ESET CYBER SECURITY PRO for Mac

Transcription

1 ESET CYBER SECURITY PRO for Mac Installation Manual and User Guide Click here to download the most recent version of this document

2 ESET CYBER SECURITY PRO Copyright 2012 by ESET, spol. s r.o. ESET Cyber Security Pro was developed by ESET, spol. s r.o. For more information visit All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author. ESET, spol. s r.o. reserves the right to change any of the described application software without prior notice. Customer Care: REV

3 Contents 1. ESET Cyber...4 Security Pro 9. Update What's new System requirements Installation Typical installation Custom installation Uninstallation Basic overview Keyboard shortcuts Checking operation...6 of the program 4.3 What to do...6 if the program does not work properly 5. Computer...6 protection 5.1 Antivirus and...7 antispyware protection Real-time...7 file system protection Scan on...7 (Event triggered scanning) Advanced...7 options When to modify Real-time protection...7 configuration Checking...7 Real-time protection What...8 to do if Real-time protection does not work On-demand...8 computer scan Type of...8 scan Smart...8 scan Custom...8 scan Scan targets Scan profiles Exclusions ThreatSense...9 engine parameters setup Objects Options Cleaning Extensions Limits Others An infiltration...11 is detected 5.2 Removable...12 media scanning and blocking 6. Firewall Filtering modes Firewall rules Creating...13 new rule 6.3 Firewall zones Firewall profiles Firewall logs Web...13 and mail protection 7.1 Web protection Ports Active...13 mode URL...14 lists 7.2 protection POP protocol checking IMAP...14 protocol checking 8. Parental...14 control 9.1 Update setup How to create...15 update tasks 9.3 Upgrading...15 ESET Cyber Security Pro to a new version 10.Tools Log files Log...16 maintenance Log...16 filtering 10.2 Scheduler Creating...17 new tasks Creating...17 user-defined task 10.3 Quarantine Quarantining...18 files Restoring...18 from Quarantine Submitting...18 file from Quarantine 10.4 Running processes Live Grid Live...18 Grid setup 11.User...19 interface 11.1 Alerts and...19 notifications Alerts...19 and notifications advanced setup 11.2 Privileges Context menu Miscellaneous Import and...20 export settings Import...20 settings Export...20 settings 12.2 Proxy server...20 setup 13.Glossary Types of infiltration Viruses Worms Trojan...21 horses Rootkits Adware Spyware Potentially...22 unsafe applications Potentially...22 unwanted applications 13.2 Types of remote...22 attacks DoS...22 attacks DNS...22 Poisoning Worm...22 attacks Port...22 scanning TCP...23 desynchronization SMB...23 Relay ICMP...23 attacks Advertisements Hoaxes Phishing Recognizing...24 spam scams

4 1. ESET Cyber Security Pro 1.2 System requirements ESET Cyber Security Pro represents a new approach to truly integrated computer security. The most recent version of the ThreatSense scanning engine, combined with client protection, Personal firewall and Parental control, utilizes speed and precision to keep your computer safe. The result is an intelligent system that is constantly on alert for attacks and malicious software endangering your computer. For optimal performance of ESET Cyber Security Pro, your system should meet the following hardware and software requirements: ESET Cyber Security Pro is a complete security solution produced from our long-term effort to combine maximum protection and a minimal system footprint. The advanced technologies, based on artificial intelligence, are capable of proactively eliminating infiltration by viruses, worms, trojan horses, spyware, adware, rootkits and other Internet-borne attacks without hindering system performance or disrupting your computer. 1.1 What's new Firewall Personal firewall controls all network traffic to and from the system. This is accomplished by allowing or denying individual network connections based on specified filtering rules. It provides protection against attacks from remote computers and enables blocking of some services. Parental control Parental control lets you block sites that may contain potentially offensive material. Parents can prohibit access to 27 pre-defined website categories. This tool will help prevent children and young adults from accessing pages with inappropriate or harmful content. System requirements Processor architecture 32bit, 64bit Intel Operating system Mac OS X 10.6 and later Memory 512 MB Free disk space 100 MB 2. Installation Before you begin the installation process, please close all open programs on your computer. ESET Cyber Security Pro contains components that may conflict with other antivirus programs that may already be installed on your computer. ESET strongly recommends that you remove any other antivirus programs to prevent potential problems. To launch the installation wizard, do one of the following: If you are installing from the installation CD/DVD, insert it into your computer, open it from your Desktop or Finder window and double-click on the Install icon. If you are installing from a file downloaded from the ESET website, open the file and double-click on the Install icon. client protection protection provides control of communication received through the POP3 and IMAP protocol. Removable media scanning ESET Cyber Security Pro offers an on-demand scan of the inserted removable media device (CD, DVD, USB, ios device etc.). Join ESET Live Grid network Built on ThreatSense.NET advanced early warning system, ESET Live Grid is designed to provide additional levels of security to your computer. It constantly monitors your system s running programs and processes against the latest intelligence collected from millions of ESET users worldwide. Additionally, your system scans are processed faster and more precisely as the ESET Live Grid database grows over time. This allows us to offer greater proactive protection and speed of scanning to all our users. We recommend that you activate this feature and we thank you for your support. New design The main window of ESET Cyber Security Pro has been completely redesigned and advanced settings (Preferences) are now more intuitive for easier navigation. 4 Launch the installer and the installation wizard will guide you through the basic setup. After agreeing to the End User License Agreement, you can choose from the following installation types: Typical installation 4 Custom installation Typical installation Typical installation mode includes configuration options that are appropriate for most users. These settings provide maximum security combined with excellent system performance. Typical installation is the default option and is recommended if you do not have particular requirements for specific settings.

