Proposal For:

ACME Inc.

Date: November 2022

Ver 1.0
Contact Information

EGUARDIAN Account Team:

● Ijas Ahamed | Senior Business Development Manager

Email: [email protected] | 077 4650663

● Pulasthi Jayasinghe | Team Lead - Technical

Email: [email protected] | 076 1294673

1
Executive Summary

Expertise, integrity, independence: these are components we believe to be crucial for building
our award-winning cybersecurity solutions.

At ESET, we don’t rely on a single magic formula. Instead, our elite experts combine decades of
industry experience with deep knowledge of the subject and power of machine learning to
create unique multilayered protection. This approach, coupled with ESET’s professional service,
is how we make sure that our customers will be safe from threats both existing and yet to come.

As renowned contributors to the cybersecurity community, we share valuable research, give

lectures at universities and provide assistance to combat cybercrime. Our industry-leading blog
welivesecurity.‌com is considered as one of the best in the field.

We will always promote responsible practices in the industry, challenging empty claims and
non-transparent methods.

We’re proud to be one of very few privately owned global cybersecurity companies. Without
pressure from investors, we have the freedom to make the right choices – to do what needs to
be done for the ultimate protection of all our customers.

For more than 30 years, we’ve been helping organizations and people protect their digital world.
From a small dynamic company we’ve grown into a digital brand. Many things have changed,
but our core aspirations, philosophy and values remain the same – to build a more secure digital
world where organizations and people everywhere can truly Enjoy Safer Technology.

2
ESET PROTECT 11
ESET PROTECT 11
ESET PROTECT On-prem 11
ESET PROTECT Server 11
Independent Agent 11
Web-Console 12
ESET HTTP Proxy 12
Rogue Detection Sensor 12
Multi-Platform Support 12
ESET Business Account 12
Endpoint Deployment 12
Multi-tenancy 13
Secure Peer Communication 13
2FA-Protected Login 13
Integrated ESET SysInspector® 13
Dynamic and Static Groups 13
Policies 13
Triggers 14
Tasks 14
Reports 14
Notifications 14
ESET PROTECT Bundles 15
Advanced Machine Learning 16
ESET Advanced Machine Learning (Cloud) 16
ESET Advanced Machine Learning (Endpoint) 17
Supported Platforms 19
System Requirements 20
Workstations 20
Servers 20
Storage Servers 21
Virtualized Hosts 22
Mobile Devices 22

3
ESET Endpoint Security 23
Antivirus and Antispyware 23
35-years of Signatures 23
Behavior-based Detections 23
File-less Malware Detection 24
Sandboxing 24
Network Attack Protection 25
Email Security 25
Web Control 26
Device Control 26
Scanning 26
Update Distribution 27
Micro Updates 28
Update Rollback 28
Postponed Updates 28
Local Update Server 28
Optional cloud-powered scanning: 28
ESET LiveGrid 29
Virtualization Support 29
Host-Based Intrusion Prevention System (HIPS) 29
Exploit Blocker 30
Client Anti-spam 30
Anti-Phishing 30
Two-Way Firewall 30
Vulnerability Shield 30
Ransomware Shield 31
Botnet Protection 31
Botnet Tracker 31
UEFI Scanner 31
DNA Detections 31
Idle-State Scanner 32
First Scan after Installation 32
RIP & Replace 32

4
 Customizable GUI Visibility 32
ESET Business Account 33
Touchscreen Support 33
Low System Demands 33
Right-to-Left Language Support 33
Cross-Platform Protection 33
Remote Management 33

ESET Server Security 34

Antivirus and Antispyware 34
Optional cloud-powered scanning: 34
Virtualization Support 34
Hyper-V Storage Scan 34
Exploit Blocker 34
Advanced Memory Scanner 34
Native Clustering Support 34
Storage Scan 35
Specialized Cleaners 35
Host-Based Intrusion Prevention System (HIPS) 35
Anti-Phishing 35
Device Control 35
Idle-State Scanner 35
Update Rollback 35
Postponed Updates 35
Local Update Server 36
Process Exclusions 36
Customizable GUI Visibility 36
ESET Business Account 36
Component-Based Installation 36
Remote Management 36

ESET Live Guard Advanced (Cloud Sandboxing) 37

Layer 1 - Advanced unpacking and scanning 38
Layer 2 - Advanced machine learning detection 38
Layer 3 - Experimental detection engine 38

5
 Layer 4 - In-depth behavioral analysis 38
Highlights 38
Ransomware and zero-day threats detection 38
Granular reports 39
Transparent full visibility 39
Automatic protection 39
Mail Security protection 39
Mobility 39
Proactive protection 39
Tailored customization 39
Manual submission 39

ESET Inspect (EDR) 40

Advanced Persistent Threats (APT) and Targeted Attacks 40
Increased Organization Visibility 40
The ESET Difference 40
Flexibility of Deployment 40
Ready to Start 40
Automation and Customization 41
MITRE ATT&CKTM 41
Reputation System 41
Detailed Network Visibility 41
Complete Prevention, Detection and Response 41
Solution From A Security-First Vendor 41
Incident Management System 41
Safe and Smooth Remote Access 41
Live Response Options 42
One-Click Isolation 42
Root Cause Analysis 42
Anomaly And Behavior Detection 42
PUBLIC API 42
TAGGING 42
Threat Hunting 43
Multiple Indicators Of Compromise 43

6
 Open Architecture And Integrations 43
Company Policy Violation Detection 43
Sophisticated Scoring 43
Local Data Collection 43
Use Cases 43

ESET Cloud Office Security (ECOS) 45

Anti-spam 45
Anti-malware 45
Anti-phishing 45
Notifications 45
Automatic protection 45
Quarantine manager 45
Multitenancy 45
Rules 45

ESET Mail Server Security 46

Antivirus and Antispyware 46
Optional cloud-powered scanning: 46
Antispam and Anti-Phishing 46
Local Quarantine Management 46
Database On-Demand Scan 46
Message Processing Rules 46
Exploit Blocker 47
Advanced Memory Scanner 47
Host-Based Intrusion Prevention System (HIPS) 47
Device Control 47
Snapshot Independence 47
Native Clustering Support 47
ESET Shared Local Cache 47
Windows Management Instrumentation (WMI) Provider 48
Process Exclusions 48
Incremental Micro-Definitions 48
Component-Based Installation 48
Remote Management 48

7
 ESET Log Collector 48
ESET Business Account 48

ESET Full Disk Encryption 49

All products managed from one console 49
Fully validated 49
Powerful encryption 49
Cross-platform coverage 49
Add additional devices at any time 49
Single-click deployment 49
Password policies 49

ESET Virtualization Security for VMware 50

ESET Mobile Device Management (MDM) 51

Real-time Scanning 51
On-demand Scanning 51
ESET Live Grid 51
USB On-The-Go Scanner 51
Anti-Phishing 51
Apps Permissions 51
Scheduled Scan 51
App Lock 51
Automatic updates 51
Connected Home Monitor 51
Proactive Anti-Theft 52
Custom On-screen Message 52
Location Tracking 52
Camera Snapshots 52
Low Battery Alert 52
SIM Guard 52
Anti-Theft Optimization 52
Security Report 52
Security Audit 52
ESET Endpoint Security for Android 53

8
 ESET Mobile Device Management for Apple iOS 53

Solution Architecture 54
Cloud Console 54
Availability 54
Maintenance 54
ESET PROTECT (on-prem) 55
Update Caching & Distribution 56
Network Load 57
Network Load (with used MB size, eg:MB/day) 57
ESET Inspect 58
Ports and Network Traffic 59
Network Firewall Configuration 59
On-prem deployments 59
ESET Inspect (Cloud) 60

Proposed Solution 61
Products and Features 61
Work Breakdown Structure (WBS) 62

About ESET 63

Why ESET? 64

Few of our 3rd party reviews 67

Some of our Top Awards 68

9
ESET PROTECT
An endpoint protection platform (EPP) is
a solution deployed on endpoint devices to
ESET PROTECT
prevent file-based malware attacks, detect
The primary cloud-based management
malicious activity, and provide the
console. Previously known as ESET Cloud
investigation and remediation capabilities
Administrator, with significant feature
needed to respond to dynamic security
upgrated to accommodate customers of
incidents and alerts.
most sizes and requirements.
ESET’s endpoint protection solutions
leverage a multilayered approach that ESET PROTECT On-prem
utilizes multiple technologies working in a
dynamic equilibrium, which has the ability to For customers who prefer or require an
constantly balance performance, detection on-premise deployed management
and false positives. console. Previously known as ESET
Security Management Center.
A single layer of defense is not enough for
the constantly evolving threat landscape. All
ESET Endpoint Security products have the ESET PROTECT Server
ability to detect malware pre-execution,
during execution and post-execution. ESET PROTECT’s server component can
Focusing on more than a specific part of the be installed on Windows as well as Linux
malware lifecycle allows us to provide the servers and also comes as a virtual
highest level of protection possible. appliance. It handles communication with
agents, and collects and stores application
ESET Endpoint solutions are fully data in the database.
manageable via ESET PROTECT Console.
It is a single pane of glass over all ESET
Independent Agent
security solutions deployed in the network. It
controls endpoint prevention, detection &
The agent is a small application that
response layers across all
handles the remote management
platforms—covering desktops, servers,
communication and runs independently of
virtual machines and even managed mobile
the security solution itself. It connects to
devices.
ESET PROTECT Server and executes
tasks, collects logs from ESET applications,
Deploy, run tasks, set up policies, collect
interprets and enforces policies, and
logs, and get notifications and an overall
performs other tasks, e.g. software
security overview of your network – all via a
deployment and general computer
single web-based management console.
monitoring. As the agent executes tasks

10
and interprets server logic locally, it reacts traces. It provides the administrator with
to and eliminates security issues even when improved visibility of all devices located
the client is not connected to the server. within the corporate network. Discovered
machines are immediately located and
reported in a predefined report allowing the
Web-Console
admin to move them to a specific static
group and proceed with management tasks.
The front-end component of ESET
PROTECT, the web-console, manages
everyday network security. It has a role in Multi-Platform Support
interpreting the data stored in the database,
visualizing it in the form of clear dashboards ESET PROTECT Server runs on both
and lists with drill-down capabilities, and Windows and Linux machines. The general
commands the agents and other ESET installer deploys ESET PROTECT, including
applications. In addition, it offers a huge server, database and other components, in
array of customization options to suit the one step. The admin can also install
needs of any administrator by providing an component-by-component, or deploy as a
easy “look & see” overview of the entire virtual appliance.
network’s security.

