infiltrations. ESET File Security provides detailed information on running processes to protect users with
ESET Live Grid
Risk level - In most cases, ESET File Security and ESET Live Grid technology assign risk levels to objects (files, processes, registry keys, etc.) using a series of heuristic rules that examine the characteristics of each object and then weigh their potential for malicious activity. Based on these heuristics, objects are assigned a risk level from 1-
Fine (green) to 9- Risky (red) .
Process - Image name of the program or process that is currently running on your computer. You can also use the
Windows Task Manager to see all running processes on your computer. You can open Task Manager by right-clicking an empty area on the taskbar and then clicking Task Manager, or by pressing Ctrl+Shift+Esc on your keyboard.
PID - Is an ID of processes running in Windows operating systems.
NOTE: Known applications marked as Fine (green) are definitely clean (white-listed) and will be excluded from scanning, as this will improve the scanning speed of on-demand computer scan or Real-time file system protection on your computer.
Number of users - The number of users that use a given application. This information is gathered by ESET Live Grid technology.
Time of discovery - Period of time since the application was discovered by ESET Live Grid technology.
NOTE: When an application is marked as Unknown (orange) security level, it is not necessarily malicious software.
Usually it is just a newer application. If you are not sure about the file, use the
Submit sample for analysis
send the file to the ESET Virus Lab. If the file turns out to be a malicious application, its detection will be added to one of the upcoming Virus Signature Database updates.
Application name - Given name of a program this process belongs to.
35
36
By clicking a given application at the bottom, the following information will appear at the bottom of the window:
Path - Location of an application on your computer.
Size - File size either in kB (kilobytes) or MB (megabytes).
Description - File characteristics based on the description from the operating system.
Company - Name of the vendor or application process.
Version - Information from the application publisher.
Product - Application name and/or business name.
Created on - Date and time when an application was created.
Modified on - Last date and time when an application was modified.
NOTE: Reputation can also be checked on files that do not act as running programs/processes - mark files you want
to check, right-click on them and from the
context menu
select Advanced options > Check File Reputation using ESET
Live Grid.
7.7.2 Watch activity
To see the current File system activity in graph form, click Tools > Watch activity. It shows you the amount of read and written data in your system in two graphs. At the bottom of the graph is a timeline that records file system activity in real-time based on the selected time span. To change the time span, select from Refresh rate drop-down menu.
The following options are available:
1 second - The graph refreshes every second and the timeline covers the last 10 minutes.
1 minute (last 24 hours) - The graph is refreshed every minute and the timeline covers the last 24 hours.
1 hour (last month) - The graph is refreshed every hour and the timeline covers the last month.
1 hour (selected month) - The graph is refreshed every hour and the timeline covers the selected month. Click
Change month button to make another selection.
The vertical axis of the File system activity graph represents the amount of read data (blue) and the amount of written data (red). Both values are given in kB (kilobytes)/MB/GB. If you mouse over either read data or written data in the legend below the graph, the graph will only display data for that activity type.
7.7.3 Time period selection
Select a month (and a year) for which you want to see File system activity in the graph.
7.7.4 ESET Log Collector
ESET Log Collector is an application that automatically collects information, such as configuration and logs from your server in order to help resolve issues more quickly. When you have a case open with ESET Customer Care, you may be asked to provide logs from your computer. ESET Log Collector will make it easy for you to collect the information needed.
ESET Log Collector is accessible from the main menu by clicking Tools > ESET Log Collector.
37
Select the appropriate check boxes for the logs that you want to collect. If you are unsure what to select, leave all check boxes selected (default). Specify the location where you want to save archive files and then click Save. The archive file name is already predefined. Click Collect.
During the collection, you can view the operation log window at the bottom to see what operation is currently in progress. When collection is finished, all files have been collected and archived will be displayed. This means that collection was successful and the archive file (for example, emsx_logs.zip
) has been saved in the location specified.
For further information about ESET Log Collector and for the list of files that ESET Log Collector actually collects, please visit the
ESET Knowledgebase
.
7.7.5 Protection statistics
To view a graph of statistical data related to protection modules of ESET File Security, click Tools > Protection
statistics. Select the desired protection module from the Statistics drop-down menu to see the corresponding graph and legend. If you mouse over an item in the legend, only the data for that item will display in the graph.
38
The following statistic graphs are available:
Antivirus and antispyware protection - Displays the overall number of infected and cleaned objects.
File system protection - Displays objects that were read or written to the file system only.
Email client protection - Displays objects that were sent or received by email clients only.
Web access and Anti-Phishing protection - Displays objects downloaded by web browsers only.
Next to the statistics graphs, you can see the number of all scanned objects, number of infected objects, number of cleaned objects and the number of clean objects. Click Reset to clear statistics information or click Reset all to clear and remove all the existing data.
7.7.6 Cluster
The ESET Cluster is a P2P communication infrastructure of the ESET line of products for Microsoft Windows Server.
This infrastructure enables ESET server products to communicate with each other and exchange data such as configuration and notifications as well as synchronize data necessary for correct operation of a group of product instances. An example of such group is a group of nodes in a Windows Failover Cluster or Network Load Balancing
(NLB) Cluster with ESET product installed where there is a need to have the same configuration of the product across the whole cluster. ESET Cluster ensures this consistency between instances.
The ESET Cluster status page is accessible from the main menu in Tools > Cluster when properly configured, the status page should look like this:
To setup the ESET Cluster click Cluster wizard. For details on how to set the ESET Cluster up using the wizard click
here
When setting up the ESET Cluster, there two ways to add nodes - automatically using existing Windows Failover
Cluster / NLB Cluster or manually by browsing for computers that are in a Workgroup or in a Domain.
Autodetect - Automatically detects nodes that are already members of a Windows Failover Cluster / NLB Cluster and adds the to the ESET Cluster
Browse - You can add nodes manually by typing in the server names (either members of the same Workgroup or members of the same Domain)
NOTE: Servers don't have to be members of a Windows Failover Cluster / NLB Cluster to use the ESET Cluster feature. A Windows Failover Cluster or NLB Cluster in your is not required in your environment for you to use ESET clusters.
Once you have added nodes to your ESET Cluster, the next step is the installation of ESET File Security on each node.
This is done automatically during ESET Cluster setup.
39
40
Credentials that are required for remote installation of ESET File Security on other cluster nodes:
Domain scenario - domain administrator credentials
Workgroup scenario - you need to make sure that all nodes use the same local administrator account credentials
In an ESET Cluster, you can also use a combination of nodes added automatically as members of an existing
Windows Failover Cluster / NLB Cluster and nodes added manually (provided they are in the same Domain).
NOTE: It is not possible to combine Domain nodes with Workgroup nodes.
Another requirement for the use of an ESET Cluster is that File and Printer Sharing must be enabled in Windows
Firewall before pushing ESET File Security installation to the ESET Cluster nodes.
ESET Cluster can easily be dismantled by clicking Destroy cluster. Each node will write a record in their event log about the ESET Cluster being destroyed. After that, all ESET firewall rules are removed from the Windows Firewall.
Former nodes will be reverted to their previous state and can be used again in other ESET Cluster if necessary.
NOTE: The creation of ESET Clusters between ESET File Security and ESET File Security for Linux is not supported.
Adding new nodes to an existing ESET Cluster can be done anytime by running the Cluster wizard as described above and
here
See the
Work cluster
section for more information about ESET cluster configuration.
7.7.7 ESET Shell
eShell (short for ESET Shell) is a command line interface for ESET File Security. It is an alternative to the graphical user interface (GUI). eShell has all the features and options that the GUI normally gives you. eShell lets you configure and administer the whole program without the use of the GUI.
Apart from all the functions and features that are available in the GUI, it also provides you with the option of using automation by running scripts in order to configure, modify configuration or perform an action. Also, eShell can be useful for those who prefer using the command line over the GUI.
There are two modes in which eShell can be run:
Interactive mode - this is useful when you want to work with eShell (not just execute single command) for tasks such as changing configuration, viewing logs, etc. You can also use interactive mode if you are not familiar with the all the commands yet. Interactive mode will make it easier for you when navigating through eShell. It also shows you available commands you can use within a particular context.