5 Update After selecting Typical (recommended) installation mode, you will be prompted to enter a Username and Password. In Beta and Release Candidate version of ESET Cyber Security Pro, these fields are automatically filled with a predefined username and password that will allow you to use the application and download virus signature database updates. Privileges In the next step you can define privileged users that will be able to edit the program configuration. From the list of users on the left side, select the users and Add them to the Privileged Users list. To display all system users, select the Show all users option. If you leave the Privileged Users list empty, all users are considered privileged. Live Grid The Live Grid Early Warning System helps ensure that ESET is immediately and continuously informed of new infiltrations in order to quickly protect our customers. The system allows new threats to be submitted to the ESET Threat Lab, where they are analyzed, processed and added to the virus signature database. By default, the Enable Live Grid Early Warning System option is selected. Click Setup... to modify detailed settings for the submission of suspicious files. For more information see Live Grid 18. Live Grid The Live Grid Early Warning System helps ensure that ESET is immediately and continuously informed of new infiltrations in order to quickly protect our customers. The system allows new threats to be submitted to the ESET Threat Lab, where they are analyzed, processed and added to the virus signature database. By default, the Enable Live Grid Early Warning System option is selected. Click Setup... to modify detailed settings for the submission of suspicious files. For more information see Live Grid 18. Special Applications The last step of the installation process is to configure detection of Potentially unwanted applications. Such programs are not necessarily malicious, but can often negatively affect the behavior of your operating system. These applications are often bundled with other programs and may be difficult to notice during the installation process. Although these applications usually display a notification during installation, they can easily be installed without your consent. Special Applications The next step of the installation process is to configure detection of Potentially unwanted applications. Such programs are not necessarily malicious, but can often negatively affect the behavior of your operating system. These applications are often bundled with other programs and may be difficult to notice during the installation process. Although these applications usually display a notification during installation, they can easily be installed without your consent. After installing ESET Cyber Security Pro, you should perform a computer scan for malicious code. From the main program window, click Computer scan and then click Smart scan. For more information about On-demand computer scans, see the section On-demand computer scan 8. Personal Firewall: filtering mode In the last step, you can select a filtering mode for Personal Firewall. For more information see Filtering modes Custom installation Custom installation mode is designed for experienced users who wish to modify advanced settings during the installation process. Update After selecting Custom installation mode, you will be prompted to enter a Username and Password. In Beta and Release Candidate version of ESET Cyber Security Pro, these fields are automatically filled with a predefined username and password that will allow you to use the application and download virus signature database updates. Proxy Server If you are using a proxy server you can define its parameters now by selecting the I use a proxy server option. In the next step enter the IP address or URL of your proxy server in the Address field. In the Port field, specify the port where the proxy server accepts connections (3128 by default). In the event that the proxy server requires authentication, enter a valid Username and Password to grant access to the proxy server. If you are sure that no proxy server is used, choose the I do not use a proxy server option. If you are not sure, you can use your current system settings by selecting Use system settings (Recommended). After installing ESET Cyber Security Pro, you should perform a computer scan for malicious code. From the main program window, click Computer scan and then click Smart scan. For more information about On-demand computer scans, see the section On-demand computer scan Uninstallation If you wish to uninstall ESET Cyber Security Pro from your computer, do one of the following: insert the ESET Cyber Security Pro installation CD/DVD into your computer, open it from your desktop or Finder window and double-click on the Uninstall icon, open the ESET Cyber Security Pro installation file (.dm g) and double-click on the Uninstall icon, launch Finder, open the Applications folder on your hard drive, press ctrl and click on the ESET Cyber Security Pro icon and select the Show Package Contents option. Open the Resources folder and double-click on the Uninstaller icon. 5

6 4. Basic overview 4.2 Checking operation of the program The main program window of ESET Cyber Security Pro is divided into two main sections. The primary window on the right displays information that corresponds to the option selected from the main menu on the left. To see the protection status, click the Home option from the main menu. A status summary about the operation of ESET Cyber Security Pro modules will be displayed in the primary window. The following is a description of options within the main menu: Home provides information about the protection status of your Computer, Firewall, Web and Mail protection and Parental Control. Computer scan this option allows you to configure and launch the On-demand computer scan 8. Update displays information about updates of the virus signature database. Setup select this option to adjust your computer s security level. Tools provides access to Log files 16, Scheduler 16, Quarantine 17, Running processes 18 and other program features. Help displays access to help files, Internet Knowledgebase, support request form and additional program information. 4.1 Keyboard shortcuts Keyboard shortcuts that can be used when working with ESET Cyber Security Pro: cm d-, displays ESET Cyber Security Pro Preferences, cm d-u opens the Username and Password Setup window, cm d-a lt-t opens the Special Characters window, cm d-o resizes the ESET Cyber Security Pro main GUI window to the default size and moves it to the center of the screen, cm d-a lt-h hides all open windows except ESET Cyber Security Pro, cm d-h hides ESET Cyber Security Pro. 4.3 What to do if the program does not work properly If the modules enabled are working properly, they are assigned a green icon. If not, a red exclamation point or an orange notification icon is displayed. Additional information about the module and a suggested solution for fixing the issue is shown. To change the status of individual modules, click the blue link below each notification message. If you are unable to solve a problem using the suggested solutions, you can search for a solution at ESET Knowledgebase or contact ESET Customer Care. Customer Care will respond quickly to your questions and help determine a resolution. The following keyboard shortcuts work only if the Use standard menu option is enabled in Setup > Enter application preferences... (or press cm d-,) > Interface: cm d-a lt-l opens the Log files section, cm d-a lt-s opens the Scheduler section, cm d-a lt-q opens the Quarantine section. 5. Computer protection Computer configuration can be found in Setup > Computer. It shows the status of Real-time file system protection and Removable media blocking. To turn off individual modules, switch the desired module's button to DISABLED. Note that this may decrease the protection of your computer. To access detailed settings for each module, click the Setup... button. 6

7 5.1 Antivirus and antispyware protection Antivirus protection guards against malicious system attacks by modifying files that pose potential threats. If a threat with malicious code is detected, the Antivirus module can eliminate it by blocking it and then cleaning it, deleting it or moving it to quarantine Real-time file system protection Real-time file system protection checks all types of media and triggers a scan based on various events. Using ThreatSense technology detection methods (described in the section titled ThreatSense engine parameter setup 9 ), Real-time file system protection may vary for newly created files and existing files. For newly created files, it is possible to apply a deeper level of control. By default, Real-time protection launches at system startup and provides uninterrupted scanning. In special cases (e.g., if there is a conflict with another Real-time scanner), Real-time protection can be terminated by clicking the ESET Cyber Security Pro icon located in your menu bar (top of the screen) and then selecting the Disable Real-time File System Protection option. Real-time protection can also be terminated from the main program window (click Setup > Computer and switch Real-time file system protection to DISABLED). To modify advanced settings of the Real-time protection, go to Setup > Enter application preferences... (or press cm d-,) > Real-Time Protection and click the Setup... button next to Advanced Options (described in the section titled Advanced scan options 7 ) Scan on (Event triggered scanning) By default, all files are scanned upon file opening, file creation or file execution. We recommend that you keep the default settings, as these provide the maximum level of Real-time protection for your computer. repeatedly after being cached (unless they have been modified), up to the defined size of the cache. Files are scanned again immediately after each virus signature database update. Click Enable clean file cache to enable/disable this function. To set the amount of files to be cached simply enter the desired value in the input field next to Cache size. Additional scanning parameters can be set in the ThreatSense Engine Setup window. You can define what type of Objects should be scanned, using which Options and Cleaning level, as well as defining Extensions and file-size Limits for Real-time file system protection. You can enter the ThreatSense engine setup window by clicking the Setup... button next to ThreatSense Engine in the Advanced Setup window. For more detailed information about ThreatSense engine parameters see ThreatSense engine parameter setup When to modify Real-time protection configuration Real-time protection is the most essential component of maintaining a secure system. Use caution when modifying the Real-time protection parameters. We recommend that you only modify these parameters in specific cases. For example, a situation in which there is a conflict with a certain application or Real-time scanner of another antivirus program. After installing ESET Cyber Security Pro, all settings are optimized to provide the maximum level of system security for users. To restore the default settings, click the Default button located at the bottom-left of the Real-Time Protection window (Setup > Enter application preferences... > Real-Time Protection) Checking Real-time protection To verify that Real-time protection is working and detecting viruses, use the eicar.com test file. This test file is a special, harmless file detectable by all antivirus programs. The file was created by the EICAR institute (European Institute for Computer Antivirus Research) to test the functionality of antivirus programs Advanced options In this window you can define object types to be scanned by the ThreatSense engine and enable/disable Advanced heuristics as well as modify settings for archives and file cache. We do not recommend changing the default values in the Default archives settings section unless needed to resolve a specific issue, as higher archive nesting values can impede system performance. You can toggle ThreatSense Advanced heuristics scanning for executed, created and modified files separately by clicking the Advanced heuristics checkbox in each of the respective ThreatSense parameters sections. To provide the minimum system footprint when using Realtime protection, you can define the size of the optimization cache. This behavior is active when you are using the Enable clean file cache option. If this is disabled, all files are scanned each time they are accessed. Files will not be scanned 7