ESET Business Account

ESET HTTP Proxy
Makes it possible to handle all licenses
The proxy handles collection and transparently, from one place via web
aggregation of data from machines in browser. You can merge, delegate and
distant locations and forwards it to the manage all licenses centrally in real-time.
centralized ESET PROTECT server.
Remote locations no longer require ESET
Endpoint Deployment
PROTECT server installation; the proxy
alone will suffice. It’s possible to install
ESET PROTECT offers several methods of
several proxies in large and complex
endpoint deployment, making the process
environments and connect them to a central
smooth and quick. All installers’ metadata is
server. The hierarchy and access rights are
stored on the server, so it’s easy to utilize
enforced by the central server, and through
different installers for different customers
its access rights structure.
(useful for MSPs) or create groups with
specific settings, policies or license
Rogue Detection Sensor credentials.

This component of ESET PROTECT is used

to discover unprotected and unmanaged
machines in the network by listening to their

11
Multi-tenancy 2FA-Protected Login

A single instance of ESET PROTECT can To validate the identities of users logging in
serve multiple independent users with to ESET PROTECT, it’s possible to enable
specific access and privileges – while the two-factor authentication (2FA) directly from
user cannot see the data of other users. It is the web console. Up to 10 accounts can be
also possible to grant three levels of access 2FA-protected for free. After a simple
to each object – read / use / write – as well self-enrollment directly from the
as granular access settings for different web-console, the user will receive a link via
types of tasks. Multi-tenancy is ideal for SMS to download the ESET Secure
large enterprises with one centralized server Authentication mobile app – which is then
and different admins managing only used to generate random one-time
endpoints in their respective locations, or for passwords. Once 2FA is set up, one-time
MSPs managing multiple customers from a passwords are used to complement and
single server but who need to ensure that strengthen the authentication process.
customers are not able to see the data of
other users.
Integrated ESET SysInspector®

Secure Peer Communication ESET SysInspector is a diagnostic tool that

helps troubleshoot a wide range of system
ESET PROTECT now utilizes the Transport issues and is integrated into the ESET
Layer Security (TLS) 1.0 standard and PROTECT web-console. The admin is able
employs its own created and distributed to view all generated SysInspector
certificates to digitally sign and encrypt snapshots directly for a particular client.
communication between the solution’s This allows the admin to track-back security
individual components for peer incidents or system changes
identification. The admin can build a public chronologically.
key infrastructure (PKI) with certificates and
certification authority during the installation
Dynamic and Static Groups
process, or at a later date. Alternatively,
admins can choose to use their own
ESET PROTECT uses a client-centric
certificates. Certificates are then assigned
approach, similar to the Active Directory
during the deployment of each ESET
with which ESET PROTECT syncs
PROTECT component, resulting in secure
automatically, and adopts its group
communication and a secure network
structure. Clients can be assigned to either
environment.
static or dynamic groups. The admin sets
inclusion criteria for a dynamic group;
thereafter, any client that meets these
criteria is moved automatically to the

12
respective dynamic group. It is also possible products; this also includes pre-configured
to assign a policy to a dynamic group, with tasks.
this policy applied to clients upon entry to
the respective dynamic group and
Reports
withdrawn upon exit. This happens without
any admin/user interaction.
Admins can choose from predefined report
templates or create custom ones, just using
Policies a selected set of data and values. ESET
PROTECT collects only data which is
The admin can define policies per security necessary for generating reports, with the
product and clearly specify their mutual remaining logs stored on the client, resulting
relationship. Policies are executed on the in better database performance. Each report
agent, so even without a connection to the template can be viewed in the web-console
ESET PROTECT server the agent is able to as a dashboard element to provide the
apply policies assigned to a specific administrator with an excellent real-time
dynamic group in the event that a client overview of network security, including
enters that dynamic group. For even easier drill-down possibilities. What’s more, it
management, the admin can choose from allows action to be taken if necessary. Apart
predefined policy templates for each ESET from displaying reports via web-console,
security product, according to the needs of they can be exported to a PDF / PS / CSV
various clients, e.g. applying specific policy and saved to a predefined location or sent
templates for laptops or servers, and as an email notification report.
restrictive or soft policies.

Notifications
Triggers
It’s critical for administrators to get
By configuring triggers, the admin is able to notification of any security issues happening
define if and when a specific task is in the network, in order to react immediately.
executed. Triggers can be paired with The admin can configure notification options
dynamic groups and execute the tasks on a via a wizard-style series of steps, or use any
client once it enters the group. Scheduled of the predefined notification templates.
triggers provide the ability to specify task Templates can be mapped to the specific
execution according to date, time, day and dynamic group memberships of clients or
repeat frequency. triggered by specific indications or events as
they are recorded in event logs.

Tasks

Tasks are created in wizard-style steps and

clearly sorted for various ESET security

13
 ESET PROTECT Bundles

ESET ESET ESET ESET

Products & Features Included PROTECT PROTECT PROTECT PROTECT
Entry Advanced Complete Enterprise

ESET Endpoint Security for Workstations ✔️ ✔️ ✔️ ✔️

ESET Server Security ✔️ ✔️ ✔️ ✔️
ESET Endpoint Security for Android ✔️ ✔️ ✔️ ✔️
ESET Mobile Device Management for iOS ✔️ ✔️ ✔️ ✔️
ESET Virtualization Security for VMware ✔️ ✔️ ✔️ ✔️
ESET Device Control ✔️ ✔️ ✔️ ✔️
ESET Web Control ✔️ ✔️ ✔️ ✔️
ESET Two-way Firewall ✔️ ✔️ ✔️ ✔️
ESET LiveGuard Advanced [Cloud Sandbox] ✔️ ✔️ ✔️
ESET Full Disk Encryption ✔️ ✔️ ✔️
ESET Inspect [EDR / XDR] ✔️
ESET Cloud Office Security [Email - O365] ✔️
ESET Mail Server Security [Exchange on-prem] ✔️

14
Advanced Machine Learning
At ESET, our engineers are old acquaintances of machine learning. We recognized its potential
early on and employed it to help detect malware over 20 years ago. To this day, this symbiosis
continues, with neural networks, deep learning, and classification algorithms being integral parts
of the protective layers in ESET products and services.

Combining these technological trends, wealth of information and human expertise, ESET has
created its ML-based detection engine, which today consists of two parts:

● ESET Advanced Machine Learning in the cloud

● ESET Advanced Machine Learning on the endpoint

ESET Advanced Machine Learning (Cloud)

How does it work?

1. Every sample entering ESET Advanced Machine Learning in the cloud is subjected to
static analysis. The engine extracts the features of the sample, collecting information that
is then fed to deep-learning algorithms.
2. The sample is also emulated as a part of dynamic analysis, producing DNA genes.
These are fed to a series of precisely chosen classification models and another
deep-learning algorithm.

15
 3. The sample is then executed in a sandbox and subjected to advanced memory analysis.
Results are then compared with a set of previously known, periodically reviewed, and
automatically updated clean and malicious samples.
4. The results from the previous steps are consolidated either via a neural network or other
forms of evaluation and used to produce a final decision, labeling the sample as:
a. clean
b. potentially unwanted/unsafe application (PUA/PUSA)
c. malicious
5. The information is then distributed to all ESET clients either via regular update or via
ESET LiveGrid® 2 .

It is important to note that as part of sample processing, unlike with some of the post-truth
security vendor products, ESET also utilizes unpacking and behavioral analysis, as well as
sample emulation. These steps are crucial to extracting sufficient, relevant sample features,
before they can be fed to the ML engine.

Analyzing compressed or encrypted samples with no further processing is attempting to classify

noise, producing meaningless results. This approach can be compared to picking a winner of a
singing contest solely by looking at photos of the candidates, without giving them a chance to
perform.

ESET Advanced Machine Learning (Endpoint)

ESET Advanced Machine Learning (AML) on the endpoint is an additional detection layer that
proactively protects our users from previously unknown threats. It expands ESET detection
capabilities by analyzing all suspicious samples on the user’s device at the instant they are
encountered.

How does it work?

16
 1. Local security solution encounters an unknown yet suspicious sample and scans it with
help of AML on the endpoint.
2. AML on the endpoint runs static analysis, producing basic characteristics of the analyzed
sample without executing it.
3. AML on the endpoint runs a dynamic analysis and extracts DNA genes describing some
of sample’s active features and behaviors, uncovering malicious characteristics even in
packed or obfuscated items.
4. Information extracted in steps 2 and 3 is further processed by several carefully-chosen
classification models and a deep learning algorithm.
5. Outputs of the ESET Advanced Machine Learning on the endpoint algorithms are then
consolidated via simplified, yet still powerful, methods used by ESET Advanced Machine
Learning in the cloud.

ESET Advanced Machine Learning in the cloud is a demanding beast, requiring “heavy
machinery” that is not available in regular user devices. Therefore, ESET engineers designed
ESET Advanced Machine Learning on the endpoint as a lightweight solution, allowing it to run
directly on the user’s device.

This engine analyzes samples locally, with machine-learning models and the consolidation of
the verdict happening offline. This makes the results available to the user in real time and
translates into proactive protection from unknown threats even if the user has no or limited
internet connectivity.

The separation of tasks offers multiple advantages, with the main ones being:

● While the part of the engine running on the device protects the user proactively by
analyzing and detecting emerging threats when encountered, the cloud
machine-learning engine offers context and power that helps to identify even
sophisticated and difficult-to-spot attacks.
● Also, the local engine protects the user from any never-before-seen threats even when
the internet connection is unreliable or non-existent.

As indicated by the name of the technology, it is built on an array of modern machine-learning

algorithms, offering users a combination of best possible detection results and a robust solution
able to withstand external attacks. To prevent these machine-learning models from degradation,
our vigilant engineers are always monitoring the models’ performance and correcting any
deviations that might arise. This provides ESET solutions with an ideal mix of human expertise
and machine performance necessary for rapid and reliable protection.