Single command / Batch mode - you can use this mode if you only need to execute a command without entering the interactive mode of eShell. This can be done from the Windows Command Prompt by typing in eshell
with appropriate parameters. For example: eshell get status or eshell set antivirus status disabled
In order to run certain commands (such as second example above) in batch/script mode, there are a couple of settings that you need to
configure
first. Otherwise, you'll get Access Denied message. This is for security reasons.
NOTE: For full functionality we recommend you to open the eShell using Run as administrator. The same applies when executing single command via Windows Command Prompt (cmd). Open the cmd using Run as administrator.
Otherwise you won't be able to execute all commands. It is because when you open cmd or eShell using other account than administrator you will not have sufficient permissions.
NOTE: In order to run eShell commands from Windows Command Prompt or to run batch files, you need to make some settings. For further information about running batch files click
here
To enter interactive mode in eShell, you can use one of the following two methods:
Via Windows Start menu: Start > All Programs > ESET > ESET File Security > ESET shell
From Windows Command Prompt by typing in eshell
and pressing the Enter key
When you run eShell in interactive mode for the first time, a first run (guide) screen will display.
NOTE: If you want to display the first run screen in future, type in guide
command. It shows you some basic examples how to use eShell with Syntax, Prefix, Command path, Abbreviated forms, Aliases, etc. This is basically a quick guide to eShell.
Next time you run eShell, you'll see this screen:
NOTE: Commands are not case sensitive. You can use upper case (capital) or lower case letters and the command will execute regardless.
Customizing eShell
You can customize eShell in ui eshell
context. You can configure aliases, colors, language, execution policy for
scripts
, you can choose to display hidden commands, and some others settings.
7.7.7.1 Usage
Syntax
Commands must be formatted in the correct syntax to function and can be composed of a prefix, context, arguments, options, etc. This is the general syntax used throughout the eShell:
[<prefix>] [<command path>] <command> [<arguments>]
Example (this activates document protection):
SET ANTIVIRUS DOCUMENT STATUS ENABLED
SET
- a prefix
ANTIVIRUS DOCUMENT
- path to a particular command, a context where this command belong
STATUS
- the command itself
ENABLED
- an argument for the command
41
42
Using
?
as an argument for command will display the syntax for that particular command. For example,
STATUS ?
will show you the syntax for
STATUS
command:
SYNTAX:
[get] | status set status enabled | disabled
You may notice that
[get]
is in brackets. It designates that the prefix get
is default for the status
command. This means that when you execute status
without specifying any prefix, it will actually use the default prefix (in this case get status
). Using commands without a prefix saves time when typing. Usually get
is the default prefix for most commands, but you need to be sure what the default prefix is for a particular command and that it is exactly what you want to execute.
NOTE: Commands are not case sensitive, you can use upper case (capital) or lower case letters and the command will execute regardless.
Prefix / Operation
A prefix is an operation. The
GET
prefix will give you information about how a certain feature of ESET File Security is configured or show you the status (such as
GET ANTIVIRUS STATUS
will show you current protection status). The
SET prefix will configure functionality or change its status (
SET ANTIVIRUS STATUS ENABLED
will activate protection).
These are the prefixes that eShell lets you use. A command may or may not support any of the prefixes:
GET
- returns current setting/status
SET
- sets value/status
SELECT
- selects an item
ADD
- adds an item
REMOVE
- removes an item
CLEAR
- removes all items/files
START
- starts an action
STOP
- stops an action
PAUSE
- pauses an action
RESUME
- resumes an action
RESTORE
- restores default settings/object/file
SEND
- sends an object/file
IMPORT
- imports from a file
EXPORT
- exports to a file
Prefixes such as
GET
and
SET
are used with many commands, but some commands (such as
EXIT
) do not use a prefix.
Command path / Context
Commands are placed in contexts which form a tree structure. The top level of the tree is root. When you run eShell, you are at the root level: eShell>
You can either execute a command from here, or enter the context name to navigate within the tree. For example, when you enter
TOOLS
context, it will list all commands and sub-contexts that are available from here.
Yellow items are commands you can execute and grey items are sub-contexts you can enter. A sub-context contain further commands.
If you need to return back to a higher level, use
..
(two dots). For example, say you are here: eShell antivirus startup> type
..
and it will get you up one level, to: eShell antivirus>
If you want to get back to root from eShell antivirus startup>
(which is two levels lower from root), simply type
.. ..
(two dots and two dots separated by space). By doing so, you will get two levels up, which is root in this case.
Use backslash
\
to return directly to root from any level no matter how deep within the context tree you are. If you want to get to a particular context in upper levels, simply use the appropriate number of
..
as you need to get to the desired level, but use space as a separator. For example, if you want to get three levels higher, use
.. .. ..
The path is relative to the current context. If the command is contained in the current context, do not enter a path.
For example, to execute
GET ANTIVIRUS STATUS
enter:
GET ANTIVIRUS STATUS
- if you are in the root context (command line shows eShell>
)
GET STATUS
- if you are in the context
ANTIVIRUS
(command line shows eShell antivirus>
)
.. GET STATUS
- if you are in the context
ANTIVIRUS STARTUP
(command line shows eShell antivirus startup>
)
NOTE: You can use single
.
(dot) instead of two
..
because single dot is an abbreviation of two dots. For example:
. GET STATUS
- if you are in the context
ANTIVIRUS STARTUP
(command line shows eShell antivirus startup>
)
Argument
An argument an action which is performed for a particular command. For example, command
CLEAN-LEVEL
(located in
ANTIVIRUS REALTIME ENGINE
) can be used with following arguments: no
- No cleaning normal
- Normal cleaning strict
- Strict cleaning
Another example are the arguments
ENABLED
or
DISABLED
, which are used to enable or disable a certain feature or functionality.
Abbreviated form / Shortened commands
eShell allows you to shorten contexts, commands and arguments (provided the argument is a switch or an alternative option). It is not possible to shorten a prefix or argument that are concrete values such as a number, name or path.
43
44
Examples of the short form: set status enabled
=> set stat en add antivirus common scanner-excludes C:\path\file.ext
=> add ant com scann C:\path\file.ext
In a case where two commands or contexts start with same letters (such as
ABOUT
and
ANTIVIRUS
, and you enter
A
as shortened command), eShell will not be able to decide which command of these two you want to run. An error message will display and list commands starting with "A" which you can choose from: eShell>a
The following command is not unique: a
The following commands are available in this context:
ABOUT - Shows information about program
ANTIVIRUS - Changes to context antivirus
By adding one or more letters (e.g.
AB
instead of just
A
) eShell will execute
ABOUT
command since it is unique now.
NOTE: When you want to be sure that a command executes the way you need, we recommend that you do not abbreviate commands, arguments, etc. and use the full form. This way it will execute exactly as you need and prevent unwanted mistakes. This is especially true for batch files / scripts.
Automatic completion
Is a new feature in eShell since version 2.0. It is very similar to automatic completion in Windows Command Prompt.
While Windows Command Prompt completes file paths, eShell completes command, context and operation names as well. Argument completion is not supported. When typing command simply press TAB key to complete or cycle through available variations. Press SHIFT + TAB to cycle backwards. Mixing abbreviated form and automatic completion is not supported. Use either one or the other. For example, when you type antivir real scan
hitting
TAB key will do nothing. Instead, type antivir
and then TAB to complete antivirus
, continue typing real + TAB and scan + TAB. You can then cycle through all available variations: scan-create, scan-execute, scan-open, etc.
