9/22/23, 8:49 AM A Threat is detected | ESET Endpoint Security | ESET Online Help

A Threat is detected
Infiltrations can reach the system from various entry points such as web pages, shared folders, via email or
from removable devices (USB, external disks, CDs, DVDs, etc.).

Standard behavior
As a general example of how infiltrations are handled by ESET Endpoint Security, infiltrations can be detected
using:
Real-time file system protection
Web access protection
Email client protection
On-demand computer scan
Each uses the standard cleaning level and will attempt to clean the file and move it to Quarantine or terminate
the connection. A notification window is displayed in the notification area at the bottom right corner of the
screen. For detailed information about the detected/cleaned objects, see Log files. For more information about
cleaning levels and behavior, see Cleaning.

Cleaning and deleting

If there is no pre-defined action to take for Real-time file system protection, you will be prompted to select an
option in the alert window. Usually the options Clean, Delete and No action are available. Selecting No
action is not recommended, as this will leave infected files uncleaned. The exception to this is when you are
sure that a file is harmless and has been detected by mistake.

https://help.eset.com/ees/10.1/en-US/idh_scan_clean.html 1/2
9/22/23, 8:49 AM A Threat is detected | ESET Endpoint Security | ESET Online Help

Apply cleaning if a file has been attacked by a virus that has attached malicious code to the file. If this is the
case, first attempt to clean the infected file to restore it to its original state. If the file consists exclusively of
malicious code, it will be deleted.
If an infected file is “locked“ or in use by a system process, it will usually only be deleted after it is released
(normally after a system restart).

Restoring from the Quarantine

The Quarantine can be accessed from the ESET Endpoint Security main program window by
clicking Tools > Quarantine.
Quarantined files can also be restored to their original location:
Use the Restore feature for this purpose, which is available from the context menu by right-clicking a given
file in the Quarantine.
If a file is marked as a potentially unwanted application, the Restore and exclude from scanning option is
enabled. See also Exclusions.
The context menu also offers the Restore to option, to restore a file to a location other than the one from
which it was deleted.
The restore functionality is not available in some cases, for example, for files located on a read-only network
share.

Multiple threats
If any infected files were not cleaned during Computer scan (or the Cleaning level was set to No Cleaning), an
alert window prompting you to select action for those files is displayed.

Deleting files in archives

In Default cleaning mode, the entire archive will be deleted only if it contains infected files and no clean files. In
other words, archives are not deleted if they also contain harmless clean files. Use caution when performing a
Strict cleaning scan, with Strict cleaning enabled an archive will be deleted if it contains at least one infected
file regardless of the status of other files in the archive.
If your computer is showing signs of a malware infection, for example, it is slower, often freezes, etc., we
recommend that you do the following:
Open ESET Endpoint Security and click Computer scan
Click Smart scan (for more information, see Computer scan)
After the scan has finished, review the log for the number of scanned, infected and cleaned files
If you only want to scan a certain part of your disk, click Custom scan and select targets to be scanned for
viruses.

https://help.eset.com/ees/10.1/en-US/idh_scan_clean.html 2/2