17
Supported Platforms

18
System Requirements

● Intel or AMD processor, 32-bit (x86) with SSE2 instruction set or 64-bit (x64), or ARM
processor, 1 GHz or higher
● 0.3 GB of free system memory (see Note 1)
● 1 GB of free disk space (see Note 2)
● Minimum display resolution 1024x768
● Internet connection or a local area network connection to a source (see Note 3) of
product updates
● Two antivirus programs running simultaneously on a single device causes inevitable
system resource conflicts, such as slowing down the system to make it inoperable

Workstations

● Microsoft® Windows® 11
● Microsoft® Windows® 10
● Microsoft® Windows® 8.1
● Microsoft® Windows® 8
● Microsoft® Windows® 7 SP1 with latest Windows updates (at least KB4474419 and
KB4490628)
● Windows XP and Windows Vista are no longer supported.
● macOS 10.15 to macOS 13
● macOS Server 10.15 and later
● Ubuntu Desktop 18.04 LTS 64-bit
● Ubuntu Desktop 20.04 LTS
● Ubuntu Desktop 22.04 LTS
● Red Hat Enterprise Linux 7, 8 with supported desktop environment installed.
● SUSE Linux Enterprise Desktop 15
● Linux Mint 20

19
Servers

● Microsoft Windows Server 2022 (Server Core and Desktop Experience)

● Microsoft Windows Server 2019 (Server Core and Desktop Experience)
● Microsoft Windows Server 2016 (Server Core and Desktop Experience)
● Microsoft Windows Server 2012 R2
● Microsoft Windows Server 2012
● Microsoft Windows Server 2008 R2 SP1 with KB4474419 and KB4490628 installed
(read the SHA-2 required compatibility)
● Server Core (Microsoft Windows Server 2008 R2 SP1, 2012, 2012 R2)
● RedHat Enterprise Linux (RHEL) 7
● RedHat Enterprise Linux (RHEL) 8
● RedHat Enterprise Linux (RHEL) 9
● CentOS 7
● Ubuntu Server 18.04 LTS
● Ubuntu Server 20.04 LTS
● Ubuntu Server 22.04 LTS
● Debian 10
● Debian 11
● SUSE Linux Enterprise Server (SLES) 12
● SUSE Linux Enterprise Server (SLES) 15
● Oracle Linux 8
● Amazon Linux 2

Note:

● Linux distributions with ELREPO kernel and AWS kernel are not supported.
● RHEL with the "Protection Profile for General Purpose Operating Systems (OSPP)" is
not supported.

Storage Servers

● Microsoft Windows Storage Server 2016

● Microsoft Windows Storage Server 2012 R2
● Microsoft Windows Storage Server 2012
● Microsoft Windows Server 2019 Essentials
● Microsoft Windows Server 2016 Essentials
● Microsoft Windows Server 2012 R2 Essentials
● Microsoft Windows Server 2012 Essentials
● Microsoft Windows Server 2012 Foundation

20
 ● Microsoft Windows Small Business Server 2011 SP1 (x64) with KB4474419 and
KB4490628 installed
● Microsoft Windows MultiPoint Server 2012
● Microsoft Windows MultiPoint Server 2011
● Microsoft Windows MultiPoint Server 2010

Virtualized Hosts

Supported Host Operating Systems with Hyper-V role:

● Microsoft Windows Server 2022

● Microsoft Windows Server 2019
● Microsoft Windows Server 2016
● Microsoft Windows Server 2012 R2
● Microsoft Windows Server 2012
● Microsoft Windows Server 2008 R2 SP1 - Virtual Machines can be scanned only while
they are offline

Virtualization Security for VMware:

● VMware vSphere 6.0/6.5+/6.7 (vCenter Single Sign-On, vSphere Client/Web Client,

vCenter Server, vCenter Inventory Service)
● VMware NSX Manager 6.3+/6.4.10
● VMware NSX-T is not supported
● VMware Guest Introspection 6.2.4+/6.3+/6.4.10
● Virtual Agent Host (VAH) deployed as VM
● Reservation for ESET Virtualization Security appliance (SVM): 2 CPU, 2 GB RAM, 8 GB
Disk
● NSX Manager rights:
○ For Registration to NSX Manager and deployment of SVMs (using vSphere
client): Security Administrator
○ For group/names synchronization with VMware vSphere: Read-only for vCenter
and NSX Manager

Mobile Devices

● Android 5 (Lollipop) and later

● iOS 9 and later

21
ESET Endpoint Security

Antivirus and Antispyware based on more than 35 years of research.

This allows us to stay ahead of malware,
Eliminates all types of threats, including constantly evolving our technologies to go
viruses, rootkits, worms and spyware. beyond the use of standard, static
signatures. Our unique combination of
endpoint based and cloud-augmented
35-years of Signatures
technologies provides the most advanced
ESET’s scanning engine is at the core of security against malware on the market.
our products and, while the underlying
technology has been inherited from Behavior-based Detections
“old-style antivirus”, it has been greatly
extended and enhanced and is constantly Each exploit is an anomaly in the execution
being developed to cover modern threats. of the process and we look for anomalies
that suggest the presence of exploitation
The purpose of the scanning engine is to techniques. When triggered, the behavior
identify possible malware and make of the process is analyzed and, if it is
automated decisions about how likely the considered suspicious, the threat may be
inspected code is to be malicious. blocked immediately on the machine, with
further attack related metadata being sent to
Every day, ESET receives hundreds of
our ESET LiveGrid cloud system.
thousands of samples, which are processed
automatically, semi-automatically and This information is further processed and
manually after preprocessing and clustering. correlated, which enables us to spot
Automated analysis is performed by previously unknown threats and so called
internally developed tools on an array of zero-day attacks, and provides our lab with
virtual and real machines. valuable threat intelligence.

Classification is performed using different Relevant Features:

attributes extracted during execution,
according to static and dynamic code ● HIPS
analysis, changes introduced to the ● In-product Sandboxing
operating system, network communication ● Machine Learning
patterns, similarity to other malware ● DNA Detections
samples, DNA features, structural ● Advance Memory Scanner
information and anomaly detection. ● Cloud Sandboxing
● Live Grid Reputation System
ESET is one of the few security vendors ● Ransomware Shield
able to provide a high level of protection ● Botnet Protection

22
File-less Malware Detection Memory Scanner performs a behavioral
code analysis using ESET DNA
Advanced Memory Scanner is a unique Detections.
ESET technology which effectively
addresses an important issue of modern Code analysis is performed not only for
malware – heavy use of obfuscation standard executable memory but also for
and/or encryption. .NET MSIL (Microsoft Intermediate
Language) code used by malware authors
These malware protection tactics, often to hamper dynamic analysis. Due to the
used in run-time packers and code implementation of smart caching, Advanced
protectors, cause problems for detection Memory Scanner has almost no overhead
approaches which employ unpacking and doesn’t cause any noticeable
techniques such as emulation or deterioration in processing speeds.
sandboxing. What’s more, whether checking
is done using an emulator or virtual/physical Advanced Memory Scanner cooperates well
sandboxing, there is no guarantee that with Exploit Blocker. Unlike the latter, it is a
during analysis the malware will display post-execution method, which means that
malicious behavior that will allow it to be there is a risk that some malicious activity
classified as such. could have occurred already. However, it
steps into the protection chain as a last
Malware can be obfuscated in such a way resort if an attacker manages to bypass
that not all execution paths can be other layers of protection.
analyzed; it can contain conditional or time
triggers for the code; and, very frequently, it Moreover, there is a new trend in advanced
can download new components during its malware: some malicious code now
lifetime. To tackle these issues, Advanced operates is “in-memory only”, without
Memory Scanner monitors the behavior of a needing persistent components in the file
malicious process and scans it once it system that can be detected conventionally.
decloaks in memory. This complements the
more traditional functionality of Initially, such malware appeared only on
pre-execution or on-execution proactive servers, due to their long uptime – since
code analysis. server systems stay up for months or years
at a time, malicious processes could remain
Also, clean processes can suddenly in memory indefinitely without needing to
become malicious because of exploitation survive a reboot – but recent attacks on
or code injection. For these reasons, businesses indicate a change in this trend,
performing analysis just once is not enough. and we are seeing endpoints also targeted
Constant monitoring is needed, and this is in this manner. Only memory scanning
the role of Advanced Memory Scanner. can successfully discover such
Whenever a process makes a system call malicious attacks and ESET is ready for
from a new executable page, Advanced this new trend with its Advanced
Memory Scanner.

23
Sandboxing detection of known vulnerabilities on the
network level. By implementing detection
ESET split the DNA detection into two. It for common vulnerabilities in widely used
helps with understanding the whole protocols, such as SMB, RPC and RDP, it
process. It is something we came with in constitutes another important layer of
1995 with our first emulator utilizing our protection against spreading malware,
product – it was possible to run the famous network-conducted attacks and exploitation
Doom game in the emulator. This is what of vulnerabilities for which a patch has not
we do in order to extract behavioral yet been released or deployed.
metadata that we are No Emulation utilizing
in our DNA detections. Malware is getting
obfuscated and trying to evade detection
Email Security
and we are trying to see through how it is
behaving underneath and we can target the Integration of ESET Mail Security with email
real behavior of the malware. We are also clients increases the level of active
using binary translations for this, so we are protection against malicious code in email
not slowing down the machine. messages. If your email client is supported,

integration can be enabled in ESET Mail

Network Attack Protection Security. When integration is activated, the
ESET Mail Security toolbar is inserted
Network Attack Protection is an extension directly into the email client, allowing for
of firewall technology and improves more efficient email protection.

24
Email clients that are currently supported than 35 pre-defined website categories and
include Microsoft Outlook, Outlook Express, over 140 subcategories.
Windows Mail and Windows Live Mail.
Email protection works as a plug-in for
Device Control
these programs. The main advantage of the
plug-in is that it is independent of the ESET Endpoint Antivirus provides automatic
protocol used. When the email client device (CD/DVD/USB/...) control. This
receives an encrypted message, it is module allows you to block or adjust
decrypted and sent to the virus scanner. extended filters/permissions and define a
users ability to access and work with a
Web Control given device. This may be useful if the
computer administrator wants to prevent the
ESET Web Protection consists of 3 use of devices containing unsolicited
modules: content.

