Jump to content

Recommended Posts

Posted

ESMC7 with EES/EFS7 on Windows.

Is there any way to create a PUA scan without clean enabled, ie detect only, without changing settings for every other scan type?

Currently the only place to enable/disable PUA in policy is in the Detection Engine / Basic settings. This then applies for all scan types.

I want to be able to disable PUA detection without compromising all the scan settings for all other threat types, ie viruses. And then run a detection only scan for PUA's to check for false positives before setting PUA to be 'cleaned'. I can't see any way to do this, even by creating a Client Task, as everything refers back to whether PUA is enabled or disabled in Basic settings.

So the only option I can see is enable PUA detection and enable 'No Cleaning' for all threat types, or disable PUA's altogether permanently.

Why do I want to be able to scan PUA's separately?

Because sometimes business or wanted applications are detected as PUA's and deleted. I want to be able to detect these first, then exclude any that the customer doesn't want removed.

  • Administrators
Posted

There is only a global settings for PUAs. What you could do is run a scan with the command line scanner ecls.exe and disable PUA detection using the appropriate switch. Moreover, PUAs are cleaned automatically in a managed environment. However, you can restore particular PUAs from quarantine via ESMC and exclude them from detection, if needed.

Posted

Can I somehow create a Client Task to run that on remote computers from the ESMC server?

  • Administrators
Posted

It is possible to run ecls via a "run command" task but since it logs only to a text log that is not transferred to ESMC, that's probably not what you want.

In my opinion, it's safer to have PUAs cleaned automatically and restore / exclude a particular one if really needed than letting a user run it for some time and only then evaluate whether it's ok to use it or not.

Posted

Marcos I totally agree, but when you've just signed up a new customer and the first thing eset does is deletes the CEOs beloved Google Toolbar, 1: its not a good start to the relationship, and 2: it creates additional unnecessary work for me that the customers probably not going to want to pay me for.

a lot of what PUA detects is mostly crapware. I'd rather scan for this first so I can create a list to discuss and then exclude before enabling for strict cleaning.

  • ESET Staff
Posted

@ShaneDT I do agree, that it might be beneficial to have separate cleaning / handling level for PUAs and for standard detections. We are tracking improvements to adjust this behavior towards the future versions.

Posted

Thanks Michal, yes be useful to add this in a future release. Possibly as a stand alone Client Task even.

Cheers.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...