13
Potentially unsafe applications
– these
applications refer to commercial, legitimate
software that can be abused by attackers, if it was
installed without user's knowledge. The
classification includes programs such as remote
access tools, which is why this option is disabled by
default.
4.1.3.3 Cleaning
The cleaning settings determine the manner in which
the scanner cleans infected files. There are 3 levels of
cleaning:
No cleaning
– Infected files are not cleaned
automatically. The program will display a warning
window and allow you to choose an action.
Standard cleaning
– The program will attempt to
automatically clean or delete an infected file. If it is
not possible to select the correct action
automatically, the program will offer a choice of
follow-up actions. The choice of follow-up actions
will also be displayed if a predefined action could not
be completed.
Strict cleaning
– The program will clean or delete all
infected files (including archives). The only
exceptions are system files. If it is not possible to
clean them, you will be offered an action to take in a
warning window.
Warning:
In the Default Standard cleaning mode, the
entire archive file is deleted only if all files in the archive
are infected. If the archive also contains legitimate
files, it will not be deleted. If an infected archive file is
detected in Strict cleaning mode, the entire archive
will be deleted, even if clean files are present.
4.1.3.4 Extensions
An extension is the part of the file name delimited by a
period. The extension defines the type and content of
the file. This section of the ThreatSense parameter
setup lets you define the types of files to be excluded
from scanning.
By default, all files are scanned regardless of their
extension. Any extension can be added to the list of
files excluded from scanning. Using the
Add
and
Remove
buttons, you can enable or prohibit scanning
of desired extensions.
Excluding files from scanning is sometimes necessary if
scanning of certain file types prevents the proper
function of a program that is using the extensions. For
example, it may be advisable to exclude the
.log
,
.cfg
and
.tmp
extensions.
4.1.3.5 Limits
The Limits section allows you to specify the maximum
size of objects and levels of nested archives to be
scanned:
Maximum Size:
Defines the maximum size of
objects to be scanned. The antivirus module will
then scan only objects smaller than the size
specified. We do not recommend changing the
default value, as there is usually no reason to modify
it. This option should only be changed by advanced
users who have specific reasons for excluding larger
objects from scanning.
Maximum Scan Time:
Defines the maximum time
allotted for scanning an object. If a user-defined
value has been entered here, the antivirus module
will stop scanning an object when that time has
elapsed, whether or not the scan has finished.
Maximum Nesting Level:
Specifies the maximum
depth of archive scanning. We do not recommend
changing the default value of 10; under normal
circumstances, there should be no reason to modify
it. If scanning is prematurely terminated due to the
number of nested archives, the archive will remain
unchecked.
Maximum File Size:
This option allows you to
specify the maximum file size for files contained in
archives (when they are extracted) that are to be
scanned. If scanning is prematurely terminated as a
result of this limit, the archive will remain
unchecked.
4.1.3.6 Others
With Smart Optimization enabled, the most optimal
settings are used to ensure the most efficient scanning
level, while simultanneously maintaining the highest
scanning speeds. The various protection modules scan
intelligently, making use of different scanning
methods while applying them to specific file types. The
Smart Optimization is not rigidly defined within the
product. The ESET Development Team is continuously
implementing new changes which then get integrated
into your ESET Cybersecurity via the regular updates. If
the Smart Optimization is disabled, only the user-
defined settings in the ThreatSense core of the
particular module are applied when performing a scan.
Scan alternative data streams
(On-demand scanner
only)
Alternate data streams (resource/data forks) used by
the file system are file and folder associations which
are invisible from ordinary scanning techniques. Many
infiltrations try to avoid detection by disguising
themsleves as alternative data streams.