● Web Control – Allow/Block Web Supported external devices:

URLs and control access based on
● Disk storage (HDD, USB removable
category (35 categories, 140
disk)
sub-categories)
● CD/DVD
● Web Access Protection - offers two
● USB printer
level of protection, blocking by
● FireWire Storage
blacklist and blocking by content.
● Bluetooth Device
● Anti-phishing - blocks web pages
● Smart card reader
known to distribute this type of
● Imaging Device
content.
● Modem
● LPT/COM port
The Web control section allows you to
● Portable Device
configure settings that protect your
● All device types
company from risk of legal liability. Web
control can regulate access to websites that
Devices can be
violate intellectual property rights. The goal
is to prevent employees from accessing ● Blocked
pages with inappropriate or harmful content, ● Allowed
or pages that may have a negative impact ● Mounted Read-only
on productivity. ● Mounted with a warning

Web control lets you block webpages that Blocking, Allowing, warning can be done
may contain potentially offensive material. based on:
In addition, employers or system ● Vendor
administrators can prohibit access to more ● Model or
● Serial Number of the device

25
Scanning Scan on

Smart scan: This is the default scanning By default, all files are scanned upon
profile. The Smart scan profile uses Smart opening, creation, or execution. We
Optimization technology, which excludes recommend that you keep these default
files that were found to be clean in a settings, as they provide the maximum level
previous scan and have not been modified of real-time protection for your computer:
since that scan. This allows for lower scan
times with a minimal impact to system ● File open – Enables or disables
security. scanning when files are opened.
● File creation – Enables or disables
Context menu scan: You can start an scanning when files are created.
on-demand scan of any file from the context ● File execution – Enables or
menu. The Context menu scan profile disables scanning when files are
allows you to define a scan configuration run.
that will be used when you trigger the scan ● Removable media access –
this way. Enables or disables scanning
triggered by accessing particular
In-depth scan: The In-depth scan profile removable media with storage
does not use Smart optimization by default, space.
so no files are excluded from scanning ● Computer shutdown – Enables or
using this profile. disables scanning triggered by
computer shutdown.
Scan Options: Allows you to select the
scanning methods/technologies used during
scanning. Heuristics and Advanced Update Distribution
heuristics/DNA/Smart signatures are the
available options. With ESET, each update will be downloaded
from the Internet only once for the entire
Media to scan organisation. How?

By default, all types of media are scanned In order to improve efficiency of updates,
for potential threats: the customers can deploy ESET Caching
Proxy server on-premise, which will
● Local drives – Controls all system download the latest update and distribute it
hard drives. to all machines in the network. This will
● Removable media – Controls save Internet bandwidth significantly.
CD/DVDs, USB storage, Bluetooth
devices, etc. Once an update is available, the head office
● Network drives – Scans all mapped server will download the update, cache it,
drives. and distribute it among the endpoints in the
local LAN.

26
If there are any branches, a caching server
can be placed in each branch to download Local Update Server
the update from the Head Office Server,
cache it, and distribute it throughout the Saves company bandwidth by downloading
branch. updates only once, to a local mirror server.

Mobile workforce updates directly from

Micro Updates ESET Update Server when the local mirror
is not available. Secured (HTTPS)
ESET Micro Updates are very small update communication channel is supported.
files of 250 to 500 kilobytes per week. If for
any reason you miss two consecutive
updates, thus making a standard weekly Optional cloud-powered scanning:
update impossible, you can still download a
differential update after 4 weeks (comprising When inspecting an object such as a file or
around 1 to 2 megabytes). After that you URL, before any scanning takes place our
may resume downloading standard weekly products check the local cache (and ESET
updates as usual. Shared Local Cache, in the case of ESET
Endpoint Security) for known malicious or
whitelisted benign objects. This improves
Update Rollback scanning performance.

Lets you revert to a previous version of Afterwards, our ESET LiveGrid® Reputation
protection modules and virus signature System is queried for object reputation (i.e.
database. whether the object has already been seen
elsewhere and classified as malicious or
Allows you to freeze updates as desired - otherwise). This improves scanning
opt for temporary rollback or delay until efficiency and enables faster sharing of
manually changed. malware intelligence with our customers.

Applying URL blacklists and checking

Postponed Updates
reputation prevents users from accessing
Provides the option to download from three sites with malicious content and/or phishing
specialized update servers: pre-release sites.
(beta users), regular release (recommended
Only information about executable and
for non-critical systems) and postponed
archive files is sent to the cloud – such data
release (recommended for company- critical
are not personally attributable.
systems – approximately 12 hours after
regular release).

27
ESET LiveGrid Virtualization Support

The simplest way to provide protection ESET Shared Local Cache stores metadata
using a cloud system is by exact blacklisting about already scanned files within the virtual
using hashing. This works well for both files environment so identical files are not
and URLs, but it is able to block only objects scanned again, resulting in boosted scan
that match the hash exactly. This limitation speed.
has led to the invention of fuzzy hashing.
Fuzzy hashing takes into consideration the ESET module updates and virus signatures
binary similarity of objects, as similar database are stored outside of the default
objects have the same or a similar hash. location, so these don’t have to be
downloaded every time a virtual machine is
ESET has moved fuzzy hashing to the next reverted to default snapshot.
level. We do not perform hashing of data
but hashing of the behavior described in
DNA Detections. Using DNA hashing we Host-Based Intrusion Prevention
are able to block thousands of different
System (HIPS)
variants of malware instantly.
ESET’s Host-based Intrusion Prevention
Unknown, potentially malicious applications
System (HIPS) monitors system activity and
and other possible threats are monitored
uses a pre-defined set of rules to recognize
and submitted to the ESET cloud via the
suspicious system behavior. When this type
ESET LiveGrid Feedback System. The
of activity is identified, the HIPS
samples collected are subjected to
self-defense mechanism stops the offending
automatic sandboxing and behavioral
program or process from carrying out
analysis, which results in the creation of
potentially harmful activity.
automated detections if malicious
characteristics are confirmed.

28
 support for Microsoft Outlook (POP3, IMAP,
MAPI).
Users can define a custom set of rules to be
used instead of the default rule set; enabling
you to define rules for system registry, Anti-Phishing
processes, applications and files. Provides
Protects end users from attempts by fake
anti-tamper protection and detects threats
websites to acquire sensitive information
based on system behavior.
such as usernames, passwords or banking
and credit card details.

Exploit Blocker
Two-Way Firewall
Strengthens security of applications such as
web browsers, PDF readers, email clients or Prevents unauthorized access to your
MS office components, which are company network. Provides anti-hacker
commonly exploited. protection and data exposure prevention.

Monitors process behaviors and looks for Lets you define trusted networks, making all
suspicious activities typical of exploits. other connections, such as to public Wi-Fi,
in ‘strict’ mode by default. Troubleshooting
Strengthens protection against targeted wizard guides you through a set of
attacks and previously unknown exploits, questions, identifying problematic rules, or
i.e. zero-day attacks that could be used by allowing you to create new ones.
crypto-ransomware to enter the targeted
system.
Vulnerability Shield

Client Anti-spam Improves detection of Common

Vulnerabilities and Exposures (CVEs) on
Effectively filters out spam and scans all widely used protocols such as SMB, RPC
incoming emails for malware. Native and RDP.

29
Protects against vulnerabilities for which a these are obtained, it initiates fake
patch has not yet been released or communication from various geolocations.
deployed. All the extracted data is then
post-processed and used to protect ESET
customers worldwide, for example by
Ransomware Shield
blocking URLs, creating new detections for
the payloads as well as for informing ESET
ESET Ransomware Shield is an additional
Threat Intelligence clients.
layer protecting users from the threat also
known as extortion malware. This
technology monitors and evaluates all UEFI Scanner
executed applications using behavioral and
reputation-based heuristics. Whenever a ESET is the first internet security
behavior that resembles ransomware is provider to add a dedicated layer into its
identified or the potential malware tries to solution that protects the Unified
make unwanted modifications to existing Extensible Firmware Interface (UEFI).
files (i.e. to encrypt them), our feature ESET UEFI Scanner checks and enforces
notifies user who can block the activity. the security of the pre-boot environment that
Ransomware Shield is fine-tuned to offer is compliant with the UEFI specification. It is
the highest possible level of ransomware designed to detect malicious components in
protection together with other ESET the firmware and report them to the user.
technologies including Cloud Malware
Protection System, Network Attack
DNA Detections
Protection and DNA Detections.
The pattern matching used by old-school
antivirus products can be bypassed easily
Botnet Protection by simple modification of the code or use of
obfuscation techniques. However, the
Protects against infiltration by botnet behavior of objects cannot be changed so
malware – preventing spam and network easily.
attacks launched from the endpoint.
ESET DNA Detections are precisely
designed to take advantage of this principle.
Botnet Tracker
We perform deep analysis of code,
If a sample or its memory dump is identified extracting the “genes” that are responsible
by ESET systems as a ‘botnet’ it is sent to for its behavior. Such behavioral genes
ESET Botnet Tracker, which identifies the contain much more information than the
exact variant of the malware and uses case indicators of compromise (IOCs) that some
specific unpacker/decryptor to extract so called “next-gen” solutions claim to be
information about its C&C servers and ”the better 6 alternative” to signature
encryption/communication keys. When detection. ESET behavioral genes are used

30
to construct DNA Detections, which are
used to assess potentially suspect code,
Idle-State Scanner
whether it’s found on the disk or in the
running process memory. Aids system performance by performing a
full scan proactively when the computer is
Additionally, our scanning engine extracts
not in use. Helps speed up subsequent
many discriminator genes, which are used
scans by populating the local cache.
for anomaly detection: anything which does
not look legitimate is potentially malicious.
First Scan after Installation

Provides the option to automatically run low

priority on-demand scan 20 minutes after
installation, assuring protection from the
outset.

RIP & Replace

Other security software is detected and

uninstalled during installation of ESET
Endpoint solutions. Supports both 32 and
64-bit systems.