Aliases
An alias is an alternative name which can be used to execute a command (provided that the command has an alias assigned). There are a few default aliases:
(global) close
- exit
(global) quit
- exit
(global) bye
- exit warnlog
- tools log events virlog
- tools log detections antivirus on-demand log
- tools log scans
"(global)" means that the command can be used anywhere regardless of current context. One command can have multiple aliases assigned, for example command
EXIT
has alias
CLOSE
,
QUIT
and
BYE
. When you want to exit eShell, you can use the
EXIT
command itself or any of its aliases. Alias
VIRLOG
is an alias for command
DETECTIONS
which is located in
TOOLS LOG
context. This way the detections command is available from
ROOT
context, making it easier to access (you don't have to enter
TOOLS
and then
LOG
context and run it directly from
ROOT
).
eShell allows you to define your own aliases. Command
ALIAS
can be found in
UI ESHELL
context.
Password protected settings
ESET File Security settings can be protected by a password. You can set
password using GUI
set ui access lock-password
command. You'll then have to enter this password interactively for certain commands (such as those that change settings or modify data). If you plan to work with eShell for a longer period of time and do not want to enter the password repeatedly, you can get eShell to remember the password using set password command. Your password will then be filled-in automatically for each executed command that require password. It is remembered until you exit eShell, this means that you'll need to use set password
again when you start new session and want eShell to remember your password.
Guide / Help
When you run the
GUIDE
or
HELP
command, it will display a "first run" screen explaining how to use eShell. This command is available from the
ROOT
context ( eShell>
).
Command history
eShell keeps history of previously executed commands. This applies only to the current eShell interactive session.
Once you exit eShell, the command history will be dropped. Use the Up and Down arrow keys on your keyboard to navigate through the history. Once you find the command you were looking for, you can execute it again, or modify it without having to type in the entire command from the beginning.
CLS / Clear screen
The
CLS
command can be used to clear screen. It works the same way as it does with Windows Command Prompt or similar command line interfaces.
EXIT / CLOSE / QUIT / BYE
To close or exit eShell, you can use any of these commands (
EXIT
,
CLOSE
,
QUIT
or
BYE
).
7.7.7.2 Commands
This section lists a few basic eShell commands with description as an example.
NOTE: Commands are not case sensitive, you can use upper case (capital) or lower case letters and the command will execute regardless.
Example commands (contained within ROOT context):
ABOUT
Lists information about the program. It shows name of the product installed, version number, installed components
(including version number of each component) and basic information about the server and the operating system that ESET File Security is running on.
CONTEXT PATH: root
PASSWORD
Normally, to execute password-protected commands, you are prompted to type in a password for security reasons.
This applies to commands such as those that disable antivirus protection and those that may affect ESET File Security functionality. You will be prompted for password every time you execute such command. You can define this password in order to avoid entering password every time. It will be remembered by eShell and automatically be used when a password-protected command is executed. This means that you do not have to enter the password every time.
NOTE: Defined password works only for the current eShell interactive session. Once you exit eShell, this defined password will be dropped. When you start eShell again, the password needs to be defined again.
This defined password is also very useful when running batch files / scripts. Here is an example of a such batch file: eshell start batch "&" set password plain <yourpassword> "&" set status disabled
This concatenated command above starts a batch mode, defines password which will be used and disables protection.
CONTEXT PATH: root
SYNTAX:
[get] | restore password set password [plain <password>]
45
46
OPERATIONS: get
- Show password set
- Set or clear password restore
- Clear password
ARGUMENTS: plain
- Switch to enter password as parameter password
- Password
EXAMPLES: set password plain <yourpassword>
- Sets a password which will be used for password-protected commands restore password
- Clears password
EXAMPLES: get password
- Use this to see whether the password is configured or not (this is only shows only stars "*", does not list the password itself), when no stars are visible, it means that there is no password set set password plain <yourpassword>
- Use this to set defined password restore password
- This command clears defined password
STATUS
Shows information about the current protection status of ESET File Security (similar to GUI).
CONTEXT PATH: root
SYNTAX:
[get] | restore status set status disabled | enabled
OPERATIONS: get
- Show antivirus protection status set
- Disable/Enable antivirus protection restore
- Restores default settings
ARGUMENTS: disabled
- Disable antivirus protection enabled
- Enable antivirus protection
EXAMPLES: get status
- Shows current protection status set status disabled
- Disables protection restore status
- Restores protection to default setting (Enabled)
VIRLOG
This is an alias of the
DETECTIONS
command. It is useful when you need to view information about detected infiltrations.
WARNLOG
This is an alias of the
EVENTS
command. It is useful when you need to view information about various events.
7.7.7.3 Batch files / Scripting
You can use eShell as a powerful scripting tool for automation. To use batch file with eShell, create one with an eShell and command in it. For example: eshell get antivirus status
You can also chain commands, which is sometimes necessary, for instance if you want to get type of a particular scheduled task, enter the following: eshell select scheduler task 4 "&" get scheduler action
Selection of item (task number 4 in this case) usually applies only to a currently running instance of eShell. If you were to run these two commands one after the other, the second command would fail with "No task selected or selected task no longer exist" error.
Due the security reasons, the execution policy is set to Limited Scripting by default. This allows you to use eShell as a monitoring tool, but it won't let you to make configuration changes of ESET File Security. Commands that can affect security, such as turning off protection, you will get Access Denied message. To be able to execute these commands that make configuration changes we recommend you to use signed batch files.
If, for some specific reason, you need to be able to change configuration using single command entered manually in
Windows Command Prompt, then you have to grant eShell full access (not recommended). To grant full access, use ui eshell shell-execution-policy
command in Interactive mode of eShell itself, or you can do it via GUI in
Advanced Setup > User interface >
ESET Shell
.
Signed batch files
eShell allows you to secure common batch files (*.bat) with a signature. Scripts are signed with the same password that is used for settings protection. In order to sign a script you need to enable
settings protection
via GUI, or from within eShell using set ui access lock-password
command. Once the settings protection password is setup you can start signing batch files.
To sign a batch file, run sign <script.bat>
from root context of eShell, where script.bat is path to the script you want to sign. Enter and confirm password that will be used for signing. This password must match settings protection password. Signature is placed at the end of the batch file in a form of a comment. In case this script has been previously signed, the signature will be replaced with the new one.
NOTE: When you modify previously signed batch file, it needs to be signed again.
settings protection
password, then you need to sign all scripts again, otherwise the scripts will
fail to execute from the moment you've changed settings protection password. This is because the password entered when signing script must match the settings protection password on the target system.
To execute signed batch file from Windows Command Prompt or as a scheduled task, use following command: eshell run <script.bat>
Where script.bat is path to the batch file. For example eshell run d:\myeshellscript.bat
47
48
7.7.8 ESET SysInspector
ESET SysInspector
is an application that thoroughly inspects your computer and gathers detailed information about
system components such as installed drivers and applications, network connections or important registry entries and assesses the risk level of each component. This information can help determine the cause of suspicious system behavior that may be due to software or hardware incompatibility or malware infection.
The ESET SysInspector window displays the following information about created logs:
Time - The time of log creation.
Comment - A short comment.
User - The name of the user who created the log.
Status - The status of log creation.
The following actions are available:
Open - Opens created log. Also you can do it by right-clicking the created log and then selecting Show from the context menu.
Compare - Compares two existing logs.
Create - Creates a new log. Please wait until the ESET SysInspector log is complete (Status shown as Created).
Delete - Removes selected logs from the list.
After right-clicking one or more selected logs, the following options are available from the context menu:
Show - Opens the selected log in ESET SysInspector (same function as double-clicking a log).
Create - Creates a new log. Please wait until the ESET SysInspector log is complete (Status shown as Created)
Delete all - Deletes all logs.
Export - Exports the log to an .xml file or zipped .xml.
7.7.8.1 Create a computer status snapshot
Enter a short comment describing the log to be created and click the Add button. Please wait until the ESET
SysInspector log is complete (Status of Created). Log creation may take some time depending on your hardware configuration and system data.
7.7.8.2 ESET SysInspector
7.7.8.2.1 Introduction to ESET SysInspector
ESET SysInspector is an application that thoroughly inspects your computer and displays gathered data in a comprehensive way. Information like installed drivers and applications, network connections or important registry entries can help you to investigate suspicious system behavior be it due to software or hardware incompatibility or malware infection.