8 What to do if Real-time protection does not work In this chapter, we describe problem situations that may arise when using Real-time protection, and how to troubleshoot them. We recommend that you run an On-demand computer scan at least once a month. Scanning can be configured as a scheduled task from Tools > Scheduler. Real-time protection is disabled If Real-time protection was inadvertently disabled by a user, it will need to be reactivated. To reactivate Real-time protection, navigate to Setup > Computer and switch Real-time file system protection to ENABLED. Alternatively, you can enable the Real-time file system protection in the application preferences window under Real-Time Protection by selecting the Enable real-time file system protection option. You can also drag and drop selected files and folders from your desktop or Finder window to the ESET Cyber Security Pro main screen, dock icon, menu bar icon (top of the screen) or the application icon (located in the /Applica tions folder) Type of scan Two types of On-demand computer scans are available. Smart scan quickly scans the system with no need for further configuration of the scan parameters. Custom scan allows you to select any of the predefined scan profiles, as well as choose specific scan targets. Real-time protection does not detect and clean infiltrations Make sure that no other antivirus programs are installed on your computer. If two real-time protection shields are enabled at the same time, they may conflict with each other. We recommend that you uninstall any other antivirus programs that may be on your system. Real-time protection does not start If Real-time protection is not initiated at system startup, it may be due to conflicts with other programs. If this is the case, please consult ESET s Customer Care specialists On-demand computer scan If you suspect that your computer is infected (it behaves abnormally), run Computer scan > Smart scan to examine your computer for infiltrations. For maximum protection, computer scans should be run regularly as part of routine security measures, not just run when an infection is suspected. Regular scanning can detect infiltrations that were not detected by the Real-time scanner when they were saved to the disk. This can happen if the Real-time scanner was disabled at the time of infection, or if the virus signature database is not up-to-date Smart scan Smart scan allows you to quickly launch a computer scan and clean infected files with no need for user intervention. Its main advantage is easy operation with no detailed scanning configuration. Smart scan checks all files in all folders and automatically cleans or deletes detected infiltrations. The cleaning level is automatically set to the default value. For more detailed information on types of cleaning, see the section on Cleaning Custom scan Custom scan is optimal if you would like to specify scanning parameters such as scan targets and scanning methods. The advantage of running a Custom scan is the ability to configure the parameters in detail. Different configurations can be saved as user-defined scan profiles, which can be useful if scanning is repeatedly performed with the same parameters. To select scan targets, select Computer scan > Custom scan and select specific Scan Targets from the tree structure. A scan target can also be more precisely specified by entering the path to the folder or file(s) you wish to include. If you are only interested in scanning the system without additional cleaning actions, select the Scan without cleaning option. Furthermore, you can choose from three cleaning levels by clicking Setup... > Cleaning. NOTE: Performing computer scans with Custom scan is recommended for advanced users with previous experience using antivirus programs. 8

9 Scan targets Exclusions The Scan targets tree structure allows you to select files and folders to be scanned for viruses. Folders may also be selected according to a profile's settings. This section (Setup > Enter application preferences... > Exclusions) enables you to exclude certain files/folders, applications or IP/IPv6 addresses from scanning. A scan target can be more precisely defined by entering the path to the folder or file(s) you wish to include in scanning. Select targets from the tree structure that lists all available folders on the computer. Files and folders listed in the FileSystem list will be excluded from all scanners: System (startup), Real-time and OnDemand Scan profiles Your preferred scan settings can be saved for future scanning. We recommend that you create a different profile (with various scan targets, scan methods and other parameters) for each regularly used scan. To create a new profile, go to Setup > Enter application preferences... (or press cm d-,) > Computer Scan and click Edit... next to the list of current profiles. Path - path to excluded files and folders Threat - if there is a name of a threat next to an excluded file, it means that the file is only excluded for the given threat, but not completely. Therefore, if that file becomes infected later with other malware, it will be detected by the antivirus module. Add... - excludes objects from detection. Enter the path to an object (you can also use wildcards * and?) or select the folder or file from the tree structure. Edit... - enables you to edit selected entries Delete - removes selected entries Default - cancels all exclusions. In the Web and Mail tab, you can exclude certain Applications or IP/IPv6 addresses from protocol scanning ThreatSense engine parameters setup ThreatSense is ESET's proprietary technology consisting of a combination of complex threat detection methods. This technology is proactive, which means it also provides protection during the early hours of the spread of a new threat. It uses a combination of several methods (code analysis, code emulation, generic signatures, virus signatures) which work in concert to significantly enhance system security. The scanning engine is capable of controlling several data streams simultaneously, maximizing the efficiency and detection rate. ThreatSense technology also successfully prevents rootkits. To help you create a scan profile to fit your needs, see the ThreatSense engine parameters setup 9 section for a description of each parameter of the scan setup. Example: Suppose that you want to create your own scan profile and the Smart scan configuration is partially suitable, but you do not want to scan runtime packers or potentially unsafe applications and you also want to apply Strict cleaning. In the On-demand Scanner Profiles List window, type the profile name, click the Add button and confirm by clicking OK. Then adjust the parameters to meet your requirements by setting ThreatSense Engine and Scan Targets. The ThreatSense technology setup options allow you to specify several scan parameters: File types and extensions that are to be scanned The combination of various detection methods Levels of cleaning, etc. To enter the setup window, click Setup > Enter application preferences... (or press cm d-,) and then click the ThreatSense Engine Setup... button located in the System Protection, RealTime Protection and Computer Scan wildcards, which all use ThreatSense technology (see below). Different security scenarios could require different configurations. With this in mind, ThreatSense is individually configurable for the following protection modules: System Protection - Automatic startup file check Real-Time Protection - Real-time file system protection Computer Scan - On-demand computer scan. The ThreatSense parameters are specifically optimized for each module, and their modification can significantly influence system operation. For example, changing settings to always 9