Customizable GUI Visibility

Visibility of Graphical User Interface (GUI)

to the end user can be set to: Full,
Depending on the adjustable threshold level
Minimal, Manual or Silent. Presence of
and matching conditions, DNA Detections
ESET solution can be made completely
can identify specific known malware
invisible to the end user, including no tray
samples, new variants of a known malware
icon or notification windows.
family or even previously unseen or
unknown malware which contains genes By hiding the GUI completely, the “egui.exe”
that indicate malicious behavior. In other process does not run at all, resulting in
words, a single well-crafted DNA behavioral even lower system resource consumption
description can detect tens of thousands of by the ESET solution.
related malware variants and enable our
antivirus software not only to detect
malware that we already know about, or
have seen before, but also new, previously
unknown variants.

31
 lifetime. Conserves battery life for laptops
ESET Business Account that are away from the office, using battery
mode.
Makes it possible to handle all licenses
transparently, from one place via web
browser. You can merge, delegate and
Right-to-Left Language Support
manage all licenses centrally in real-time,
Native right-to-left language support (e.g. for
even if you are not using ESET PROTECT.
Arabic) for optimum usability.

Touchscreen Support
Cross-Platform Protection
Supports touch screens and high-resolution
ESET security solutions for Windows are
displays.
capable of detecting Mac OS threats and
More padding for and complete vice-versa, delivering better protection in
rearrangement of GUI elements. Basic multi-platform environments.
frequently used actions accessible from the
tray menu. Remote Management

ESET Endpoint solutions are fully

Low System Demands
manageable via ESET PROTECT.
Delivers proven protection while leaving
Deploy, run tasks, set up policies, collect
more system resources for programs that
logs, and get notifications and an overall
end users regularly run. Can be deployed
security overview of your network – all via a
on older machines without the need for an
single web-based management console
upgrade, thereby extending hardware

32
ESET Server Security

Antivirus and Antispyware pre-arrangements or system down-time and

provides separate reports based on the
Eliminates all types of threats, including scan results. For enhanced performance,
viruses, rootkits, worms and spyware lower memory consumption and lower CPU
usage, scans can be carried out on virtual
machines while they are turned off.
Optional cloud-powered scanning:

Whitelisting of safe files based on file

Exploit Blocker
reputation database in the cloud for better
detection and faster scanning. Strengthens security of applications such as
web browsers, PDF readers, email clients or
Only information about executable and
MS office components, which are commonly
archive files is sent to the cloud – such data
exploited.
is not personally attributable.
Monitors process behaviors and looks for
suspicious activities typical of exploits.
Virtualization Support
Strengthens protection against targeted
ESET Shared Local Cache stores metadata
attacks and previously unknown exploits,
about already scanned files within the virtual
i.e. zero-day attacks.
environment so identical files are not
scanned again, resulting in boosted scan
speed. Advanced Memory Scanner

ESET module updates and virus signatures Monitors the behavior of malicious
database are stored outside of the default processes and scans them once they
location, so these don’t have to be decloak in the memory. This allows for
downloaded every time a virtual machine is effective infection prevention, even from
reverted to default snapshot. heavily obfuscated malware.

Hyper-V Storage Scan Native Clustering Support

Scans Microsoft Windows® servers with Allows you to configure the solution to
enabled Hyper-V role for malware, without a automatically replicate settings when
need to have another instance of antivirus installed in a cluster environment. An
product in place. Saves time by scanning intuitive wizard makes it easy to
the hard-drive contents with no interconnect several installed nodes of

33
ESET File Security within a cluster and Device Control
manage them as one, eliminating the need
to replicate changes in configuration Blocks unauthorized portable devices from
manually to other nodes in the cluster. connecting to the server.

Enables you to create rules for user groups

Storage Scan to comply with your company policies.

Allows you to easily set up on-demand Soft blocking – notifies the end user that his
scans of connected Network Attached device is blocked and gives him the option
Storage (NAS). to access the device, with activity logged.

Combined with ESET Shared Local Cache

installed within the network, this can Idle-State Scanner
drastically reduce the amount of disk
Aids system performance by performing a
input/output operations on network drives.
full scan proactively when the computer is
not in use.
Specialized Cleaners
Helps speed up subsequent scans by
Provides most relevant critical malware populating the local cache.
standalone cleaners within the product
interface for malware which cannot be
Update Rollback
removed by the regular cleaner.
Lets you revert to a previous version of
Host-Based Intrusion Prevention protection modules and virus signature
System (HIPS) database.

Allows you to freeze updates as desired -

Enables you to define rules for system
opt for temporary rollback or delay until
registry, processes, applications and files.
manually changed.
Provides anti-tamper protection and detects
threats based on system behavior.
Postponed Updates

Anti-Phishing Provides the option to download from three

specialized update servers: pre-release
Protects you from attempts by fake websites (beta users), regular release (recommended
to acquire sensitive information. for non-critical systems) and postponed
release (recommended for company critical
systems - approximately 12 hours after
regular release).

34
 Presence of ESET solution can be made
Local Update Server completely invisible to end-user, including
no tray icon or notification windows.
Saves company bandwidth by downloading
updates only once - to a local mirror server. By hiding the GUI completely, the “egui.exe”
process does not run at all, resulting in even
Mobile workforce updates directly from
lower system resource consumption by the
ESET Update Server when the local mirror
ESET solution.
is not available.

Secured (HTTPS) communication channel ESET Business Account

is supported.
Makes it possible to handle all licenses
transparently, from one place via web
Process Exclusions
browser. You can merge, delegate and
manage all licenses centrally in real-time,
The admin can define processes which are
even if you are not using ESET PROTECT.
ignored by the real-time protection module –
all file operations that can be attributed to Component-Based Installation
these privileged processes are considered
to be safe. This is especially useful for Allows you to choose which components to
processes that often interfere with real-time install:
protection, like backup or live virtual
machine migration. Excluded process can ● Real-Time File System Protection
access even unsafe files or objects without ● Web protocol Filtering
triggering an alert. ● Device Control
● Graphical User Interface (GUI)
Windows Management Instrumentation ● E-mail Client Protection
(WMI) Provider Provides the possibility to ● ESET Log Collector
monitor key functionalities of ESET File ● ESET SysInspector
Security via Windows Management ● ESET SysRescue
Instrumentation framework. This allows ● Offline Help
integration of ESET File Server into 3rd
party management and SIEM software,
Remote Management
such as Microsoft System Center
Operations Manager, Nagios, and others. ESET Endpoint solutions are fully
manageable via ESET PROTECT.
Customizable GUI Visibility
Deploy, run tasks, set up policies, collect
Visibility of Graphical User Interface (GUI) logs, and get notifications and an overall
to end-user can be set to: Full, Minimal, security overview of your network – all via a
Manual or Silent. single web-based management console.

35
ESET Live Guard Advanced (Cloud Sandboxing)
samples based on their behavior before it
Advanced persistent threats require a
runs on the endpoints.
behavioral approach to detection – instead
of trying to detect malware based on what it
The network security sandbox consists of
is (signature-based), behavioral malware
multiple types of sensors that listen to
detection relies on what the malware does.
network traffic containing active code.
The deployment of a security sandbox in the
These sensors conduct static analysis of the
organization’s network adds a layer of
code. The sandbox also includes a virtual
security to increase threat detection before
execution environment for in-depth
executing in a live or production
inspection of running samples that uses
environment. The additional security layer is
multiple detection methods including
represented by ESET's Cloud-based
behavior-based detection, in-memory
Sandbox – ESET LiveGuard Advanced.
introspection, and extrapolation models
powered by Machine learning. This
The network security sandbox is an isolated
approach is more efficient than just
test environment. The system in this
comparing the signatures of files.
environment executes the suspicious
Sandboxing looks beyond the appearance
program, observes its behavior, and then
of the binary. Because it observes what the
analyzes it in an automated manner. The
file does, sandboxing is more conclusive in
network security sandbox blocks malicious

36
determining if the file is malicious than
signature-based detection. Layer 3 - Experimental detection
engine
Analysis in the sandbox uses many of
ESET’s internal tools for static and dynamic Samples are inserted into “sandboxes on
analysis, memory dumping, unpacking, and steroids” that closely resemble full-scale
similarity matching. It evaluates the user devices. They are subsequently
sample’s behavior and uses reputation data monitored for any sign of malicious
and threat intelligence feeds to increase behavior.
detection accuracy.

ESET LiveGuard Advanced is compatible Layer 4 - In-depth behavioral analysis

with ESET Endpoint, Server and Cloud app
security (Microsoft 365) products, and is All sandbox outputs are subject to an
fully integrated into ESET management in-depth behavioral analysis that identifies
consoles. known malicious patterns and chains of
actions.
ESET LiveGuard Advanced uses 4 separate
detection layers to ensure the highest The solution combines all available
detection rate. Each layer uses a different verdicts from the detection layers and
approach and delivers a verdict on the evaluates each sample's status. The results
sample. The final assessment comprises are delivered to the user's eset security
the results of all information about the product and company infrastructure first.
sample.

Layer 1 - Advanced unpacking and

Highlights
scanning
Ransomware and zero-day threats
Samples undergo static analysis and detection
state-of-the-art unpacking and are then
matched against an enriched threat Detect new, never-before-seen types of
database. threats. ESET utilizes three different
machine learning models once a file is
Layer 2 - Advanced machine learning
submitted. After that, it runs the sample
detection
through a full sandbox, simulating user
Static and dynamic analysis is performed by behavior to trick anti-evasive techniques.
an array of machine learning algorithms, Next, a deep learning neural network is
using techniques including deep learning. used to compare the behavior seen versus
historical behavioral data. Finally, the latest
version of ESET's scanning engine is used

37
to take everything apart and analyze it for
anything unusual. Mobility

Nowadays, employees often do not work on

Granular reports the premises. The Cloud Sandbox analyzes
files no matter where users are.
An admin can create a report of ESET
Dynamic Threat Defense data in the ESET
PROTECT console. They can either use Proactive protection
one of the pre-defined reports or make a
custom one. If a simple is found suspicious, it is blocked
from execution while ESET Dynamic Threat
Defense analyzes it. That way, potential
Transparent full visibility threats are prevented from wreaking havoc
on the system.
Every analyzed sample status is visible in
the ESET PROTECT console, which
provides transparency to all data sent to Tailored customization
ESET LiveGrid®.
ESET allows per-computer detailed policy
configuration for ESET Dynamic Threat
Automatic protection Defense so the admin can control what is
sent and what should happen based on the
The endpoint or server product
receiving result.
automatically decides whether a sample is
good, bad or unknown. If the sample is
unknown, it is sent to ESET Dynamic Threat Manual submission
Defense for analysis. Once the analysis is
finished, the result is shared, and the At any time, a user or admin can submit
endpoint products respond accordingly. samples via an ESET compatible product
for analysis and get the full result. Admins
will see who sent what and what the result
Mail Security protection was directly in the ESET PROTECT
console.
Not only does ESET Dynamic Threat
Defense work with files, but it also works
directly with ESET Mail Security, to ensure
that malicious emails are not delivered to
your organization.