You can access ESET SysInspector two ways: From the integrated version in ESET Security solutions or by downloading the standalone version (SysInspector.exe) for free from ESET’s website. Both versions are identical in function and have the same program controls. The only difference is how outputs are managed. The standalone and integrated versions each allow you to export system snapshots to an .xml file and save them to disk. However, the integrated version also allows you to store your system snapshots directly in Tools > ESET SysInspector (except ESET
Remote Administrator).
Please allow some time while ESET SysInspector scans your computer. It may take anywhere from 10 seconds up to a few minutes depending on your hardware configuration, operating system and the number of applications installed on your computer.
7.7.8.2.1.1 Starting ESET SysInspector
To start ESET SysInspector, simply run the SysInspector.exe executable you downloaded from ESET's website.
Please wait while the application inspects your system, which could take up to several minutes.
7.7.8.2.2 User Interface and application usage
For clarity the main program window is divided into four major sections – Program Controls located on the top of the main program window, Navigation window to the left, the Description window to the right and the Details window at the bottom of the main program window. The Log Status section lists the basic parameters of a log (filter used, filter type, is the log a result of a comparison etc.).
7.7.8.2.2.1 Program Controls
This section contains the description of all program controls available in ESET SysInspector.
File
By clicking File you can store your current system status for later investigation or open a previously stored log. For publishing purposes we recommend that you generate a log Suitable for sending. In this form, the log omits sensitive information (current user name, computer name, domain name, current user privileges, environment variables, etc.).
NOTE: You may open previously stored ESET SysInspector reports by dragging and dropping them into the main program window.
Tree
Enables you to expand or close all nodes and export selected sections to Service script.
49
50
List
Contains functions for easier navigation within the program and various other functions like finding information online.
Help
Contains information about the application and its functions.
Detail
This setting influences the information displayed in the main program window to make the information easier to work with. In "Basic" mode, you have access to information used to find solutions for common problems in your system. In the "Medium" mode, the program displays less used details. In "Full" mode, ESET SysInspector displays all the information needed to solve very specific problems.
Filtering
Item filtering is best used to find suspicious files or registry entries in your system. By adjusting the slider, you can filter items by their Risk Level. If the slider is set all the way to the left (Risk Level 1), then all items are displayed. By moving the slider to the right, the program filters out all items less risky than current risk level and only display items which are more suspicious than the displayed level. With the slider all the way to the right, the program displays only known harmful items.
All items labeled as risk 6 to 9 can pose a security risk. If you are not using a security solution from ESET, we recommend that you scan your system with
ESET Online Scanner
if ESET SysInspector has found any such item. ESET
Online Scanner is a free service.
NOTE: The Risk level of an item can be quickly determined by comparing the color of the item with the color on the
Risk Level slider.
Compare
When comparing two logs, you can choose to display all items, display only added items, display only removed items or to display only replaced items.
Find
Search can be used to quickly find a specific item by its name or part of its name. The results of the search request are displayed in the Description window.
Return
By clicking the back or forward arrows, you can return to previously displayed information in the Description window. You can use the backspace and space keys instead of clicking back and forward.
Status section
Displays the current node in Navigation window.
Important: Items highlighted in red are unknown, which is why the program marks them as potentially dangerous. If an item is in red, it does not automatically mean that you can delete the file. Before deleting, please make sure that files are really dangerous or unnecessary.
7.7.8.2.2.2 Navigating in ESET SysInspector
ESET SysInspector divides various types of information into several basic sections called nodes. If available, you may find additional details by expanding each node into its subnodes. To open or collapse a node, double-click the name of the node or click or next to the name of the node. As you browse through the tree structure of nodes and subnodes in the Navigation window you may find various details for each node shown in the Description window. If you browse through items in the Description window, additional details for each item may be displayed in the
Details window.
The following are the descriptions of the main nodes in the Navigation window and related information in the
Description and Details windows.
Running processes
This node contains information about applications and processes running at the time of generating the log. In the
Description window you may find additional details for each process such as dynamic libraries used by the process and their location in the system, the name of the application's vendor and the risk level of the file.
The Detail window contains additional information for items selected in the Description window such as the file size or its hash.
NOTE: An operating system is comprised of several important kernel components running constantly that provide basic and vital functions for other user applications. In certain cases, such processes are displayed in the tool ESET
SysInspector with file path beginning with \??\. Those symbols provide pre-launch optimization for those processes; they are safe for the system.
Network Connections
The Description window contains a list of processes and applications communicating over the network using the protocol selected in the Navigation window (TCP or UDP) along with the remote address where to which the application is connected to. You can also check the IP addresses of DNS servers.
The Detail window contains additional information for items selected in the Description window such as the file size or its hash.
Important Registry Entries
Contains a list of selected registry entries which are often related to various problems with your system like those specifying startup programs, browser helper objects (BHO), etc.
In the Description window you may find which files are related to specific registry entries. You may see additional details in the Details window.
Services
The Description window Contains a list of files registered as windows Services. You may check the way the service is set to start along with specific details of the file in the Details window.
Drivers
A list of drivers installed in the system.
Critical Files
The Description window displays content of critical files related to the Microsoft windows operating system.
System Scheduler Tasks
Contains a list of tasks triggered by Windows Task Scheduler at a specified time/interval.
System Information
Contains detailed information about hardware and software along with information about set environmental variables, user rights and system event logs.
51
52
File Details
A list of important system files and files in the Program Files folder. Additional information specific for the files can be found in the Description and Details windows.
About
Information about version of ESET SysInspector and the list of program modules.
Key shortcuts that can be used when working with the ESET SysInspector include:
File
Ctrl+O
Ctrl+S opens existing log saves created logs
Generate
Ctrl+G
Ctrl+H generates a standard computer status snapshot generates a computer status snapshot that may also log sensitive information
Item Filtering
1, O
2
3
4, U
5
8
9
6
7, B
-
+
Ctrl+9
Ctrl+0 fine, risk level 1-9 items are displayed fine, risk level 2-9 items are displayed fine, risk level 3-9 items are displayed unknown, risk level 4-9 items are displayed unknown, risk level 5-9 items are displayed unknown, risk level 6-9 items are displayed risky, risk level 7-9 items are displayed risky, risk level 8-9 items are displayed risky, risk level 9 items are displayed decreases risk level increases risk level filtering mode, equal level or higher filtering mode, equal level only
View
Ctrl+5
Ctrl+6
Ctrl+7 view by vendor, all vendors view by vendor, only Microsoft view by vendor, all other vendors
Ctrl+3
Ctrl+2 displays full detail displays medium detail
Ctrl+1 basic display
BackSpace moves one step back
Space
Ctrl+W
Ctrl+Q moves one step forward expands tree collapses tree
Other controls
Ctrl+T
Ctrl+P
Ctrl+A
Ctrl+C
Ctrl+X
Ctrl+B
Ctrl+L
Ctrl+R
Ctrl+Z
Ctrl+F goes to the original location of item after selecting in search results displays basic information about an item displays full information about an item copies the current item's tree copies items finds information about selected files on the Internet opens the folder where the selected file is located opens the corresponding entry in the registry editor copies a path to a file (if the item is related to a file) switches to the search field
Ctrl+D
Ctrl+E
Comparing
Ctrl+Alt+O
Ctrl+Alt+R
Ctrl+Alt+1
Ctrl+Alt+2
Ctrl+Alt+3
Ctrl+Alt+4
Ctrl+Alt+5
Ctrl+Alt+C
Ctrl+Alt+N
Ctrl+Alt+P closes search results run service script opens original / comparative log cancels comparison displays all items displays only added items, log will show items present in current log displays only removed items, log will show items present in previous log displays only replaced items (files inclusive) displays only differences between logs displays comparison displays current log opens previous log
Miscellaneous
F1
Alt+F4
Alt+Shift+F4
Ctrl+I view help close program close program without asking log statistics
7.7.8.2.2.3 Compare
The Compare feature allows the user to compare two existing logs. The outcome of this feature is a set of items not common to both logs. It is suitable if you want to keep track of changes in the system, a helpful tool for detecting malicious code.
