ESET Endpoint Antivirus · 3.7.1 Інтерфейс ... Для ОС Windows XP вимоги щодо мінімальної швидкості процесора можуть

ESET ENDPOINT ANTIVIRUS 6

Microsoft Windows 10/8.1/8/7/Vista/XP x86 SP3/XP x64 SP2 ,

http://go.eset.eu/manual?prod_abb=eea&prod_version=6&doc_name=userguide&lng_abb=enu

ESET ENDPOINT ANTIVIRUS 6

ESET, spol. s r. o., 2017ESET Endpoint Antivirus ESET, spol. s r. o. . - www.eset.ua. . , - - - (, , , , ) - .ESET, spol. s r. o. - .

: www.eset.com/support

. 9/6/2017

http://www.eset.com/support

.......................................................5ESET Endpoint Antivirus 6.61.

....................................................................................................5 6.61.1

....................................................................................................5 1.2

....................................................................................................6 1.3

.......................................................8

, ESET RemoteAdministrator

2.

....................................................................................................9ESET Remote Administrator Server2.1

....................................................................................................9-2.2

....................................................................................................10-2.3

....................................................................................................102.4

....................................................................................................10RD Sensor2.5

.......................................................11 ESET EndpointAntivirus

3.

....................................................................................................11 ESET AV Remover3.1..............................................................................12ESET AV Remover3.1.1

..............................................................................14 ESET AVRemover

3.1.2

....................................................................................................153.2..............................................................................17 3.2.1

....................................................................................................19 ERA ( )3.3

....................................................................................................21 3.4

....................................................................................................21 3.5

....................................................................................................21 3.6

....................................................................................................22 3.7..............................................................................22 3.7.1

..............................................................................25 3.7.2

....................................................................................................26 3.8..............................................................................27 ESET Endpoint Antivirus3.8.1

..............................................................................27 ESET Endpoint Antivirus3.8.2

..............................................................................28

3.8.3

..............................................................................28 3.8.4

..............................................................................28 3.8.5

..............................................................................29 (24 )

3.8.6

..............................................................................29 ESET Endpoint Antivirus ESET RemoteAdministrator

3.8.7

..............................................................................29 3.8.8

..............................................................................30 Windows 10 ESETEndpoint Antivirus

3.8.9

..............................................................................30 3.8.10

..............................................................................32 (RMM)

3.8.11

....................................................................................................34 ESET Endpoint Antivirus3.9..............................................................................353.9.1

..................................................................................363.9.1.1

........................................................................37 3.9.1.1.1

..................................................................................39 3.9.1.2

..................................................................................39 3.9.1.3

........................................................................40 ThreatSense3.9.1.3.1

........................................................................41 3.9.1.3.2

........................................................................41 3.9.1.3.3

........................................................................41

3.9.1.3.4

........................................................................41 ,

3.9.1.3.5

..................................................................................42 3.9.1.4

........................................................................43 3.9.1.4.1

........................................................................45 3.9.1.4.2

........................................................................46 3.9.1.4.3

..................................................................................46 3.9.1.5

........................................................................47 3.9.1.5.1

........................................................................48 3.9.1.5.2

..................................................................................50 3.9.1.6

..................................................................................50 3.9.1.7

..................................................................................51 (HIPS)3.9.1.8

........................................................................53 3.9.1.8.1

........................................................................54 HIPS3.9.1.8.2

..................................................................................54 3.9.1.9

..................................................................................55 3.9.1.10

........................................................................55

3.9.1.10.1

..................................................................................56 3.9.1.11

..................................................................................563.9.1.12

..................................................................................57 ThreatSense3.9.1.13

........................................................................623.9.1.13.1

..............................................................................63 3.9.2

..................................................................................63 3.9.2.1

........................................................................64- 3.9.2.1.1

........................................................................64 3.9.2.1.2

........................................................................65 IP-3.9.2.1.3

........................................................................65SSL/TLS3.9.2.1.4

........................................................................66 SSL-3.9.2.1.4.1

........................................................................66 3.9.2.1.4.2

........................................................................67 , SSL/TLS

3.9.2.1.4.3

..................................................................................68 3.9.2.2

........................................................................68 3.9.2.2.1

........................................................................69 3.9.2.2.2

........................................................................70 3.9.2.2.3

..................................................................................71 3.9.2.3

........................................................................72-3.9.2.3.1

........................................................................72 URL-3.9.2.3.2

..................................................................................73 -3.9.2.4