38
ESET Inspect (EDR)
business. Insider attacks are another threat
ESET Inspect, the XDR-enabling
for enterprises, again because the large
component of the ESET PROTECT
number of workers increases the odds that
platform, is a tool for identification of
one of them may be working against the
anomalous behavior and breaches, risk
company’s best interests.
assessment, incident response,
investigations and remediation.
XDR systems provide the increased visibility
necessary for organizations to see,
It enables incident responders to monitor
understand, block and remediate any issues
and evaluate all activities in the network and
across all their devices. ESET Inspect can
on connected devices. It also helps
for example quickly identify and stop
automate immediate remedial actions, if
malicious scripts that masquerade
needed. ESET’s 1,000+ (and counting)
themselves as parts of benign documents,
detection rules enable comprehensive
such as Word files.
threat hunting.

Advanced Persistent Threats (APT)

and Targeted Attacks The ESET Difference
XDR systems are commonly utilized to:
identify APTs or targeted attacks via Threat Flexibility of Deployment
Hunting; reduce incident response time; and
proactively prevent future attacks. We let you decide how to deploy your
Uncovering APTs in particular is important security solution: ESET Inspect can run via
for enterprises as most businesses today your own servers on-prem, or via a
don’t feel prepared for the newest attacks cloud-based installation, allowing you to
that can be undetected in the network for tune your setup according to your TCO
days or even months. targets and hardware capacity.

Increased Organization Visibility Ready to Start

Insider threats and phishing attacks are ESET’s solution works out-of-the-box, but is
major problems for enterprise businesses. powerful enough to allow granular
Phishing attacks are commonly used modification by experienced threat hunters.
against enterprises because of the large
number of employees to target. The odds
are good that a single employee will take
the bait and end up compromising the entire

39
 an In-Depth Executable Review of your
Automation and Customization network will allow you to identify anything
suspicious.
Easily tune ESET Inspect to the level of
Complete Prevention, Detection and
detail and automation you need. Choose
your level of desired interaction, and the
Response
type and amount of data to be stored,
Enables quick analysis and remediation of
during the initial setup and with the help of
any security issue in your network. ESET’s
preset user profiles, and then let Learning
underlying multilayered security, in which
Mode map your organization’s environment
every single layer sends data to ESET
and suggest exclusions to false positives.
Inspect, analyzes vast amounts of data in
where needed.
real time so that no threat goes undetected.

MITRE ATT&CK TM
Solution From A Security-First
ESET Inspect references its detections to Vendor
the MITRE Adversarial Tactics, Techniques,
ESET has been fighting cyber threats for
and Common Knowledge (ATT&CKTM)
more than 30 years. As a science-based
framework, which – with just one click –
company it has long been at the leading
provides you with comprehensive
edge of developments like machine
information about even the most complex
learning, cloud technology and now XDR.
threats.

Incident Management System

Reputation System
Group objects such as detections,
Extensive filtering enables security
computers, executables or processes into
engineers to identify every known- good
logical units to view potential malicious
application, using ESET’s robust reputation
events on a timeline, with related user
system. The ESET system contains a
actions. ESET Inspect automatically
database of hundreds of millions of benign
suggests to the incident responder all
files to ensure security teams spend their
related events and objects that can greatly
time on unknown, and potentially malicious
help in an incident’s triage, investigation,
files, not on false positives.
and resolution stages.

Detailed Network Visibility

Safe and Smooth Remote Access
With transparent detection rules (ESET has
Incident response and security services are
1,000+ and counting), advanced indicators
only as smooth as the ease with which they
of compromise (IoC) and search capability,
are accessed – both in terms of the incident

40
responder’s connection to the console, and explanations for both benign and malicious
the connection with the endpoints. The causes, written by our malware experts.
connection works at close to real-time
speed with maximum security measures
Anomaly And Behavior Detection
applied, all without the need for third-party
tools.
Check actions carried out by an executable
and utilize ESET’s LiveGrid® Reputation
Live Response Options system to quickly assess if executed
processes are safe or suspicious.
ESET Inspect comes packed with easily Monitoring anomalous user-related
accessible one-click response actions such incidents is possible due to specific rules
as rebooting and shutting down an written to be triggered by behavior, not
endpoint, isolating endpoints from the rest simple malware, or signature detections.
of the network, running an on-demand scan, Grouping of computers by user or
killing any running process, and blocking department allows security teams to identify
any application based on its hash value. if the user is entitled to perform a specific
Additionally, thanks to ESET Inspect’s live action or not.
response option, called Terminal, security
professionals can benefit from the full suite
PUBLIC API
of investigation and remediation options in
PowerShell.
ESET Inspect features a Public REST API
that enables the accessing and exporting of
One-Click Isolation detections and their remediation to allow
effective integration with tools such as
Define network access policies to quickly SIEM, SOAR, ticketing tools and many
stop lateral movement by malware. Isolate others.
a compromised device from the network
with just one click in the ESET Inspect
TAGGING
interface. Also, easily remove devices from
the containment state.
Assign and unassign tags for fast filtering of
objects such as computers, alarms,
Root Cause Analysis exclusions, tasks, executables, processes,
and scripts. Tags are shared among users,
Easily view the root cause analysis, and full and once created, can be assigned within
process tree, of any potentially malicious seconds.
chain of events, drill down to the desired
level of detail and make informed decisions
based on the rich provided context and

41
Threat Hunting Sophisticated Scoring

Use the powerful query-based IOC search Prioritize the severity of alarms with a
and apply filters to raw data for sorting scoring functionality that attributes a
based on file popularity, reputation, digital severity value to incidents and allows
signature, behavior, or other contextual admins to quickly identify computers with a
information. Setting up multiple filters allows higher probability for potential incidents.
automated, easy threat hunting and incident
response, including the ability to detect and
Local Data Collection
stop APTs and targeted attacks.
View comprehensive data about a newly
Multiple Indicators Of Compromise executed module, including time of
execution, the user who executed it, dwell
View and block modules based on over 30 time and the devices attacked. All data is
different indicators, including hash, registry stored locally to prevent sensitive data
modifications, file modifications and network leakage.
connections.

Open Architecture And Integrations Use Cases

ESET Inspect provides unique behavior- ● Input rules to detect applications
and reputation- based detection that is fully when executing from temporary
transparent to security teams. All rules are folders.
easily editable via XML to allow fine-tuning ● Input rules to detect Office files
or easily created to match the needs of (Word, Excel, PowerPoint) when
specific enterprise environments, including they execute additional scripts or
SIEM integrations. executables.
● Alert if any of the most common
ransomware extensions are seen on
Company Policy Violation Detection
a device.
Block malicious modules from being ● View Ransomware Shield alerts
executed on any computer in your from ESET Endpoint Security
organization’s network. ESET Inspect’s Solutions in the same console.
open architecture offers the flexibility to ● Easily view problem users and
detect violations of policies that apply to the devices.
use of specific software like torrent ● Quickly complete a root cause
applications, cloud storage, Tor browsing or analysis to find the source of
other unwanted software. infections.

42
● Remediate found infection vectors ● Only receive notifications for certain
such as email, web or USB devices. groups.
● Leverage the early warning system ● Easily respond by simply clicking a
to retrieve data on upcoming or new single button to block, kill or
threats. quarantine devices.
● Search all computers for indicators ● Proposed remediation and next
of compromise that the threat steps are built into alarms.
existed prior to warning. ● Rules are editable via XML language
● Search all computers for the to allow easy fine-tuning or creation
existence of the new threat. of new rules.
● Easily view and filter all installed
applications across devices.
● View and filter all scripts across
devices.
● Easily block unauthorized scripts or
applications from running.
● Remediate by notifying users about
unauthorized applications and
automatically uninstall.
● Identify and sort all computers
according to Active Directory,
automatic groupings or manual
groupings.
● Allow or block applications or scripts
based on computer grouping.
● Allow or block applications or scripts
based on the user.

43
ESET Cloud Office Security (ECOS)
Anti-spam it can send out an email to notify admins or
users so that they are immediately made
Now using an enhanced, award-winning aware of the threat.
engine with improved performance, this
essential component filters all spam emails
and keeps user mailboxes free of Automatic protection
unsolicited or undesired messages.
With this option enabled, admins can be
sure that new users created within the
Anti-malware Microsoft 365 tenant will be automatically
protected without the need to go to the
Scans all incoming emails and attachments console to add them separately.
as well as all new and changed files. This
helps keep the user’s mailbox free of
malware and prevents the spread of
Quarantine manager
malware through cloud storage across
multiple devices. An admin can inspect objects in this storage
section and decide to delete or release
them. This feature offers simple
Anti-phishing
management of emails and files that have
Prevents users from accessing web pages been quarantined by our security product.
that are known to be phishing sites. Email On top of that, the admin can download
messages can contain links that lead to quarantine items and investigate them with
phishing web pages. ESET Cloud Office other tools locally.
Security searches the message body and
the subject of incoming email messages to
Multitenancy
identify such links (URLs). The links are
compared against the phishing database, Add unlimited tenants and serve multiple
which is being constantly updated. companies from a single dedicated ESET
Cloud Office Security console.

Notifications
Rules
Notifications greatly improve admins’
efficiency by removing the need to ESET’s comprehensive rule system allows
constantly check the dashboard. When a administrators to manually define email
potentially suspicious new activity is filtering conditions and actions to take with
detected within ESET Cloud Office Security, the filtered emails.

44
ESET Mail Server Security
messageby-message, or by group – all via
Antivirus and Antispyware web browser. Actions vary based on the
reason a message was quarantined. A
Eliminates all types of threats, including
regular email report summarizing
viruses, rootkits, worms and spyware with
quarantined messages with embedded links
optional cloudpowered scanning for even
to execute actions can be sent to the user.
better performance and detection.

