Jump to content

Search the Community

Showing results for tags 'rules'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • ESET General Forums
    • ESET Announcements
    • General Discussion
    • Forum FAQ's and Rules
    • Submit a virus, website or potential false positive sample to the ESET lab
    • Quick questions by guests (registration not required)
    • WeLiveSecurity.com
  • ESET Home User Products
    • ESET Internet Security & ESET Smart Security Premium
    • ESET NOD32 Antivirus
    • ESET Cyber Security (for Mac)
    • ESET Cyber Security Pro (for Mac)
    • ESET NOD32 Antivirus for Linux Desktop
    • ESET Products for Mobile Devices
    • Web portals
  • Malware Detection and Cleaning
    • Malware Finding and Cleaning
    • ESET Standalone Malware Removal Tools
  • ESET Business User Products
    • Customer Research Opportunity
    • Gartner Peer Insights review invitation
    • ESET Cloud solutions
    • ESET Endpoint Products
    • ESET Products for Windows Servers
    • ESET Products for Linux Servers
    • ESET Products for Mobile Devices
    • Remote Management
    • ESET INSPECT (Detection and Response)
    • ESET Products for Virtualized Environments
    • Encryption
    • ESET Licensing for Business
    • Other ESET business products
  • ESET Beta Products
    • ESET Beta Products for Home Users
    • ESET Beta Products for Business Users
  • Slovak and Czech forums
    • ESET NOD32 Antivirus, ESET Internet Security a ESET Smart Security Premium
    • Produkty pre mobilné zariadenia
    • Vírusy a iné hrozby
    • Ostatné


  • Files
    • Early Access
    • Miscellaneous
    • Outlook plugin BETA
  • ESET Cyber Security 7 BETA
  • ESET Bridge BETA

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






User type

Found 4 results

  1. I'm trying to reject (ESET should notify and ask me first) access for some ports (80,443,8080,22, and others) from my local network. -for the whole internet it's already protected from Windows Firewall and my router settings and all access are blocked. But for local network, it's opening and allowing. I did the following: 1) Created a rule in the firewall. 2) Set the settings as the following: 2.1) Direction: In 2.2) Action: Ask 2.3) Protocol: TCP 2.4) Local window > Ports: 80,443,8080-8082,21-23 2.5) Remote window > Zones: Private addresses It is working great as expected (everyone in the local network trying to access any of these ports; the app will notify me whether to allow or reject it). But, the problem is, sometimes when I first logon to Windows, it asks me, and from time to time (idk when it happens, but randomly i think), it asks me. That's the first thing. The second thing is, is this rule really secure? or did i do something unnecessary and put my device in danger? -- Specs: OS: Windows 11 Product: ESET Internet Security
  2. Is there a change with the 8.x module? Quote from the original post
  3. I use Mail Security for Exchange Server. I want to create a rule that does not apply to the whitelisted mail addresses. What condition do I need to specify to exclude the whitelist addresses?
  4. Hi there, I'm trying to understand how the <action> </action> feature works . According to the official rule manual implementation you can use several actions that will be triggered along with your rule: "actions—allow to block an executable immediately after rule triggering. Action names are: · TriggerDetection—if no actions specified in the actions tag field, this action is executed by default, and the detection is triggered in EEI. If other actions are specified, and the user still wants to trigger detection, this action has to be added · MarkAsScript—marks an executable as script · HideCommandLine—removes command line string from a process · BlockProcessExecutable—blocks a process hash (ban hash via the rule) · CleanAndBlockProcessExecutable—cleans and blocks a process hash · BlockParentProcessExecutable—blocks a parent process hash · CleanAndBlockParentProcessExecutable—cleans and blocks a parent process hash · DropEvent—drops an event which triggered the rule" This was extracted from from PDF ESET ENTERPRISE INSPECTOR RULES guide that comes with the INSPECTOR, however browsing for more information on a web I found this statement: "A rule is defined using XML-based language. Rules are matched on the server asynchronously, so there is some time interval when recent events are sent from client to server and then processed by rules. Therefore, a rule cannot block execution of a process or operation (rules are intended for ex-post detection of any suspicious/malicious activity, not for their prevention). A matched rule can only notify security engineers by raising the detection." This was taken from https://help.eset.com/eei/1.4/en-US/rule_edit.html?rules.html So I'm kinda confused. I have tried to implement actions of my rules using these patterns: <action name="BlockProcessExecutable" /> AND <actions> <action name="TriggerDetection" /> <action name="DropEvent" /> <action name="BlockProcessExecutable" /> </actions> No matter where I place these lines my rules generate detections but the actions are not working. Is this feature already implemented or am I misunderstanding its usage? Thanks in advance,
  • Create New...