10 scan runtime packers, or enabling advanced heuristics in the Real-time file system protection module could result in a slower system. Therefore, we recommend that you leave the default ThreatSense parameters unchanged for all modules except Computer scan Objects The Objects section allows you to define which computer files will be scanned for infiltrations. Files provides scanning of all common file types (programs, pictures, audio, video files, database files, etc.). Symbolic links - (On-demand scanner only) scans special type of files that contain a text string that is interpreted and followed by the operating system as a path to another file or directory. files - (not available in Real-time protection) scans special files where messages are contained. Mailboxes - (not available in Real-time protection) scans user mailboxes in the system. Incorrect use of this option may result in a conflict with your client. To learn more about advantages and disadvantages of this option, read the following knowledgebase article. Archives - (not available in Real-time protection) provides scanning of files compressed in archives (.rar,.zip,.arj,.tar, etc.). Self-extracting archives - (not available in Real-time protection) scans files which are contained in self-extracting archive files. Runtime packers - unlike standard archive types, runtime packers decompress in memory, in addition to standard static packers (UPX, yoda, ASPack, FGS, etc.) Options In the Options section, you can select the methods used during a scan of the system for infiltrations. The following options are available: Heuristics Heuristics use an algorithm that analyzes the (malicious) activity of programs. The main advantage of heuristic detection is the ability to detect new malicious software which did not previously exist, or was not included in the list of known viruses (virus signatures database). Advanced heuristics Advanced heuristics is comprised of a unique heuristic algorithm, developed by ESET, optimized for detecting computer worms and trojan horses written in high-level programming languages. The program's detection ability is significantly higher as a result of advanced heuristics. Potentially unwanted applications These applications are not necessarily intended to be malicious, but may affect the performance of your computer in a negative way. Such applications usually require consent for installation. If they are present on your computer, your system behaves differently (compared to the way it behaved before these applications were installed). The most significant changes include unwanted pop-up windows, activation and running of hidden processes, increased usage of system resources, changes in search results, and applications communicating with remote servers. Potentially unsafe applications these applications refer to commercial, legitimate software that can be abused by attackers, if it was installed without user's knowledge. The classification includes programs such as remote access tools, which is why this option is disabled by default Cleaning The cleaning settings determine the manner in which the scanner cleans infected files. There are 3 levels of cleaning: No cleaning Infected files are not cleaned automatically. The program will display a warning window and allow you to choose an action. Standard cleaning The program will attempt to automatically clean or delete an infected file. If it is not possible to select the correct action automatically, the program will offer a choice of follow-up actions. The choice of follow-up actions will also be displayed if a predefined action could not be completed. Strict cleaning The program will clean or delete all infected files (including archives). The only exceptions are system files. If it is not possible to clean them, you will be offered an action to take in a warning window. W a rning : In the Default Standard cleaning mode, the entire archive file is deleted only if all files in the archive are infected. If the archive also contains legitimate files, it will not be deleted. If an infected archive file is detected in Strict cleaning mode, the entire archive will be deleted, even if clean files are present Extensions An extension is the part of the file name delimited by a period. The extension defines the type and content of the file. This section of the ThreatSense parameter setup lets you define the types of files to be excluded from scanning. By default, all files are scanned regardless of their extension. Any extension can be added to the list of files excluded from scanning. Using the Add and Remove buttons, you can enable or prohibit scanning of desired extensions. Excluding files from scanning is sometimes necessary if scanning certain file types prevents the program from functioning properly. For example, it may be advisable to exclude the.log,.cfg and.tm p extensions. 10

11 Limits An infiltration is detected The Limits section allows you to specify the maximum size of objects and levels of nested archives to be scanned: Infiltrations can reach the system from various entry points: webpages, shared folders, or removable computer devices (USB, external disks, CDs, DVDs, etc.). Maximum Size: Defines the maximum size of objects to be scanned. The antivirus module will then scan only objects smaller than the size specified. We do not recommend changing the default value, as there is usually no reason to modify it. This option should only be changed by advanced users who have specific reasons for excluding larger objects from scanning. Maximum Scan Time: Defines the maximum time allotted for scanning an object. If a user-defined value has been entered here, the antivirus module will stop scanning an object when that time has elapsed, whether or not the scan has finished. Maximum Nesting Level: Specifies the maximum depth of archive scanning. We do not recommend changing the default value of 10; under normal circumstances, there should be no reason to modify it. If scanning is prematurely terminated due to the number of nested archives, the archive will remain unchecked. Maximum File Size: This option allows you to specify the maximum file size for files contained in archives (when they are extracted) that are to be scanned. If scanning is prematurely terminated as a result of this limit, the archive will remain unchecked Others Enable Smart optimization With Smart Optimization enabled, settings are optimized to ensure the most efficient level of scanning without compromising scanning speed. The various protection modules scan intelligently, making use of different scanning methods. Smart Optimization is not rigidly defined within the product. The ESET Development Team is continuously implementing new changes which then get integrated into your ESET Cyber Security Pro via the regular updates. If Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular module are applied when performing a scan. If your computer is showing signs of malware infection, e.g., it is slower, often freezes, etc., we recommend the following steps: 1. Click Computer scan. 2. Click Smart scan (for more information, see the Smart scan 8 section). 3. After the scan has finished, review the log for the number of scanned, infected and cleaned files. If you only wish to scan a certain part of your disk, click Custom scan and select targets to be scanned for viruses. As a general example of how infiltrations are handled in ESET Cyber Security Pro, suppose that an infiltration is detected by the Real-time file system monitor, which uses the default cleaning level. It will attempt to clean or delete the file. If there is no predefined action available for the Real-time protection module, you will be asked to select an option in an alert window. Usually, the options Clean, Delete and No action are available. Selecting No action is not recommended, since the infected file(s) would be left untouched. An exception to this is when you are sure that the file is harmless and has been detected by mistake. Cleaning and deleting Apply cleaning if a file has been attacked by a virus that has attached malicious code to it. If this is the case, first attempt to clean the infected file in order to restore it to its original state. If the file consists exclusively of malicious code, it will be deleted. Scan alternative data stream (On-demand scanner only) Alternate data streams (resource/data forks) used by the file system are file and folder associations which are invisible from ordinary scanning techniques. Many infiltrations try to avoid detection by disguising themselves as alternative data streams. 11