Database On-Demand Scan

Optional cloud-powered scanning:
Administrators can choose which databases
Whitelisting of safe files based on file
and, in particular, which mailboxes will be
reputation database in the cloud for better
scanned. These scans can be further limited
detection and faster scanning. Only
by using the modification time-stamp of
information about executable and archive
each message to choose which should be
files is sent to the cloud – such data is not
inspected, thereby reducing to a minimum
personally attributable.
the server resources devoted to the task.

Antispam and Anti-Phishing Message Processing Rules

Stops spam and phishing attempts, and
Message processing rules offer a wide
delivers high interception rates without the
range of combinations by which every single
need to manually set a Spam Confidence
message can be handled. The evaluated
Level (SCL) Threshold. After installation, the
parameters include standard fields like
antispam module is ready to run without the
subject, sender, body and specific message
need to manually tune settings or
header, but also allow further conditional
thresholds.
processing depending on previous
anti-spam filtering or antivirus scanner
Local Quarantine Management results. Corrupted or password-protected
archives are detected and attachments are
Each mailbox owner can directly interact, screened internally to determine real file
via a standalone browser, with spam or type, not only purported extension. Rules
suspected-malware messages that have can be changed according to the desired
been denied delivery to the mailbox. Based actions.
on privileges set by the admin, the user can
sort quarantined messages, search among
them and execute allowed actions

45
Exploit Blocker Snapshot Independence

Strengthens the security of applications ESET updates and program modules can
such as web browsers, PDF readers, email be stored outside of the default location – so
clients and MS office components, which are not affected by reverting to an earlier
are commonly exploited. Monitors process snapshot of the virtual machine. As a result,
behaviors and looks for suspicious activities the updates and modules don’t have to be
typical of exploits. Strengthens protection downloaded every time a virtual machine is
against targeted attacks and previously reverted to an earlier snapshot and the
unknown exploits, i.e. zero-day attacks. reverted machine can utilize untouched
updates and avoid large downloads,
resulting in faster snapshot recovery times.
Advanced Memory Scanner

Monitors the behavior of malicious Native Clustering Support

processes and scans them once they
decloak in the memory. This allows for Allows you to configure the solution to
effective infection prevention, even from automatically replicate settings when
heavily obfuscated malware. installed in a cluster environment. Our
intuitive wizard makes it easy to
interconnect several installed nodes of
Host-Based Intrusion Prevention
ESET Mail Security within a cluster and
System (HIPS) manage them as one, eliminating the need
to replicate changes in configuration
Enables you to define rules for system
manually to other nodes in the cluster.
registry, processes, applications and files.
Provides anti-tamper protection and detects
threats based on system behavior. ESET Shared Local Cache

ESET Shared Local Cache compares the

Device Control metadata of files with the metadata of those
that have already been stored, and
Blocks unauthorized portable devices from
automatically skips previously whitelisted
connecting to the server. Enables you to
clean files. Whenever a new, previously
create rules for user groups to comply with
unscanned file is found, it’s automatically
your company policies. Allows soft blocking,
added to the cache.
which notifies the end user that his device is
blocked and gives him the option to access This means that files already scanned on
it, with activity logged. one virtual machine are not repeatedly
scanned on other virtual machines within
the same virtual environment, resulting in a
significant scanning boost. As

46
communication happens over the same network infrastructure and servers, or on
physical hardware, there is practically no endpoints system demands on memory or
delay in scanning, resulting in considerable the CPU.
resource savings.

Component-Based Installation
Windows Management
Instrumentation (WMI) Provider Apart from the required components, ESET
allows you to choose to install only those
Provides the possibility to monitor key components you need:
functionalities of ESET Mail Security via
Windows Management Instrumentation ● Real-Time File System Protection
framework. This allows integration of ESET ● Web and Email Protection
Mail Server into 3rd party management and ● Device Control
SIEM software, such as Microsoft System ● Graphical User Interface (GUI)
Center Operations Manager, Nagios, and ● ESET Log Collector
others. ● and others

Process Exclusions Remote Management

The admin can define processes which are ESET Mail Security is fully manageable via
ignored by the real-time protection module – ESET PROTECT. Deploy, run tasks, set up
all file operations that can be attributed to policies, collect logs, and get notifications
these privileged processes are considered and an overall security overview of your
to be safe. This is especially useful for network – all via a single webbased
processes that often interfere with real-time management console.
protection, like backup or live virtual
ESET Log Collector
machine migration. Excluded process can
access even unsafe files or objects without A simple tool which collects all logs relevant
triggering an alert. for troubleshooting, assisted by ESET’s
technical support, and bundles them into a
Incremental Micro-Definitions single archive which can be sent via email
or uploaded to a shared network drive to
Regular updates and actualizations are speed up the troubleshooting process.
downloaded and applied incrementally in
small packages.
ESET Business Account
This concept conserves system resources
Makes it possible to handle all licenses
and internet bandwidth without any
transparently, from one place via web
noticeable impact on the speed of the whole

47
browser. You can merge, delegate and
manage all licenses centrally in real-time,
even if you are not using ESET PROTECT.

ESET Full Disk Encryption

All products managed from one Add additional devices at any time
console
You can increase the number of devices
ESET Full Disk Encryption works within the covered by your license at any time.
ESET PROTECT console, helping
administrators to save time thanks to
Single-click deployment
familiarity with the existing management
environment and concepts. Manage full disk encryption across your
entire network from a cloud‑based console.
Fully validated ESET PROTECT single pane of glass
allows admins to deploy, activate and
Patented technology to protect data for manage encryption on their connected
businesses of all sizes. ESET Full Disk endpoints with a single click.
Encryption is FIPS 140-2 validated with 256
bit AES encryption.
Password policies

Powerful encryption Admin can set mandatory password

attributes, number of passwords retries, and
ESET Full Disk Encryption encrypts system expiry period. From a policy setting it is
disks, partitions and entire drives to ensure possible to grant a user the option to
that everything stored on each PC or laptop change their password whenever they want
is locked down and secure, protecting you to.
against loss or theft.

Cross-platform coverage

Manage encryption on Windows machines

and native macOS encryption (FileVault)
from a single dashboard.

48
ESET Virtualization Security for VMware
performance issues.
Performs agentless anti-malware scanning
• Supports Micro Segmentation and
of machines using VMware infrastructure or
automatic task execution that automatically
another virtualization solution, which keeps
moves infected machines to a different
your devices secured in all environments,
micro segment, to prevent malware spread,
including NSX and vShield platforms.
and executes scanning. Once a machine is
• Agent-less Security proven clean, it is returned to the original
• Support for Linux place.
• Automatic deployment of new ESET • When VMs are moved from one host to a
Virtualization Security appliances to hosts different one, where ESET Virtualization is

currently connected to NSX Manager. It installed, the VM keeps its security settings
allows automatic protection of added virtual and remains fully protected.
hosts, and virtualized • The information displayed in ESET
workloads. This drastically reduces the time Security Management Center is the same
needed for security deployment. as in the vCenter. It also simplifies
• A comprehensive hardware detection deployment, as all components can be
algorithm is used to determine the identity of deployed using a tool which connects to the
the machine based on its hardware. This VMware vCenter.
allows automated re-imaging and cloning of • All on-access and on-demand scanning
non-persistent tasks are offloaded via VMware tools to a
hardware environments. centralized scanner inside ESET
• All on-access and on-demand scanning Virtualization Security Appliance, effectively
tasks are offloaded via VMware tools to a preventing AV storms and performance
centralized scanner inside the ESET issues.
Virtualization Security appliance, effectively
preventing AV storms and

49
ESET Mobile Device Management (MDM)

Real-time Scanning Apps Permissions

Ensures that all installation files and See which of your apps has access to what
installed apps are automatically screened information on your smartphone or tablet.
for malware. You stay well-protected against Also monitors sensitive device settings that
online and offline threats including viruses, can lower security such as Debugging
trojans and ransomware. Mode that can allow a connection to the
system via USB.

On-demand Scanning
Scheduled Scan
Whenever you suspect foul play, run a scan
on your phone. It takes place silently in the Schedule a regular scan for malware at a
background, without interrupting your convenient time – overnight or while the
ongoing activities. Access logs and detailed phone is charging if desired.
scan results to check for detected threats.

App Lock
ESET Live Grid
Keeps your applications safe against
Ensures real-time protection against unauthorized access. Additional
emerging threats by using in-the-cloud authentification is required when accessing
technology collecting malware samples from sensitive apps so content can be hidden
ESET product users from all over the world. when lending the device to someone.

USB On-The-Go Scanner Automatic updates

Every connected USB device will be Constant updates of your virus signature
checked first to prevent malware accessing database.
your smart phone.

Connected Home Monitor

Anti-Phishing
Monitor your home network easily and with
Protects against malicious websites confidence. All devices connected to your
attempting to acquire your sensitive home network are identified and
information – usernames, passwords, automatically checked for vulnerabilities.
banking information or credit card details. Your router is also monitored to identify

50
vulnerabilities and increase your level of
protection when connected to a new Camera Snapshots
network. Password strength is also
checked and open ports are analyzed. Snapshots are automatically and regularly
sent from the phone‘s front and back
camera to my.eset.com if the device is
Proactive Anti-Theft marked as missing. This helps to identify its
location or its finder.
It acts when it detects suspicious behavior.
If incorrect Screen lock (PIN, pattern, Low Battery Alert
password) or unauthorized SIM is inserted,
device gets locked and snapshots from When the device is low on battery, its
phone cameras are automatically sent to current position and camera snapshots are
my.eset.com. The information includes the automatically sent to my.eset.com before
phone‘s location, current IP address, the device shuts off.
inserted SIM details and other data. The
user can mark the device as missing at
SIM Guard
my.eset.com and start Location tracking or
send Custom on-screen Message or even Lets you stay in control of your phone if it
Wipe the device contents. goes missing. Your phone will be locked
when unauthorized SIM card will be
inserted.
Custom On-screen Message

Send a custom message to the missing

Anti-Theft Optimization
device to contact the finder. The message
will appear on screen even when the device Automatic notification when settings are
is locked. limiting Anti-Theft’s functionality (GPS
turned off for example).
Location Tracking
Security Report
When the device is marked as missing, the
location is regularly sent to my.eset.com Gives you a monthly insight into how ESET
and displayed on the map, helping you track protects your device. The report gives you
its position in time. If the device‘s location information about the number of scanned
changes, its location is sent to my.eset.com files, blocked web pages and much more.
for up to date tracking.

