Knowledgebase business article search

Exclude PUAs using their hash value in ESET Remote Administrator

Issue

  • Create a policy to exclude PUAs by their hash value in ESET Remote Administrator 

Solution

End of support for version 6.4 and 6.5 of ESET Remote Administrator / MDM

ESET Remote Administrator version 6.5 is currently in Limited Support status and will soon be in Basic Support status. It is expected to reach End of Life status in December 2020.

ESET Remote Administrator version 6.4 is currently in basic support status and is expected to reach End of Life status in December 2019.

The MDM functionality in ESET Remote Administrator version 6 is in Basic Support status as of April 11, 2019. After this date, MDM version 6 will no longer be available for download.

  1. Click Tools → Quarantine on the client machine that has already detected the PUA, and verify that the PUA is listed in the Quarantine list.

Figure 1-1
 

  1. Open ESET Remote Administrator Web Console and click Admin → Quarantine. Verify that the PUA found on the client machine is listed in the Quarantine list.

Figure 1-2
Click the image to view larger in new window
 

  1. Click Admin → Client Tasks → Quarantine management  New. Enter the necessary information in the Basic section. 
     
  1. Expand the Settings section and select Restore object(s) and Exclude in Future from the Action drop-down menu. Select Hash items from the Filter Type drop-down menu.
     
  1. Click Add in the Hash Item(s) section under Filter Settings, select the check box next to the PUA that was detected on the client machine and click OK.
     
  2. Create a trigger and click Finish to complete the task.

Figure 1-3
Click the image to view larger in new window
 

  1. On the client machine, navigate to Exclusions. The PUA is now listed as an exclusion in the Exclusions list.

Figure 1-4
 

  1. In ESET Remote Administrator Web Console, click Computers, select the client computer and click Show detailsConfiguration → Request Configuration.
     
  2. Select Security product and click Convert to Policy.

Figure 1-5
Click the image to view larger in new window

  1. Open the policy you just created and enter the necessary information in the Basic section. Expand the Settings section, click Antivirus → Edit Exclusions
     
  2. Select the PUA exclusion and click Edit. Select the slider bar next to Exclude for this computer and click OK Save. The policy with this excluded PUA is now available to use for any client computer.

Figure 1-6



Was this information helpful?