After it is launched, the application creates a new log which is displayed in a new window. Click File > Save log to save a log to a file. Log files can be opened and viewed at a later time. To open an existing log, click File > Open log.
In the main program window, ESET SysInspector always displays one log at a time.
The benefit of comparing two logs is that you can view a currently active log and a log saved in a file. To compare logs, click File > Compare log and choose Select file. The selected log will be compared to the active one in the main program windows. The comparative log will display only the differences between those two logs.
NOTE: If you compare two log files, click File > Save log to save it as a ZIP file; both files will be saved. If you open this file later, the contained logs are automatically compared.
Next to the displayed items, ESET SysInspector shows symbols identifying differences between the compared logs.
Description of all symbols that can be displayed next to items:
new value, not present in the previous log
tree structure section contains new values
removed value, present in the previous log only
tree structure section contains removed values
value / file has been changed
tree structure section contains modified values / files
the risk level has decreased / it was higher in the previous log
the risk level has increased / it was lower in the previous log
The explanation section displayed in the left bottom corner describes all symbols and also displays the names of logs which are being compared.
53
54
Any comparative log can be saved to a file and opened at a later time.
Example
Generate and save a log, recording original information about the system, to a file named previous.xml. After changes to the system have been made, open ESET SysInspector and allow it to generate a new log. Save it to a file named current.xml.
In order to track changes between those two logs, click File > Compare logs. The program will create a comparative log showing differences between the logs.
The same result can be achieved if you use the following command line option:
SysIsnpector.exe current.xml previous.xml
7.7.8.2.3 Command line parameters
ESET SysInspector supports generating reports from the command line using these parameters:
/gen
/privacy
/zip
/silent
/blank
generate log directly from the command line without running GUI generate log with sensitive information omitted save outcome log in compressed zip archive suppress progress window when generating log from the command line launch ESET SysInspector without generating/loading log
Examples
Usage:
Sysinspector.exe [load.xml] [/gen=save.xml] [/privacy] [/zip] [compareto.xml]
To load specific log directly into the browser, use: SysInspector.exe .\clientlog.xml
To generate log from the command line, use: SysInspector.exe /gen=.\mynewlog.xml
To generate log excluding sensitive information directly in a compressed file, use: SysInspector.exe /gen=.
\mynewlog.zip /privacy /zip
To compare two log files and browse differences, use: SysInspector.exe new.xml old.xml
NOTE: If the name of the file/folder contains a gap, then should be taken into inverted commas.
7.7.8.2.4 Service Script
Service script is a tool that provides help to customers that use ESET SysInspector by easily removing unwanted objects from the system.
Service script enables the user to export the entire ESET SysInspector log, or its selected parts. After exporting, you can mark unwanted objects for deletion. You can then run the modified log to delete marked objects.
Service Script is suited for advanced users with previous experience in diagnosing system issues. Unqualified modifications may lead to operating system damage.
Example
If you suspect that your computer is infected by a virus which is not detected by your antivirus program, follow the step-by-step instructions below:
1. Run ESET SysInspector to generate a new system snapshot.
2. Select the first item in the section on the left (in the tree structure), press Shift and select the last item to mark all items.
3. Right click the selected objects and select Export Selected Sections To Service Script.
4. The selected objects will be exported to a new log.
5. This is the most crucial step of the entire procedure: open the new log and change the – attribute to + for all objects you want to remove. Please make sure you do not mark any important operating system files/objects.
6. Open ESET SysInspector, click File > Run Service Script and enter the path to your script.
7. Click OK to run the script.
7.7.8.2.4.1 Generating Service script
To generate a script, right-click any item from the menu tree (in the left pane) in the ESET SysInspector main window. From the context menu, select either Export All Sections To Service Script or Export Selected Sections To
Service Script.
NOTE: It is not possible to export the service script when two logs are being compared.
7.7.8.2.4.2 Structure of the Service script
In the first line of the script’s header, you can find information about the Engine version (ev), GUI version (gv) and the Log version (lv). You can use this data to track possible changes in the .xml file that generates the script and prevent any inconsistencies during execution. This part of the script should not be altered.
The remainder of the file is divided into sections in which items can be edited (denote those that will be processed by the script). You mark items for processing by replacing the “-” character in front of an item with a “+” character.
Sections in the script are separated from each other by an empty line. Each section has a number and title.
01) Running processes
This section contains a list of all processes running in the system. Each process is identified by its UNC path and, subsequently, its CRC16 hash code in asterisks (*).
Example:
01) Running processes:
- \SystemRoot\System32\smss.exe *4725*
- C:\Windows\system32\svchost.exe *FD08*
+ C:\Windows\system32\module32.exe *CF8A*
[...]
In this example a process, module32.exe, was selected (marked by a “+” character); the process will end upon execution of the script.
02) Loaded modules
This section lists currently used system modules.
55
56
Example:
02) Loaded modules:
- c:\windows\system32\svchost.exe
- c:\windows\system32\kernel32.dll
+ c:\windows\system32\khbekhb.dll
- c:\windows\system32\advapi32.dll
[...]
In this example the module khbekhb.dll was marked by a “+”. When the script runs, it will recognize the processes using that specific module and end them.
03) TCP connections
This section contains information about existing TCP connections.
Example:
03) TCP connections:
- Active connection: 127.0.0.1:30606 -> 127.0.0.1:55320, owner: ekrn.exe
- Active connection: 127.0.0.1:50007 -> 127.0.0.1:50006,
- Active connection: 127.0.0.1:55320 -> 127.0.0.1:30606, owner: OUTLOOK.EXE
- Listening on *, port 135 (epmap), owner: svchost.exe
+ Listening on *, port 2401, owner: fservice.exe Listening on *, port 445 (microsoft-ds), owner:
System
[...]
When the script runs, it will locate the owner of the socket in the marked TCP connections and stop the socket, freeing system resources.
04) UDP endpoints
This section contains information about existing UDP endpoints.
Example:
04) UDP endpoints:
- 0.0.0.0, port 123 (ntp)
+ 0.0.0.0, port 3702
- 0.0.0.0, port 4500 (ipsec-msft)
- 0.0.0.0, port 500 (isakmp)
[...]
When the script runs, it will isolate the owner of the socket at the marked UDP endpoints and stop the socket.
05) DNS server entries
This section contains information about the current DNS server configuration.
Example:
05) DNS server entries:
+ 204.74.105.85
- 172.16.152.2
[...]
Marked DNS server entries will be removed when you run the script.
06) Important registry entries
This section contains information about important registry entries.
Example:
06) Important registry entries:
* Category: Standard Autostart (3 items)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HotKeysCmds = C:\Windows\system32\hkcmd.exe
- IgfxTray = C:\Windows\system32\igfxtray.exe
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Google Update = “C:\Users\antoniak\AppData\Local\Google\Update\GoogleUpdate.exe” /c
* Category: Internet Explorer (7 items)
HKLM\Software\Microsoft\Internet Explorer\Main
+ Default_Page_URL = http://thatcrack.com/
[...]
The marked entries will be deleted, reduced to 0-byte values or reset to their default values upon script execution.
The action to be applied to a particular entry depends on the entry category and key value in the specific registry.
07) Services
This section lists services registered within the system.
Example:
07) Services:
- Name: Andrea ADI Filters Service, exe path: c:\windows\system32\aeadisrv.exe, state: Running, startup: Automatic
- Name: Application Experience Service, exe path: c:\windows\system32\aelupsvc.dll, state: Running, startup: Automatic
- Name: Application Layer Gateway Service, exe path: c:\windows\system32\alg.exe, state: Stopped, startup: Manual
[...]
The services marked and their dependent services will be stopped and uninstalled when the script is executed.
08) Drivers
This section lists installed drivers.
Example:
08) Drivers:
- Name: Microsoft ACPI Driver, exe path: c:\windows\system32\drivers\acpi.sys, state: Running, startup: Boot
- Name: ADI UAA Function Driver for High Definition Audio Service, exe path: c:\windows\system32
\drivers\adihdaud.sys, state: Running, startup: Manual
[...]