12 Deleting files in archives In the default cleaning mode, the entire archive will be deleted only if it contains infected files and no clean files. In other words, archives are not deleted if they also contain harmless clean files. However, use caution when performing a Strict cleaning scan with Strict cleaning the archive will be deleted if it contains at least one infected file, regardless of the status of other files in the archive. 5.2 Removable media scanning and blocking ESET Cyber Security Pro offers an on-demand scan of the inserted removable media device (CD, DVD, USB, ios device etc.). 6.1 Filtering modes Three filtering modes are available for the ESET Cyber Security Pro Personal firewall. Filtering modes can be found in the ESET Cyber Security Pro preferences (press cm d-,) > Firewall. The behavior of the firewall changes based on the selected mode. Filtering modes also influence the level of user interaction required. All traffic blocked - all inbound and outbound connections will be blocked. Auto with exceptions - the default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. Automatic mode allows standard outbound traffic for the given system and blocks all non-initiated connections from the network side. You can also add custom, user-defined rules. Interactive mode allows you to build a custom configuration for your Personal firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all future connections of this type will be allowed or blocked according to the rule. Removable media may contain malicious code and put your computer at risk. To block removable media, click the Setup... button (see the picture above) or Setup > Enter application preferences... > Media from the main program window and check the Enable removable media blocking option. To allow access to certain types of media, uncheck desired media volumes. NOTE: If you wish to allow access to external CD-ROM drive connected to your computer via USB cable, uncheck the CDROM option. 6. Firewall The Personal firewall controls all network traffic to and from the system. This is accomplished by allowing or denying individual network connections based on specified filtering rules. It provides protection against attacks from remote computers and enables blocking of some services. It also provides antivirus protection for HTTP, POP3 and IMAP protocols. This functionality represents a very important element of computer security. Personal firewall configuration can be found in Setup > Firewall. It allows you to adjust the filtering mode, rules and detailed settings. You can also access more detailed settings of the program from here. If you switch Block all network traffic: disconnect network to ENABLED, all inbound and outbound communication will be blocked by the Personal firewall. Use this option only if you suspect critical security risks requiring the system to be disconnected from the network. 12 If you wish to record detailed information about all blocked connections into a log file, select the Log all blocked connections option. To review the firewall log files, click Tools > Logs and select Firewall from the Log drop-down menu. 6.2 Firewall rules Rules represent a set of conditions used to meaningfully test all network connections and all actions assigned to these conditions. With the Personal firewall, you can define what action to take if a connection defined by a rule is established. Incoming connections are initiated by a remote computer attempting to establish a connection with the local system. Outgoing connections work in the opposite way the local system contacts a remote computer. If a new unknown communication is detected, you must carefully consider whether to allow or deny it. Unsolicited, unsecured or unknown connections pose a security risk to the

13 system. If such a connection is established, we recommend that you pay particular attention to the remote computer and the application attempting to connect to your computer. Many infiltrations try to obtain and send private data, or download other malicious applications to host workstations. The Personal firewall allows you to detect and terminate such connections Creating new rule Rules tab contains a list of all rules applied on the traffic generated by individual applications within trusted zones and the Internet. Rules are added automatically according to user reactions to a new communication. To create a new rule, click the Add... button, enter a name for the rule and drag-and-drop the application's icon into the square blank field or click Browse... to look for the program in the /Applica tions folder. If you wish to apply the rule to all applications installed on your computer, select the All applications option. In the next step, specify the Action (allow or deny the communication between selected application and network) and Direction of the communication (incoming, outgoing or both). If you wish to record all communications related to this rule into a log file, select the Log rule option. To review the logs, click Tools > Logs from the ESET Cyber Security Pro main menu and select Firewall from the Log drop-down menu. In the Protocol/Ports section, select a protocol through which the application communicates and port numbers (if TCP or UDP protocol is selected). The transport protocol layer provides a secure and efficient data transfer. The last step is to specify the destination (IP address, range, subnet, ethernet or Internet). 6.3 Firewall zones A zone represents a collection of network addresses which create one logical group. Each address in a given group is assigned similar rules defined centrally for the whole group. One example of such a group is the Trusted zone. The Trusted zone represents a group of network addresses which are fully trusted and not blocked by the Personal firewall in any way. These zones can be created by clicking the Add... button. Enter a Name and Description (optional) of the zone, choose a profile this zone will belong to and add an IPv4/IPv6 address, address range, subnet, WiFi network or an interface. 6.4 Firewall profiles Profiles allow you to control the behavior of the ESET Cyber Security Pro Personal firewall. When creating or editing a Personal firewall rule, you can assign it to a specific profile or have it apply to every profile. When you select a profile, only the global rules (with no profile specified) and the rules that have been assigned to that profile are applied. You can create multiple profiles with different rules assigned to easily alter the Personal firewall behavior. 6.5 Firewall logs The ESET Cyber Security Pro Personal firewall saves all important events in a log file, which can be viewed directly from the main menu. Click Tools > Logs and then select Firewall from the Log drop-down menu. The log files are a valuable tool for detecting errors and revealing intrusions into your system. ESET Personal firewall logs contain the following data: Date and time of event Name of event Source Target network address Network communication protocol Rule applied, or name of worm, if identified Application involved User A thorough analysis of this data can help detect attempts to compromise system security. Many other factors indicate potential security risks and allow you to minimize their impact: too frequent connections from unknown locations, multiple attempts to establish connections, unknown applications communicating or unusual port numbers used. 7. Web and mail protection Web and mail protection setup can be found in the Setup > Web and Mail. From here you can also access detailed settings of each module. Web access and phishing protection - if enabled (recommended), Real-time file system protection constantly monitors all antivirus related events. client protection - provides control of communication received through POP3 and IMAP protocols. 7.1 Web protection Web access protection monitors communication between web browsers and remote servers and complies with HTTP (Hypertext Transfer Protocol) rules Ports In the Ports tab, you can define the port numbers used for HTTP communication. By default, the port numbers 80, 8080 and 3128 are predefined Active mode ESET Cyber Security Pro also contains the Active Mode submenu, which defines the checking mode for web browsers. Active mode examines transferred data from applications accessing the Internet as a whole, regardless of whether they are marked as web browsers or not. If it is not enabled, communication from applications are monitored gradually in batches. This decreases the effectiveness of the data verification process, but also provides higher compatibility for 13

14 listed applications. If no problems occur while using it, we recommend that you enable active checking mode by selecting the checkbox next to the desired application. Template added to the subject of infected edit this template if you wish to modify the subject prefix format of an infected . When a controlled application downloads data, it is first saved to a temporary file created by ESET Cyber Security Pro. Data is not available for the given application at that time. Once downloading is complete, it is checked for malicious code. If no infiltration is found, data is sent to the original application. This process provides complete control of the communications made by a controlled application. If passive mode is activated, data is trickle-fed to the original application to avoid timeouts. Append tag message to the footnote - enable this checkbox if you want protection to include a virus warning in the infected . This feature allows for simple filtering of infected s. It also increases the level of credibility for the recipient and, if an infiltration is detected, it provides valuable information about the threat level of a given or sender POP3 protocol checking URL lists The URL Lists section enables you to specify HTTP addresses to block, allow or exclude from checking. Websites in the list of blocked addresses will not be accessible. Websites in the list of excluded addresses are accessed without being scanned for malicious code. If you wish to allow access only to the URL addresses listed in the Allowed URL list, select the Restrict URL addresses option. To activate a list, select the Enabled option. If you wish to be notified when entering an address from the current list, select the Notified option. In all lists, the special symbols * (asterisk) and? (question mark) can be used. The asterisk substitutes any character string, and the question mark substitutes any symbol. Particular care should be taken when specifying excluded addresses, because the list should only contain trusted and safe addresses. Similarly, it is necessary to ensure that the symbols * and? are used correctly in this list protection protection provides control of communication received through POP3 and IMAP protocols. When examining incoming messages, the program uses all the advanced scanning methods provided by the ThreatSense scanning engine. This means that detection of malicious programs takes place even before being matched against the virus signature database. Scanning of POP3 and IMAP protocol communications is independent of the client used. ThreatSense Engine - the advanced virus scanner setup enables you to configure scan targets, detection methods, etc. Click Setup... to display the detailed scanner setup window. After an has been checked, a notification with the scan result can be appended to the message. You can select to Append tag messages to subject. The tag messages cannot be relied on without question, since they may be omitted in problematic HTML messages or can be forged by some viruses. The available options are: Never no tag messages will be added at all, To infected only only messages containing malicious software will be marked as checked, To all scanned the program will append messages to all scanned The POP3 protocol is the most widespread protocol used to receive communication in an client application. ESET Cyber Security Pro provides protection for this protocol regardless of the client used. The protection module providing this control is automatically initiated at system startup and is then active in memory. For the module to work correctly, please make sure it is enabled POP3 protocol checking is performed automatically with no need for reconfigure the client. By default, all communication on port 110 is scanned, but other communication ports can be added if necessary. Port numbers must be delimited by a comma. If the Enable POP3 protocol checking option is enabled, all traffic through POP3 is monitored for malicious software IMAP protocol checking The Internet Message Access Protocol (IMAP) is another Internet protocol for retrieval. IMAP has some advantages over POP3, e.g., multiple clients can simultaneously connect to the same mailbox and maintain message state information such as whether or not the message has been read, replied to or deleted. ESET Cyber Security Pro provides protection for this protocol, regardless of the client used. The protection module providing this control is automatically initiated at system startup and is then active in memory. For the module to work correctly, please make sure it is enabled; IMAP protocol control is performed automatically with no need for reconfigure the client. By default, all communication on port 143 is scanned, but other communication ports can be added if necessary. Port numbers must be delimited by a comma. If the Enable IMAP protocol checking option is enabled, all traffic through IMAP is monitored for malicious software. 8. Parental control The Parental control section allows you to configure the parental control settings, which provide parents with automated tools to help protect their children. The goal is to prevent children and young adults from accessing pages with inappropriate or harmful content. Parental control lets you block webpages that may contain potentially offensive material. In addition, parents can prohibit access to up to 27 pre-defined website categories.