Security Audit

See which of your apps has access to what

information on your smartphone or tablet.

51
Also monitors sensitive device settings that configure security-related iOS device
can lower security such as Debugging settings from a single point, as with other
Mode that can allow a connection to the ESET Security products, without the need
system via USB. for an app to be installed on each iOS
device. You can enroll both iPhones and
iPads and set up security profiles on them
ESET Endpoint Security for
that will allow you to adjust their security
Android settings, including Anti-Theft, settings for
Exchange, Wi-Fi, and VPN accounts,
ESET Endpoint Security for Android is Passcode, iCloud and others.
designed to protect corporate mobile
devices against the most recent malware Admins can also white/black-list apps and
threats and secure your data even if your enforce web filtering to block prohibited
device is lost or stolen. It also helps system content.
administrators keep their devices in
● Boost the security of your iOS
compliance with company security policies. devices: iPhones and iPads
● Anti-Theft – remotely wipe all the
ESET Endpoint Security for Android can be data stored on the device in case it
also applied in small-to-medium sized goes missing
● Remotely push settings to iOS
companies without the need of remote
devices, including setting for the
management via ESET PROTECT. IT Exchange, Wi-Fi, and VPN accounts
technician, system administrator or the ● Manage Passcode, iCloud, Privacy
actual user can simply share his ESET and Device settings and restrictions
● Fully manageable via ESET Remote
Endpoint Security for Android configuration
Administrator
with other colleagues. This process ● App white/blacklisting and web
completely diminishes the need for product content filtering
activation and manual setup of each product
module otherwise required right after the
installation of ESET Endpoint Security for
Android.

ESET Mobile Device

Management for Apple iOS
Integration of Apple iOS MDM framework in
ESET Remote Administrator allows you to

52
Solution Architecture

Cloud Console

Availability

Our target is to provide 99.5% service availability.

Our effort and well-defined processes drive this
endeavor. In the event of an ESET PROTECT
Cloud service outage, endpoints remain secure
and unaffected.

Maintenance

The ESET PROTECT Cloud service is subject to

routine maintenance procedures. All maintenance
windows that exceed 15 minutes are announced to
console administrators in advance. Outages during
maintenance windows are not affecting our
targeted availability. Maintenance will be
performed during weekends and outside working hours (US data center - during US night hours;
EU data center - during EU night hours; JPN data center - during JPN night hours).

● No hardware required since the console is provided on cloud.

● However, caching proxy servers can be placed at each physical site to minimize the
Internet Bandwidth used, as well as to enable offline signature/product updates.
● Requirements for Caching Proxy Server
○ 2 vCPU
○ 4 GB RAM
○ 100 GB HDD
● ESET Inspect Cloud must store data such as detections and events for a specified
period after the data is deleted.
○ The retention period for raw events is seven days. Records older than seven
days will be removed permanently.
○ The retention period for detections is 31 days. Records older than 31 days will be
removed permanently.

53
ESET PROTECT (on-prem)
ESET PROTECT is an application that allows you to manage ESET products on client
workstations, servers and mobile devices in a networked environment from one central location.
With ESET PROTECT's built-in task management system, you can install ESET security
solutions on remote computers and quickly respond to new problems and detections.

ESET PROTECT Server is the executive application that processes all data received from
clients that connect to the Server (through the ESET Management Agent or HTTP Proxy).

Apache HTTP Proxy downloads and caches:

● ESET module updates
● Installation packages from repository servers
● Product component updates

Cached data is distributed to endpoint clients on your network. Caching can significantly
decrease internet traffic on your network.

54
Update Caching & Distribution

In order to improve efficiency of updates, the customers can deploy ESET Caching Proxy
server on-premise, which will download the latest update and distribute it to all the machines in
the network. This will save Internet bandwidth significantly.

Once an update is available, the head office server will download the update, cache it, and
distribute it among the endpoints in the local LAN.

If there are any branches, a caching server will be placed in each branch to download the
update from the Head Office Server, cache it, and distribute it throughout the branch.

Number of PCs in your corporate

25 36 50 100 500 1000
network

Direct connection to internet

375 900 1250 2500 12500 25000
(MB/month)

Apache HTTP Proxy (MB/month) 30 50 60 150 600 900

55
ESET Micro Updates are very small update files of 250 to 500 kilobytes per week. If for any
reason you miss two consecutive updates, thus making a standard weekly update impossible,
you can still download a differential update after 4 weeks (comprising around 1 to 2 megabytes).
After that, you may resume downloading regular weekly updates as usual.

Once a week, ESET generates a special differential update, which contains all the essential
changes from the previous week. The latest format is compatible with all Version 3 and later
ESET products. The update process is then straightforward – simply unpack the contents of the
archive to a mirror directory and update all client computers from that mirror.

Network Load
Network Load (with used MB size, eg:MB/day)

Traffic in a single
Action type
connection interval
Client Task: Scan without cleaning 4 kB

Client Task: Modules update 4 kB

Client Task: SysInspector Log Request 300 kB

Policy: Antivirus - Maximum security 26 kB

ESET Management Agent Daily traffic generated by idle

replication interval ESET Management Agent
1 minute 16 MB

15 minutes 1 MB

30 minutes 0.5 MB

1 hour 144 kB

1 day 12 kB

56
ESET Inspect
ESET Inspect collects data in real time on endpoint devices. The data is matched against a set
of rules to detect suspicious activities automatically. Then the aggregated data is processed,
and the information is prioritized and correlated in a searchable form. This aggregated data
enable a security professional to search for unusual and suspicious activities more efficiently
and enables an accurate incident response, management, and reporting.

ESET Inspect is a solution that includes the following three components:

● ESET Inspect Connector is installed on endpoint devices that are monitored by ESET
Inspect and collect the data for the ESET Inspect, removes malicious components, and
blocks the execution of these components
● ESET Inspect Server continually aggregates and stores the collected data and displays
it in the ESET Inspect Web Console
● ESET Inspect Web Console is the user interface for ESET Inspect built as an HTML5
web application

57
Ports and Network Traffic

Network Firewall Configuration

On-prem deployments
Source Destination Ports Direction

ESMC Server epns.eset.com 8883 inbound + outbound

ESMC Server Internet 80 inbound + outbound

ESMC Server Internet 443 inbound + outbound

Client PC epns.eset.com 8883 inbound + outbound

Source Destination Ports Direction

58
 Head Office Server epns.eset.com 8883 inbound + outbound

Head Office Server Internet 80 inbound + outbound

Head Office Server Internet 443 inbound + outbound

Head Office Server Branch Server 2221

Head Office Server Branch Server 2222

Head Office Server Branch Server 2223

Head Office Server Branch Server 3128

Branch Server Head Office Server 2221

Branch Server Head Office Server 2222

Branch Server Head Office Server 2223

Branch Server Head Office Server 3128

Branch Server epns.eset.com 8883 inbound + outbound

Client PC epns.eset.com 8883 inbound + outbound

ESET Inspect (Cloud)

Domain Port Type / Port Number Description
eba.eset.com TCP/443 ESET Business Account
ema.eset.com TCP/443 Managed Service Provider
msp.eset.com TCP/443 Managed Service Provider
identity.eset.com TCP/443 ESET Identity Server
inspect.eset.com TCP/443 ESET Inspect Cloud
ESET Inspect Cloud Web Console
eu01.inspect.eset.com TCP/443
Location: Europe
ESET Inspect Cloud Web Console
us01.inspect.eset.com TCP/443
Location: USA
ESET Inspect Cloud Web Console
jp01.inspect.eset.com TCP/443
Location: Japan
eu01.agent.edr.eset.systems or IP ESET Inspect Cloud Connector
TCP/8093
52.166.186.239 Location: Europe
us01.agent.edr.eset.systems or IP ESET Inspect Cloud Connector
TCP/8093
40.83.252.19 Location: USA
jp01.agent.edr.eset.systems or IP ESET Inspect Cloud Connector
TCP/8093
20.188.24.252 Location: Japan

59
 Proposed Solution

Products and Features

ESET ESET ESET ESET

Products & Features Included PROTECT PROTECT PROTECT PROTECT
Entry Advanced Complete Enterprise

ESET Endpoint Security for Workstations ✔️ ✔️ ✔️ ✔️

ESET Server Security ✔️ ✔️ ✔️ ✔️
ESET Endpoint Security for Android ✔️ ✔️ ✔️ ✔️
ESET Mobile Device Management for iOS ✔️ ✔️ ✔️ ✔️
ESET Virtualization Security for VMware ✔️ ✔️ ✔️ ✔️
ESET Device Control ✔️ ✔️ ✔️ ✔️
ESET Web Control ✔️ ✔️ ✔️ ✔️
ESET Two-way Firewall ✔️ ✔️ ✔️ ✔️
ESET LiveGuard Advanced [Cloud Sandbox] ✔️ ✔️ ✔️
ESET Full Disk Encryption ✔️ ✔️ ✔️
ESET Inspect [EDR / XDR] ✔️
ESET Cloud Office Security [Email - O365] ✔️
ESET Mail Server Security [Exchange on-prem] ✔️

60
Work Breakdown Structure (WBS)

# Description Responsibility Date

1 Initial Project Meeting Customer / EGL

2 Submitting necessary documentation Customer / EGL

3 ESET Server Deployment Customer / EGL

4 Caching Proxy Server Deployment Customer / EGL

5 Installation Package Creation EGL

6 Configuring the first set of policies EGL

7 Distributing the installation package Customer

8 Preparing pre-requisites on endpoints Customer

TBD
9 Endpoint Package deployment on workstations Customer / EGL

10 Endpoint Package deployment on servers Customer / EGL

11 Customizing policies Customer / EGL

12 Creating and customizing EDR rules Customer / EGL

13 Creating Reports Customer / EGL

14 Scheduling & Automating Tasks EGL

15 Scheduling Backups EGL

16 Configuring & Scheduling Reports Customer / EGL

61
About ESET

62
Why ESET?

63
64
65
Few of our 3rd party reviews

66
Some of our Top Awards

67
68