Cleaning; Extensions; An Infiltration Is Detected - ESET SMART SECURITY User Manual

4.1.5.3

Cleaning

The cleaning settings determine the behavior of the scanner during
the cleaning of infected files. There are 3 levels of cleaning:
No cleaning
Infected files are not cleaned automatically. The program will display
a warning window and allow the user to choose an action.
Default level
The program will attempt to automatically clean or delete an infected
file. If it is not possible to select the correct action automatically,
the program will offer a choice of follow‑up actions. The choice of
follow‑up actions will also be displayed if a predefined action could
not be completed.
Strict cleaning
The program will clean or delete all infected files (including archives).
The only exceptions are system files. If it is not possible to clean them,
the user is offered an action to take in a warning window.
Warning:
In the Default mode, the entire archive file is deleted only if all files in
the archive are infected. If the archive also contains legitimate files,
it will not be deleted.If an infected archive file is detected in the Strict
cleaning mode, the entire archive will be deleted, even if clean files are
present.
4.1.5.4

Extensions

An extension is part of the file name delimited by a period.
The extension defines the type and content of the file. This section
of the ThreatSense parameter setup lets you define the types of files
to scan.
18
By default, all files are scanned regardless of their extension.
Any extension can be added to the list of files excluded from scanning.
If the Scan all files option is unchecked, the list changes to show
all currently scanned file extensions. Using the Add and Remove
buttons, you can enable or prohibit scanning of desired extensions.
To enable scanning of files with no extension, select the
Scan extensionless files option.
Excluding files from scanning has its purpose if the scanning of certain
file types prevents the program using the extensions to run properly.
For example, it may be advisable to exclude the .edb, .eml and .tmp
extensions when using the MS Exchange server.
4.1.6

An infiltration is detected

Infiltrations can reach the system from various entry points; web
pages, shared folders, via email, or from removable computer devices
(USB, external disks, CDs, DVDs, diskettes, etc.).
If your computer is showing signs of malware infection, e.g. it is
slower, often freezes, etc., we recommend that you do the following:
▪ Open ESET Smart Security and click Computer scan
▪ Click Standard scan
(for more information, see Standard scan).
▪ After the scan has finished, review the log for the number
of scanned, infected and cleaned files.
If you only wish to scan a certain part of your disk, click Custom scan
and select targets to be scanned for viruses.
As a general example of how infiltrations are handled in ESET Smart
Security, suppose that an infiltration is detected by the real‑time file
system monitor, which uses the Default cleaning level. It will attempt
to clean or delete the file. If there is no pre‑defined action to take for
the real‑time protection module, you will be asked to select an option
in an alert window. Usually, the options Clean, Delete and Leave are
available. Selecting Leave is not recommended, since the infected
file(s) would be left untouched. The exception to this is when you are
sure that the file is harmless and has been detected by mistake.
Cleaning and deleting
Apply cleaning if a clean file has been attacked by a virus which has
attached malicious code to the cleaned file. If this is the case, first
attempt to clean the infected file in order to restore it to its original
state. If the file consists exclusively of malicious code, it will be
deleted.