15 Your user accounts are listed in the Parental Control window ( Setup > Enter application preferences... > Parental Control). Select the one you wish to use for parental control. To specify a level of protection for the selected account, click the Setup... button. If you wish to create a new account, click the Add... button. This will redirect you to the Mac OS system accounts window. In the Parental control setup window, select one of the predefined profiles from the Setup profile drop-down menu or copy parental setup from another user account. Each profile contains modified list of allowed categories. If a category is checked, it is allowed. Moving the mouse over a category will show you a list of web pages that fall into that category. 9.1 Update setup Authentication for update server is based on the Username and Password generated and sent to you after purchase. To enable the use of test mode (downloads pre-release updates) click Setup > Enter application preferences... (or press cm d-,) > Update, click the Setup... button next to Advanced Options and select the Enable pre-release updates checkbox. If you wish to modify the list of Allowed and Blocked Web Pages, click the Setup... button at the bottom of a window and add a domain name into the desired list. Do not type Using wildcards (*) is not necessary. If you type just a domain name, all subdomains will be included. For example, if you add g oog le.com into the List of Allowed Web Pages, all subdomains ( m a il.g oog le.com, new s.g oog le.com, m a ps. g oog le.com etc.) will be allowed. NOTE: Blocking or allowing a specific web page can be more accurate than blocking or allowing a whole category of web pages. 9. Update Regularly updating ESET Cyber Security Pro is necessary to maintain the maximum level of security. The Update module ensures that the program is always up to date by downloading the most recent virus signature database. By clicking Update from the main menu, you can find the current update status, including the date and time of the last successful update and if an update is needed. To begin the update process manually, click the Update virus signature database. Under normal circumstances, when updates are downloaded properly, the message Virus signature database is up to date will appear in the Update window. If the virus signature database cannot be updated, we recommend that you check the update settings 15 - the most common reason for this error is incorrectly entered authentication data (Username and Password) or incorrectly configured connection settings 20. The Update window also contains the information about the virus signature database version. This numeric indicator is an active link to ESET s website, listing all signatures added during the given update. NOTE: Your username and password are provided by ESET after purchasing ESET Cyber Security Pro. To disable system tray notifications displaying after each successful update, select the Do not display notification about successful update checkbox. To delete all temporarily stored update data, click the Clear button next to Clear Update Cache. Use this option if you are experiencing difficulty while updating. 9.2 How to create update tasks Updates can be triggered manually by clicking Update virus signature database in the primary window displayed after clicking Update from the main menu. Updates can also be run as scheduled tasks. To configure a scheduled task, click Tools > Scheduler. By default, the following tasks are activated in ESET Cyber Security Pro: Regular automatic update Automatic update after user logon Each of the update tasks can be modified to meet your needs. In addition to the default update tasks, you can create new update tasks with a user-defined configuration. For more details about creating and configuring update tasks, see the Scheduler 16 section. 9.3 Upgrading ESET Cyber Security Pro to a new version For maximum protection, it is important to use the latest build of ESET Cyber Security Pro. To check for a new version, click Home from the main menu on the left. If a new build is available, a message will be displayed. Click Learn more... to display a new window containing the version number of the new build and the changelog. 15

16 Click Yes to download the latest build or click Not now to close the window and download the upgrade later. If you clicked Yes, the file will be downloaded to your downloads folder (or the default folder set by your browser). When the file has finished downloading, launch the file and follow the installation directions. Your username and password will be automatically transferred to the new installation. It is recommended to check for upgrades regularly, especially when installing ESET Cyber Security Pro from CD or DVD. 10. Tools The Tools menu includes modules that help simplify program administration and offer additional options for advanced users Log files The Log files contain information about all important program events that have occurred and provide an overview of detected threats. Logging acts as an essential tool in system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction. Information is recorded based on the current log verbosity settings. It is possible to view text messages and logs directly from the ESET Cyber Security Pro environment, as well as to archive logs. Log files are accessible from the ESET Cyber Security Pro main menu by clicking Tools > Logs. Select the desired log type using the Log drop-down menu at the top of the window. The following logs are available: 1. Detected threats use this option to view all information about events related to the detection of infiltrations. 2. Events this option is designed for system administrators and users to solve problems. All important actions performed by ESET Cyber Security Pro are recorded in the Event logs. 3. Computer scan results of all completed scans are displayed in this window. Double-click any entry to view details of the respective On-demand computer scan. 4. Parental list of all web pages blocked by Parental control. 5. Firewall results of all network-related events Log maintenance The logging configuration for ESET Cyber Security Pro is accessible from the main program window. Click Setup > Enter application preferences... (or press cm d-,) > Log Files. You can specify the following options for log files: Delete old log records automatically - log entries older than the specified number of days are automatically deleted. Optimize log files automatically - enables automatic defragmentation of log files if the specified percentage of unused records has been exceeded. To configure the Log Records Default Filter click the Edit... button and select/deselect log types as required Log filtering Logs store information about important system events. The log filtering feature allows you to display records about a specific type of event. The most frequently used log types are listed below: Critical warnings critical system errors (e.g., Antivirus protection failed to start) Errors - error messages such as " Error dow nloa ding file" and critical errors Warnings warning messages Informative records - informative messages including successful updates, alerts, etc. Diagnostic records - information needed for fine-tuning the program as well as all records described above Scheduler The Scheduler can be found in the ESET Cyber Security Pro main menu under Tools. The Scheduler contains a list of all scheduled tasks and configuration properties such as the predefined date, time, and scanning profile used. In each section, the displayed information can be directly copied to the clipboard by selecting the entry and clicking on the Copy button. The Scheduler manages and launches scheduled tasks with predefined configurations and properties. The configuration and properties contain information such as the date and time as well as specified profiles to be used during execution of the task. 16

