Work With Eset Smart Security; Antivirus Protection; Real-Time File System Protection; Control Setup - ESET SMART SECURITY User Manual

4. Work with ESET Smart Security

4.1 Antivirus and antispyware protection
Antivirus protection guards against malicious system attacks by
controlling file, email and Internet communication. If a threat with
malicious code is detected, the Antivirus module can eliminate
it by first blocking it, and then cleaning, deleting or moving it to
quarantine.
4.1.1 Real‑time file system protection
Real‑time file system protection controls all antivirus‑related events
in the system. All files are scanned for malicious code at the moment
they are opened, created or run on the computer. Real‑time file
system protection is launched at system startup.
4.1.1.1

Control setup

The real‑time file system protection checks all types of media,
and control is triggered by various events. Control utilizes the
ThreatSense technology detection methods (as described in
ThreatSense engine parameter setup). The control behavior may vary
for newly created files and existing files. For newly created files, it is
possible to apply a deeper level of control.
4.1.1.1.1

Media to scan

By default, all types of media are scanned for potential threats.
Local drives – Controls all system hard drives
Removable media – Diskettes, USB storage devices, etc.
Network drives – Scans all mapped drives
We recommend that you keep the default settings and only modify
them in specific cases, such as when scanning certain media
significantly slows data transfers.
4.1.1.1.2 Scan on (Event‑triggered scanning)
By default, all files are scanned upon opening, execution or creation.
We recommend that you keep the default settings, as these provide
the maximum level of real‑time protection for your computer.
The Diskette access option provides control of the diskette boot
sector when this drive is accessed. The Computer shutdown option
provides control of the hard disk boot sectors during computer
shutdown. Although boot viruses are rare today, we recommend
that you leave these options enabled, as there is still the possibility of
infection by a boot virus from alternate sources.
12
4.1.1.1.3 Additional ThreatSense parameters for newly created
files
The probability of infection in newly‑created files is comparatively
higher than in existing files. This is why the program checks these
files with additional scanning parameters. Along with common
signature‑based scanning methods, advanced heuristics are used,
which greatly improves detection rates. In addition to newly‑created
files, scanning is also performed on self‑extracting files (SFX)
and runtime packers (internally compressed executable files).
4.1.1.1.4

Advanced setup

To provide the minimum system footprint when using real‑time
protection, files which have already been scanned are not scanned
repeatedly (unless they have been modified). Files are scanned again
immediately after each virus signature database update. This behavior
is configured using the Optimized scanning option. If this is disabled,
all files are scanned each time they are accessed.
By default, Real‑time protection is launched at operating system
startup time and provides uninterrupted scanning. In special cases
(e.g., if there is a conflict with another real‑time scanner), the
real‑time protection can be terminated by disabling the Automatic
real‑time file system protection startup option.
4.1.1.2

Cleaning levels

The real‑time protection has three cleaning levels (to access, click the
Setup... button in the Real‑time file system protection section and
then click the Cleaning branch).
▪ The first level displays an alert window with available options for
each infiltration found. The user must choose an action for each
infiltration individually. This level is designed for more advanced
users who know which steps to take in the event of an infiltration.
▪ The default level automatically chooses and performs
a predefined action (depending on the type of infiltration).
Detection and deletion of an infected file is signaled by an
information message located in the bottom right corner of the
screen. However, an automatic action is not performed if the
infiltration is located within an archive which also contains clean
files, and it is not performed on objects for which there is no
predefined action.
▪ The third level is the most "aggressive" – all infected objects are
cleaned. As this level could potentially result in the loss of valid
files, we recommend that it be used only in specific situations.