When you execute the script, the drivers selected will be stopped. Note that some drivers won't allow themselves to be stopped.
09) Critical files
This section contains information about files that are critical to proper function of the operating system.
57
58
Example:
09) Critical files:
* File: win.ini
- [fonts]
- [extensions]
- [files]
- MAPI=1
[...]
* File: system.ini
- [386Enh]
- woafont=dosapp.fon
- EGA80WOA.FON=EGA80WOA.FON
[...]
* File: hosts
- 127.0.0.1 localhost
- ::1 localhost
[...]
The selected items will either be deleted or reset to their original values.
7.7.8.2.4.3 Executing Service scripts
Mark all desired items, then save and close the script. Run the edited script directly from the ESET SysInspector main window by selecting the Run Service Script option from the File menu. When you open a script, the program will prompt you with the following message: Are you sure you want to run the service script “%Scriptname%”? After you confirm your selection, another warning may appear, informing you that the service script you are trying to run has not been signed. Click Run to start the script.
A dialog window will confirm that the script was successfully executed.
If the script could only be partially processed, a dialog window with the following message will appear: The service
script was run partially. Do you want to view the error report? Select Yes to view a complex error report listing the operations that were not executed.
If the script was not recognized, a dialog window with the following message will appear: The selected service script
is not signed. Running unsigned and unknown scripts may seriously harm your computer data. Are you sure you
want to run the script and carry out the actions? This may be caused by inconsistencies within the script (damaged heading, corrupted section title, empty line missing between sections etc.). You can either reopen the script file and correct the errors within the script or create a new service script.
7.7.8.2.5 FAQ
Does ESET SysInspector require Administrator privileges to run?
While ESET SysInspector does not require Administrator privileges to run, some of the information it collects can only be accessed from an Administrator account. Running it as a Standard User or a Restricted User will result in it collecting less information about your operating environment.
Does ESET SysInspector create a log file?
ESET SysInspector can create a log file of your computer's configuration. To save one, click File > Save Log in the main program window. Logs are saved in XML format. By default, files are saved to the %USERPROFILE%\My Documents\ directory, with a file naming convention of "SysInpsector-%COMPUTERNAME%-YYMMDD-HHMM.XML". You may change the location and name of the log file to something else before saving if you prefer.
How do I view the ESET SysInspector log file?
To view a log file created by ESET SysInspector, run the program and click File > Open Log in the main program window. You can also drag and drop log files onto the ESET SysInspector application. If you need to frequently view
ESET SysInspector log files, we recommend creating a shortcut to the SYSINSPECTOR.EXE file on your Desktop; you can then drag and drop log files onto it for viewing. For security reasons Windows Vista/7 may not allow drag and drop between windows that have different security permissions.
Is a specification available for the log file format? What about an SDK?
At the current time, neither a specification for the log file or an SDK are available since the program is still in development. After the program has been released, we may provide these based on customer feedback and demand.
How does ESET SysInspector evaluate the risk posed by a particular object?
In most cases, ESET SysInspector assigns risk levels to objects (files, processes, registry keys and so forth) using a series of heuristic rules that examine the characteristics of each object and then weight the potential for malicious activity. Based on these heuristics, objects are assigned a risk level from 1 - Fine (green) to 9 - Risky (red) . In the left navigation pane, sections are colored based on the highest risk level of an object inside them.
Does a risk level of "6 - Unknown (red)" mean an object is dangerous?
ESET SysInspector's assessments do not guarantee that an object is malicious – that determination should be made by a security expert. What ESET SysInspector is designed for is to provide a quick assessment for security experts so that they know what objects on a system they may want to further examine for unusual behavior.
Why does ESET SysInspector connect to the Internet when run?
Like many applications, ESET SysInspector is signed with a digital signature "certificate" to help ensure the software was published by ESET and has not been altered. In order to verify the certificate, the operating system contacts a certificate authority to verify the identity of the software publisher. This is normal behavior for all digitally-signed programs under Microsoft Windows.
What is Anti-Stealth technology?
Anti-Stealth technology provides effective rootkit detection.
If the system is attacked by malicious code that behaves as a rootkit, the user may be exposed to data loss or theft.
Without a special anti-rootkit tool, it is almost impossible to detect rootkits.
Why are there sometimes files marked as "Signed by MS", having a different "Company Name" entry at the same time?
When trying to identify the digital signature of an executable, ESET SysInspector first checks for a digital signature embedded in the file. If a digital signature is found, the file will be validated using that information. If a digital signature is not found, the ESI starts looking for the corresponding CAT file (Security Catalog - %systemroot%
\system32\catroot) that contains information about the executable file processed. If the relevant CAT file is found, the digital signature of that CAT file will be applied in the validation process of the executable.
This is why there are sometimes files marked as "Signed by MS", but having a different "CompanyName" entry.
Example:
Windows 2000 includes the HyperTerminal application located in C:\Program Files\Windows NT. The main application executable file is not digitally signed, but ESET SysInspector marks it as a file signed by Microsoft. The reason for this is a reference in C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp4.cat pointing to C:\Program Files\Windows NT\hypertrm.exe (the main executable of the HyperTerminal application) and sp4.cat is digitally signed by Microsoft.
7.7.9 ESET SysRescue Live
ESET SysRescue Live is a utility that enables you to create a bootable disk containing one of the ESET Security solutions - ESET NOD32 Antivirus, ESET Smart Security or certain server-oriented products. The main advantage of
ESET SysRescue Live is the fact that the ESET Security solution runs independent of the host operating system but has direct access to the disk and file system. This makes it possible to remove infiltrations which normally could not be deleted, for example, when the operating system is running, etc.
59
7.7.10 Scheduler
Scheduler manages and launches scheduled tasks with predefined configurations and properties. The configuration and properties contain information such as the date and time as well as profiles to be used during the execution of a task.
The Scheduler can be accessed from the ESET File Security main program window by clicking Tools > Scheduler. The
Scheduler contains a list of all scheduled tasks and configuration properties such as the predefined date, time and scanning profile used.
The Scheduler serves to schedule the following tasks: virus signature database update, scanning task, system startup file check and log maintenance. You can add or delete tasks directly from the main Scheduler window (click
Add task or Delete). Right-click anywhere in the Scheduler window to perform the following actions: display detailed information, perform the task immediately, add a new task, or delete an existing task. Use the check boxes at the beginning of each entry to activate/deactivate the tasks.
By default, the following scheduled tasks are displayed in Scheduler:
Log maintenance
Regular automatic update
Automatic update after dial-up connection
Automatic update after user logon
Automatic startup file check (after user logon)
Automatic startup file check (after successful update of the virus signature database)
Automatic first scan
To edit the configuration of an existing scheduled task (both default and user-defined), right-click the task and click
Edit or select the task you want to modify and click Edit.
60
Add a new task
1. Click Add task at the bottom of the window.
2. Enter a name for the task.
3. Select the desired task from the pull-down menu:
Run external application - Schedules the execution of an external application.
Log maintenance - Log files also contains leftovers from deleted records. This task optimizes records in log files on a regular basis to work effectively.
System startup file check - Checks files that are allowed to run at system startup or logon.
Create a computer scan - Creates an
ESET SysInspector
computer snapshot - gathers detailed information about system components (for example, drivers, applications) and assesses the risk level of each component.
On-demand computer scan - Performs a computer scan of files and folders on your computer.
First-scan - By default, 20 minutes after installation or reboot a Computer scan will be performed as a low priority task.
Update - Schedules an Update task by updating the virus signature database and program modules.
4. Click the Enabled switch if you want to activate the task (you can do this later by selecting/deselecting check box in the list of scheduled tasks), click Next and select one of the timing options:
Once - The task will be performed at the predefined date and time.
Repeatedly - The task will be performed at the specified time interval.
Daily - The task will run repeatedly each day at the specified time.
Weekly - The task will be run on the selected day and time.
Event triggered - The task will be performed on a specified event.