17 By default, the following scheduled tasks are displayed in the Scheduler: Log maintenance (after enabling the Show system tasks option in the scheduler setup) Startup file check after user logon Startup file check after successful update of the virus signature database Regular automatic update Automatic update after user logon To edit the configuration of an existing scheduled task (both default and user-defined), press ctrl, click the task you wish to modify and select Edit... or select the task and click the Edit task... button Creating new tasks To create a new task in the Scheduler, click the Add task... button or press ctrl, click in the blank field and select Add... from the context menu. Five types of scheduled tasks are available: Run application Update Log maintenance On-demand computer scan System startup file check Since Update is one of the most frequently used scheduled tasks, we will explain how to add a new update task. From the Scheduled task drop-down menu, select Update. Enter the name of the task into the Task name field. Select the frequency of the task from the Run task drop-down menu. Based on the frequency selected, you will be prompted with different update parameters. If you select User-defined, you will be prompted to specify date/time in cron format (see the Creating user-defined task 17 section for more details). In the next step, define what action to take if the task cannot be performed or completed at the scheduled time. The following three options are available: Wait until the next scheduled time Run the task as soon as possible Run the task immediately if the time since its last execution exceeds specified interval (the interval can be defined using the Minimum task interval option) In the next step, a summary window with information about the current scheduled task is displayed. Click the Finish button. The system, by default, contains essential scheduled tasks to ensure correct product functionality. These should not be altered, and are hidden by default. To change this option and make these tasks visible, enter the Setup > Enter application preferences... (or press cm d-,) > Scheduler and select the Show system tasks option Creating user-defined task Date and time of the User-defined task has to be entered in year-extended cron format (a string comprising 6 fields separated by white space): minute(0-59) hour(0-23) day of month(1-31) month(112) year( ) day of week(0-7)(sunday = 0 or 7) Example: Special characters supported in cron expressions: asterisk (*) - expression will match for all values of the field; e.g. asterisk in the 3rd field (day of month) means every day hyphen (-) - defines ranges; e.g. 3-9 comma (,) - separates items of a list; e.g. 1,3,7,8 slash (/) - defines increments of ranges; e.g. 3-28/5 in the 3rd field (day of month) means 3rd day of the month and then every 5 days. Day names (Monday-Sunday) and month names (JanuaryDecember) are not supported. NOTE: If you define both day of month and day of week, command will be executed only when both fields match Quarantine The main task of the quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, if it is not safe or advisable to delete them, or if they are being falsely detected by ESET Cyber Security Pro. You can choose to quarantine any file. This is advisable if a file behaves suspiciously but is not detected by the antivirus scanner. Quarantined files can be submitted for analysis to ESET s Threat Lab. Files stored in the quarantine folder can be viewed in a table which displays the date and time of quarantine, the path to the original location of the infected file, its size in bytes, reason (e.g., added by user ) and number of threats (e.g., if it is an archive containing multiple infiltrations). The quarantine folder with quarantined files ( /Libra ry/applica tion Support/ Eset/esets/ca che/qua ra ntine) remains in the system even after uninstalling ESET Cyber Security Pro. Quarantined files are stored in a safe encrypted form and can be restored again after installing ESET Cyber Security Pro. The new scheduled task will be added to the list of currently scheduled tasks. 17

18 Quarantining files ESET Cyber Security Pro automatically quarantines deleted files (if you have not canceled this option in the alert window). If desired, you can quarantine any suspicious file manually by clicking the Quarantine... button. The context menu can also be used for this purpose press ctrl, click in the blank field, select Quarantine, choose a file you wish to quarantine and click the Open button Restoring from Quarantine Quarantined files can also be restored to their original location. Use the Restore button for this purpose; Restore is also available from the context menu by pressing ctrl, clicking on the given file in the Quarantine window, then clicking Restore. The context menu also offers the option Restore to..., which allows you to restore a file to a location other than the one from which it was deleted Submitting file from Quarantine If you have quarantined a suspicious file that was not detected by the program, or if a file was incorrectly evaluated as infected (e.g., by heuristic analysis of the code) and subsequently quarantined, please send the file to ESET s Threat Lab. To submit a file from quarantine, press ctrl, click the file and select Submit file for analysis from the context menu Running processes List of Running processes displays the processes running on your computer. ESET Cyber Security Pro provides detailed information on running processes to protect users with ESET Live Grid technology. Process name of the process that is currently running on your computer. To see all running processes you can also use Activity Monitor (found in /Applica tions/utilities). Risk level in most cases, ESET Cyber Security Pro and ESET Live Grid technology assign risk levels to objects (files, processes, etc.) using a series of heuristic rules that examine the characteristics of each object and then weigh their potential for malicious activity. Based on these heuristics, objects are assigned a risk level. Known applications marked green are definitely clean (whitelisted) and will be excluded from scanning. This will improve the speed of both Ondemand and Real-time scan. When an application is marked as unknown (yellow), it is not necessarily malicious software. Usually it is just a newer application. If you are not sure about the file, you can submit file for analysis to ESET's Threat Lab. If the file turns out to be a malicious application, its detection will be added to one of the upcoming updates. Number of Users the number of users that use a given application. This information is gathered by ESET Live Grid technology. Time of discovery period of time since the application was discovered by ESET Live Grid technology. Application Bundle ID name of the vendor or application process. 18 By clicking a given process, the following information will appear at the bottom of the window: File location of an application on your computer, File Size physical size of the file on the disk, File Description file characteristics based on the description from the operating system, Application Bundle ID name of the vendor or application process, File Version information from the application publisher, Product name application name and/or business name Live Grid The Live Grid Early Warning System keeps ESET immediately and continuously informed about new infiltrations. The bidirectional Live Grid Early Warning System has a single purpose to improve the protection that we can offer you. The best way to ensure that we see new threats as soon as they appear is to link to as many of our customers as possible and use them as our Threat Scouts. There are two options: 1. You can decide not to enable the Live Grid Early Warning System. You will not lose any functionality in the software, and you will still receive the best protection that we offer. 2. You can configure the Live Grid Early Warning System to submit anonymous information about new threats and where the new threatening code is contained. This file can be sent to ESET for detailed analysis. Studying these threats will help ESET update its database of threats and improve the program's threat detection ability. The Live Grid Early Warning System will collect information about your computer related to newly-detected threats. This information may include a sample or copy of the file in which the threat appeared, the path to that file, the filename, the date and time, the process by which the threat appeared on your computer and information about your computer s operating system. While there is a chance this may occasionally disclose some information about you or your computer (usernames in a directory path, etc.) to ESET s Threat Lab, this information will not be used for ANY purpose other than to help us respond immediately to new threats. The Live Grid setup is accessible from Setup > Enter application preferences... (or press cm d-,) > Live Grid. Select the Enable Live Grid Early Warning System option to activate and then click the Setup... button beside the Advanced Options heading Live Grid setup By default, ESET Cyber Security Pro is configured to submit suspicious files to ESET s Threat Lab for detailed analysis. If you do not wish to submit these files automatically, deselect the Submission of Suspicious Files option.

19 If you find a suspicious file, you can submit it to our Threat Lab for analysis. To do so, click Tools > Submit file for analysis from the main program window. If it is a malicious application, its detection will be added to the next virus signature database update. Submission of Anonymous Statistical Information The ESET Live Grid Early Warning System collects anonymous information about your computer related to newly detected threats. This information includes the name of the infiltration, the date and time it was detected, the ESET security product version, your operating system version and the location setting. The statistics are typically delivered to ESET s servers once or twice a day. Below is an example of a statistical package submitted: # utc_time= :21:28 # country= Slovakia # language= ENGLISH # osver=9.5.0 # engine=5417 # components= # moduleid=0x4e4f4d41 # filesize=28368 # filename=users/userone/documents/incoming/rdgfr1463 [1].zip Exclusion Filter This option allows you to exclude certain files types from submission. For example, it may be useful to exclude files which may carry confidential information, such as documents or spreadsheets. The most common file types are excluded by default (.doc,.rtf etc.). You can add file types to the list of excluded files. Contact (optional) Your address will be used if further information is required for analysis. Please note that you will not receive a response from ESET unless more information is needed. 11. User interface The user interface configuration options allow you to adjust the working environment to fit your needs. These options are accessible from the Setup > Enter application preferences... (or press cm d-,) > Interface. To display the ESET Cyber Security Pro splash screen at system startup, select the Show splash-screen at startup option. The Present application in Dock option allows you to display the ESET Cyber Security Pro icon in the Mac OS Dock and to switch between ESET Cyber Security Pro and other running applications by pressing cm d-ta b. Changes take effect after you restart ESET Cyber Security Pro (usually triggered by computer restart) Alerts and notifications The Alerts and notifications section allows you to configure how threat alerts and system notifications are handled in ESET Cyber Security Pro. Disabling the Display alerts option will cancel all alert windows and is only suitable in specific situations. For most users, we recommend that this option be left to its default setting (enabled). Selecting the Display notifications on desktop option will enable alert windows that do not require user interaction to display on desktop (by default in the upper-right corner of your screen). You can define the period for which a notification will be displayed by adjusting the Close notifications automatically after X seconds value. If you wish to see only notifications requiring user interaction when running applications in full screen, check the Enable full screen mode option. This is useful while doing presentations, playing games or doing other activities that require the entire screen Alerts and notifications advanced setup ESET Cyber Security Pro displays alert dialog windows informing you about new program version, new OS update, disabling certain program components, deleting logs etc. You can suppress each notification by selecting the Do not show this dialog again option in each dialog window. List of Dialogs (Setup > Enter application preferences... > Alerts and notifications > Setup...) shows the list of all alert dialogs triggered by ESET Cyber Security Pro. To enable or suppress each notification, use the checkbox left to the Notification Name. Additionally, you can define Display Conditions under which the notifications about new program version and OS update will be displayed Privileges ESET Cyber Security Pro settings can be very important to your organization s security policy. Unauthorized modifications may endanger the stability and protection of your system. Consequently, you can choose which users will have permission to edit the program configuration. To specify privileged users, click Setup > Enter application preferences... (or press cm d-,) > Privileges. To enable tooltips for certain options of ESET Cyber Security Pro, select the Show tooltips option. In order to provide maximum security for your system, it is essential that the program be correctly configured. Unauthorized modifications could result in the loss of important data. To set a list of privileged users, simply select them from the Users list on the left side and click the Add button. To display all system users, select the Show all users option. To remove a user, simply select their name from the Privileged Users list on the right side and click Remove. The Show hidden files option allows you to see and select hidden files in the Scan Targets setup of a Computer scan. NOTE: If the list of privileged users is empty, all users of the system will have permission to edit the program settings. The Use standard menu option allows you to use certain keyboard shortcuts (see Keyboard shortcuts 6 ) and see standard menu items (User interface, Setup and Tools) on Mac OS menu bar (top of the screen). 19

20 11.3 Context menu 12.2 Proxy server setup The context menu integration can be enabled in the Setup > Enter application preferences... (or press cm d-,) > Context Menu section by selecting the Integrate into the context menu option. Logging out or restarting computer is required for the changes to take effect. Context menu options will be available in Finder window when you press the ctrl button and click on any file. Proxy server settings can be configured in Setup > Enter application preferences... (or press cm d-,) > Proxy Server. Specifying the proxy server at this level defines global proxy server settings for all ESET Cyber Security Pro functions. Parameters here will be used by all modules requiring connection to the Internet. 12. Miscellaneous 12.1 Import and export settings Importing and exporting configurations of ESET Cyber Security Pro is available in the Setup pane. Both Import and Export use archive files to store the configuration. Import and export are useful if you need to backup the current configuration of ESET Cyber Security Pro to be able to use it later. The export settings option is also convenient for users who wish to use their preferred configuration of ESET Cyber Security Pro on multiple systems they can easily import the configuration file to transfer the desired settings. To specify proxy server settings for this level, select the Use proxy server check box and enter the IP address or URL of your proxy server in the Proxy Server field. In the Port field, specify the port where the proxy server accepts connections (3128 by default). If communication with the proxy server requires authentication, select the Proxy server requires authentication checkbox and enter a valid Username and Password into the respective fields. 13. Glossary 13.1 Types of infiltration An Infiltration is a piece of malicious software trying to enter and/or damage a user s computer Viruses A computer virus is an infiltration that corrupts existing files on your computer. Viruses are named after biological viruses, because they use similar techniques to spread from one computer to another Import settings To import a configuration, click Setup > Import and export settings... from the main menu and then select the Import settings option. Enter the name of the configuration file or click the Browse... button to browse for the configuration file you wish to import Export settings To export a configuration, click Setup > Import and export settings... from the main menu. Select the Export settings option and enter the name of the configuration file. Use the browser to select a location on your computer to save the configuration file. Computer viruses mainly attack executable files, scripts and documents. To replicate, a virus attaches its body to the end of a target file. In short, this is how a computer virus works: after execution of the infected file, the virus activates itself (before the original application) and performs its predefined task. Only after that is the original application allowed to run. A virus cannot infect a computer unless a user, either accidentally or deliberately, runs or opens the malicious program. Computer viruses can range in purpose and severity. Some of them are extremely dangerous because of their ability to purposely delete files from a hard drive. On the other hand, some viruses do not cause any damage they only serve to annoy the user and demonstrate the technical skills of their authors. It is important to note that viruses (when compared to trojans or spyware) are increasingly rare because they are not commercially enticing for malicious software authors. Additionally, the term virus is often used incorrectly to cover all types of infiltrations. This usage is gradually being overcome and replaced by the new, more accurate term malware (malicious software). If your computer is infected with a virus, it is necessary to restore infected files to their original state i.e., to clean them by using an antivirus program. 20