5. Select Skip task when running on battery power to minimize system resources while a laptop is running on battery power. The task will be run on the specified date and time in Task execution fields. If the task could not be run at the predefined time, you can specify when it will be performed again:
At the next scheduled time
As soon as possible
Immediately, if the time since the last run exceeds a specified value (the interval can be defined using the Time
since last run scroll box)
Right-click a task and click Show task details from the context menu to view information about the task.
61
7.7.11 Submit samples for analysis
The sample submission dialog enables you to send a file or a site to ESET for analysis and can be found in Tools >
Submit sample for analysis. If you find a suspiciously behaving file on your computer or suspicious site on the
Internet, you can submit it to the ESET Virus Lab for analysis. If the file turns out to be a malicious application or website, its detection will be added to an upcoming update.
Alternatively, you can submit the file by email. To do so, compress the file(s) using a program like WinRAR or
WinZip, protect the archive with the password "infected" and send it to
[email protected]
. Please remember to use a descriptive subject and enclose as much information about the file as possible (for example, the website you downloaded it from).
62
NOTE: Before submitting a sample to ESET, make sure it meets one or more of the following criteria: the file or website is not detected at all the file or website is incorrectly detected as a threat
You will not receive a response unless further information is required for analysis.
Select the description from the Reason for submitting the sample drop-down menu that best fits your message:
Suspicious file
Suspicious site (a website that is infected by any malware)
False positive file (file that is detected as an infection but are not infected)
False positive site
Other
File/Site - The path to the file or website you intend to submit.
Contact email - This contact email is sent along with suspicious files to ESET, and may be used to contact you if further information is required for analysis. Entering a contact email is optional. You will not get a response from
ESET unless more information is required; since each day our servers receive tens of thousands of files, making it impossible to reply to all submissions.
7.7.11.1 Suspicious file
Observed signs and symptoms of malware infection - Enter a description of the suspicious file behavior observed on your computer.
File origin (URL address or vendor) - Please enter the file origin (source) and how you encountered this file.
Notes and additional information - Here you can enter additional info or a description that will help with the process of identifying the suspicious file.
Note: The first parameter - Observed signs and symptoms of malware infection - is required, but providing additional information will significantly help our laboratories with the identification process of samples.
7.7.11.2 Suspicious site
Please select one of the following from the What's wrong with the site drop-down menu:
Infected - A website that contains viruses or other malware distributed by various methods.
Phishing - Often used to gain access to sensitive data such as bank account numbers, PIN numbers and more.
Read more about this type of attack in the glossary.
Scam - A swindle or a fraudulent website.
Select Other if the aforementioned options do not refer the site you are going to submit.
Notes and additional information - Here you can enter additional info or a description that will help while analyzing the suspicious website.
7.7.11.3 False positive file
We request that you submit files that are detected as an infection but are not infected to improve our antivirus and antispyware engine and help others to be protected. False positives (FP) may occur when a pattern of a file matches the same pattern contained in a virus signature database.
Application name and version - Program title and its version (for example number, alias or code name).
File origin (URL address or vendor) - Please enter a file origin (source) and note how you encountered this file.
Application's purpose - The general application description, type of application (e.g. browser, media player, ...) and its functionality.
Notes and additional information - Here you can add additional information or descriptions that will help while processing the suspicious file.
Note: The first three parameters are required to identify legitimate applications and distinguish them from malicious code. By providing additional information, you will help our laboratories significantly in the identification process and in the processing of samples.
7.7.11.4 False positive site
We encourage you to submit sites that are detected as an infected, scam or phishing sites but are not. False positives (FP) may occur when a pattern of a file matches the same pattern contained in a virus signature database.
Please provide this website to improve our antivirus and anti-phishing engine and help others to be protected.
Notes and additional information - Here you can add additional information or descriptions that will help while processing the suspicious file.
63
7.7.11.5 Other
Use this form if the file cannot be categorized as a Suspicious file or as a False positive.
Reason for submitting the file - Please enter a detailed description and the reason for sending the file.
7.7.12 Quarantine
The main function of the quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, if it is not safe or advisable to delete them or if they are being falsely detected by ESET File Security.
You can choose to quarantine any file. This is advisable if a file behaves suspiciously but is not detected by the antivirus scanner. Quarantined files can be submitted for analysis to the ESET Virus Lab.
Files stored in the quarantine folder can be viewed in a table that displays the date and time of quarantine, the path to the original location of the infected file, its size in bytes, reason (for example, object added by user), and number of threats (for example, if it is an archive containing multiple infiltrations).
Quarantining files
ESET File Security automatically quarantines deleted files (if you have not disabled this option in the alert window).
If desired, you can quarantine any suspicious file manually by clicking Quarantine. Quarantined files will be removed from their original location. The context menu can also be used for this purpose; right-click in the
Quarantine window and select Quarantine.
64
Restoring from Quarantine
Quarantined files can also be restored to their original location. Use the Restore feature, available from the context menu by right-clicking a given file in the Quarantine window, to do so. If a file is marked as a potentially unwanted application, the Restore and exclude from scanning option will be available. Read more about this type of application in the
glossary
. The context menu also offers the Restore to... option which allows you to restore a file to a location other than the one from which it was deleted.
NOTE: If the program quarantines a harmless file by mistake, please
exclude the file from scanning
and send the file to ESET Customer Care.
Submitting a file from the Quarantine
If you have quarantined a suspicious file that was not detected by the program, or if a file was determined to be infected incorrectly (for example, by heuristic analysis of the code) and subsequently quarantined, please send the file to the ESET Virus Lab. To submit a file from quarantine, right-click the file and select Submit for analysis from the context menu.
7.8 Help and support
ESET File Security contains troubleshooting tools and support information that will assist you in solving issues that you may encounter.
Help
Search ESET Knowledgebase - The
ESET Knowledgebase
contains answers to the most frequently asked questions as well as recommended solutions for various issues. Regularly updated by ESET technical specialists, the
Knowledgebase is the most powerful tool for resolving various types of problems.
Open help - Click this link to launch the ESET File Security help pages.
Find quick solution - Select this to find solutions to the most frequently encountered problems. We recommend that you read this section before contacting technical support.
Customer Care
Submit support request - If you could not find an answer to your problem, you can also use this form located on the ESET website to quickly contact our Customer Care department.
Support Tools
Threat encyclopedia - Links to the ESET Threat Encyclopedia, which contains information about the dangers and symptoms of different types of infiltration.
Virus signature database history - Links to ESET Virus radar, which contains information about versions of the ESET
Virus signature database.
Specialized cleaner - This cleaner automatically identifies and removes common malware infections, for more information please visit this
ESET Knowledgebase
article.
Product and License information
About ESET File Security - Displays information about your copy of
ESET File Security
Manage license
- Click to launch the Product activation window. Select one of the available methods to activate
How to activate ESET File Security
7.8.1 How to
This chapter covers some of the most frequently asked questions and problems encountered. Click the topic title to find out how to solve your problem:
How to update ESET File Security
How to activate ESET File Security
How to schedule a scan task (every 24 hours)
How to remove a virus from my server
How Automatic exclusions work
65
66
If your problem is not included in the help pages list above, try searching by keyword or phrase describing your problem and search within the ESET File Security Help Pages.
If you cannot find the solution to your problem/question within the Help Pages, you can try our regularly updated online
Knowledgebase
.
If necessary, you can directly contact our online technical support center with your questions or problems. The contact form can be found in the Help and Support tab of your ESET program.
7.8.1.1 How to update ESET File Security
Updating ESET File Security can be performed either manually or automatically. To trigger the update, click Update
virus signature database. You will find this in the Update section of the program.
The default installation settings create an automatic update task which is performed on an hourly basis. If you need to change the interval, navigate to the Scheduler (for more information on Scheduler,
click here
7.8.1.2 How to activate ESET File Security
After installation is complete, you will be prompted to activate your product.
There are several methods for activating your product. Availability of a particular activation scenario in the activation window may vary depending on the country, as well as the means of distribution (CD/DVD, ESET web page, etc.).
To activate your copy of ESET File Security directly from the program, click the system tray icon and select
Activate product license from the menu. You can also activate your product from the main menu under Help and
support > Activate License or Protection status > Activate product license.
You can use any of the following methods to activate ESET File Security:
License Key - A unique string in the format XXXX-XXXX-XXXX-XXXX-XXXX which is used for identification of the the license owner and for activation of the license.
Security Admin account - An account created on the
ESET License Administrator portal
with credentials (email address + password). This method allows you to manage multiple licenses from one location.
Offline License file - An automatically generated file that will be transferred to the ESET product to provide license information. Your offline License file is generated from the license portal and is used in environments where the application cannot connect to the licensing authority.
Click Activate later with ESET Remote Administrator if your computer is a member of a managed network, and your administrator will perform remote activation via ESET Remote Administrator.You can also use this option if you want to activate this client at a later time.
Click Help and support > Manage license in the main program window to manage your license information at any time. You will see the public license ID used to identify your product by ESET and for license identification. Your
Username, under which the computer is registered with licensing system, is stored in the About section, which you can view by right-clicking the system tray icon .
NOTE: ESET Remote Administrator is able to activate client computers silently using licenses made available by the administrator.
7.8.1.3 How to create a new task in Scheduler
To create a new task in Tools > Scheduler, click Add task or right-click and select Add from the context menu. Five types of scheduled tasks are available:
Run external application - Schedules the execution of an external application.
Log maintenance - Log files also contain leftovers from deleted records. This task optimizes records in log files on a regular basis to work effectively.
System startup file check - Checks files that are allowed to run at system startup or logon.
Create a computer status snapshot - Creates an
ESET SysInspector
computer snapshot - gathers detailed
information about system components (for example, drivers, applications) and assesses the risk level of each component.
On-demand computer scan - Performs a computer scan of files and folders on your computer.
First scan - By default, 20 minutes after installation or reboot a Computer scan will be performed as a low priority task.
Update - Schedules an Update task by updating the virus signature database and program modules.
Since Update is one of the most frequently used scheduled tasks, we will explain how to add a new update task below:
From the Scheduled task drop-down menu, select Update. Enter the name of the task into the Task name field and click Next. Select the frequency of the task. The following options are available: Once, Repeatedly, Daily, Weekly and Event triggered. Select Skip task when running on battery power to minimize system resources while a laptop is running on battery power. The task will be run on the specified date and time in Task execution fields. Next, define the action to take if the task cannot be performed or completed at the scheduled time. The following options are available:
At the next scheduled time
As soon as possible
Immediately, if time since last exceeds a specified value (the interval can be defined using the Time since last run scroll box)
In the next step, a summary window with information about the current scheduled task is displayed. Click Finish when you are finished making changes.
A dialog window will appear, allowing you to select the profiles to be used for the scheduled task. Here you can set the primary and alternative profile. The alternative profile is used if the task cannot be completed using the primary profile. Confirm by clicking Finish and the new scheduled task will be added to the list of currently scheduled tasks.
7.8.1.4 How to schedule a scan task (every 24 hours)
To schedule a regular task, go to ESET File Security > Tools > Scheduler. Below, you can find a short guide on how to schedule a task that will scan your local drives every 24 hours.
To schedule a scan task:
1. Click Add in the main Scheduler screen.
2. Select Computer scan from the drop-down menu.
3. Enter a name for the task and select Repeatedly.
4. Choose to run the task every 24 hours (1440 minutes).
5. Select an action to perform if the scheduled task execution fails for any reason.
6. Review the summary of the scheduled task and click Finish.
7. From the Targets drop-down menu, select Local drives.
8. Click Finish to apply the task.
67
68
7.8.1.5 How to remove a virus from your server
If your computer is showing symptoms of malware infection, for example, it is slower or often freezes, we recommend that you do the following:
1. From the main ESET File Security window, click Computer scan.
2. Click Smart scan to begin scanning your system.
3. After the scan has finished, review the log with the number of scanned, infected and cleaned files.
4. If you want to only scan a certain part of your disk, choose Custom scan and select targets to be scanned for viruses.
7.8.2 Submit support request
In order to provide assistance as quickly and accurate as possible, ESET requires information about your ESET File
Security configuration, detailed system system information and running processes (
ESET SysInspector log file
registry data. ESET will only use this data to provide technical assistance to the customer.
When you submit the web form, your system configuration data will be submitted to ESET. Select Always submit
this information if you want to remember this action for this process. To submit the form without sending any data click Don't submit data and you can contact ESET customer care using the online support form.
This setting can also be configured in Advanced setup > Tools > Diagnostics > Customer Care.
NOTE: If you have decided to submit system data it is needed to fill and submit the web form, otherwise your ticket will not be created and your system data will be lost.
7.8.3 ESET Specialized Cleaner
The ESET Specialized cleaner is a removal tool for common malware infections such as Conficker, Sirefef or Necurs.
For more information please visit this
ESET Knowledgebase
article.
7.8.4 About ESET File Security
This window provides details about installed version of ESET File Security and the list of installed program modules.
The top part of the window contains information about your operating system and system resources.
You can copy information about modules (Installed components) to the clipboard by clicking Copy. This may be useful during troubleshooting or when contacting Technical Support.
7.8.5 Product activation
After installation is complete, you will be prompted to activate your product.
There are several methods for activating your product. Availability of a particular activation scenario in the activation window may vary depending on the country, as well as the means of distribution (CD/DVD, ESET web page, etc.).
To activate your copy of ESET File Security directly from the program, click the system tray icon and select
Activate product license from the menu. You can also activate your product from the main menu under Help and
support > Activate License or Protection status > Activate product license.
You can use any of the following methods to activate ESET File Security:
License Key - A unique string in the format XXXX-XXXX-XXXX-XXXX-XXXX which is used for identification of the the license owner and for activation of the license.
Security Admin account - An account created on the
ESET License Administrator portal
with credentials (email address + password). This method allows you to manage multiple licenses from one location.
Offline License file - An automatically generated file that will be transferred to the ESET product to provide license information. Your offline License file is generated from the license portal and is used in environments where the application cannot connect to the licensing authority.
69
70
Click Activate later with ESET Remote Administrator if your computer is a member of a managed network, and your administrator will perform remote activation via ESET Remote Administrator.You can also use this option if you want to activate this client at a later time.
Click Help and support > Manage license in the main program window to manage your license information at any time. You will see the public license ID used to identify your product by ESET and for license identification. Your
Username, under which the computer is registered with licensing system, is stored in the About section, which you can view by right-clicking the system tray icon .
NOTE: ESET Remote Administrator is able to activate client computers silently using licenses made available by the administrator.
7.8.5.1 Registration
Please register your license by completing the fields contained in the registration form and clicking Continue. The fields marked as required in brackets are mandatory. This information will only be used for matters involving your
ESET License.
7.8.5.2 Security Admin activation
The Security Admin account is an account created on the license portal with your email address and password, which is able to see all seat authorizations. A Security Admin account allows you to manage multiple licenses. If you do not have a Security Admin account, click Create account and you will be redirected to the ESET License Administrator web page where you can register with your credentials.
If you have forgotten your password click Forgotten password? and you will be redirected to the ESET Business portal. Enter your email address and click Submit to confirm. After that you will obtain a message with instructions to reset your password.
Note: For more information about using ESET License Administrator, see the
ESET License Administrator
User Guide.
7.8.5.3 Activation failure
Activation of ESET File Security was not successful. Make sure you have entered the proper License Key or attached an Offline License. If you have a different Offline License, please enter it again. To check the license key you entered, click recheck the License Key or click purchase a new license and you will be redirected to our webpage where you can buy a new license.
7.8.5.4 License
If you choose the Security Admin activation option, you will be prompted to select a license associated with your account that will be used for ESET File Security. Click Activate to continue.
7.8.5.5 Activation progress
ESET File Security is now activating, please be patient. This may take a few moments.
7.8.5.6 Activation successful
Activation was successful and ESET File Security is now activated. From now on, ESET File Security will receive regular updates to identify the latest threats and keep your computer safe. Click Done to finish product activation.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project