..............................................................................75 3.9.3

..................................................................................78 3.9.3.1

........................................................................80 3.9.3.1.1

........................................................................80 3.9.3.1.2

........................................................................81 3.9.3.1.3

........................................................................81- HTTP3.9.3.1.4

........................................................................82 3.9.3.1.5

........................................................................833.9.3.1.6

........................................................................85 3.9.3.1.6.1

........................................................................87

3.9.3.1.6.2

..................................................................................87 3.9.3.2

..............................................................................883.9.4

..................................................................................893.9.4.1

........................................................................90 3.9.4.1.1

..................................................................................90 -3.9.4.2

..................................................................................913.9.4.3

..................................................................................93 3.9.4.4

..................................................................................93 3.9.4.5

..................................................................................94ESET SysInspector3.9.4.6

..................................................................................94ESET LiveGrid3.9.4.7

..................................................................................96 3.9.4.8

..................................................................................97 3.9.4.9

..................................................................................98 3.9.4.10

..................................................................................1003.9.4.11

..................................................................................101 Microsoft Windows3.9.4.12

..................................................................................101ESET CMD3.9.4.13

..............................................................................102 3.9.5

..................................................................................103 3.9.5.1

..................................................................................105 3.9.5.2

..................................................................................106 3.9.5.3

........................................................................107 3.9.5.3.1

..................................................................................107 3.9.5.4

..................................................................................108 3.9.5.5

....................................................................................................109 3.10..............................................................................109 3.10.1

..............................................................................1093.10.2

..............................................................................110 3.10.3

..............................................................................111 3.10.4

..............................................................................112 3.10.5

..............................................................................113ESET SysInspector3.10.6

..................................................................................113 ESET SysInspector3.10.6.1

........................................................................113 ESET SysInspector3.10.6.1.1

..................................................................................114 3.10.6.2

........................................................................114 3.10.6.2.1

........................................................................116 ESET SysInspector3.10.6.2.2

........................................................................117 3.10.6.2.2.1

........................................................................118 ""3.10.6.2.3

..................................................................................119 3.10.6.3

..................................................................................120 3.10.6.4

........................................................................120 3.10.6.4.1

........................................................................120 3.10.6.4.2

........................................................................123 3.10.6.4.3

..................................................................................123 3.10.6.5

..................................................................................124ESET SysInspector ESET Endpoint Antivirus3.10.6.6

..............................................................................125 3.10.7

..................................................................................126 RMM3.10.7.1

..................................................................................128 JSON3.10.7.2

........................................................................128 3.10.7.2.1

........................................................................129 3.10.7.2.2

........................................................................132 3.10.7.2.3

........................................................................132 3.10.7.2.4

........................................................................134 3.10.7.2.5

........................................................................134 3.10.7.2.6

........................................................................136 3.10.7.2.7

........................................................................137 3.10.7.2.8

........................................................................137 3.10.7.2.9

........................................................................138 3.10.7.2.10

........................................................................139 3.10.7.2.11

........................................................................140 3.10.7.2.12

........................................................................141 3.10.7.2.13

....................................................................................................1423.11..............................................................................142 3.11.1

..................................................................................1423.11.1.1

..................................................................................1423.11.1.2

..................................................................................142 3.11.1.3

..................................................................................1433.11.1.4

..................................................................................143 3.11.1.5

..................................................................................143 3.11.1.6

..................................................................................1443.11.1.7

..................................................................................144 3.11.1.8

..................................................................................144 3.11.1.9

..............................................................................147 3.11.2

..................................................................................1473.11.2.1

..................................................................................1473.11.2.2

..................................................................................1483.11.2.3

..................................................................................148 3.11.2.4

..............................................................................148 ESET3.11.3

..................................................................................148 3.11.3.1

..................................................................................148 3.11.3.2

..................................................................................149ESET LiveGrid3.11.3.3

..................................................................................149 Java3.11.3.4

..................................................................................149 3.11.3.5

5

1. ESET Endpoint Antivirus 6.6ESET Endpoint Antivirus 6 . ThreatSense , . , , , .

ESET Endpoint Antivirus 6 , , . , ,, , , .

ESET Endpoint Antivirus 6 . ESET Endpoint Antivirus ESET Remote Administrator - , , - .

1.1 6.6

ESET Endpoint Antivirus 6.6 . , 6.6 ESET Endpoint Antivirus.

Antimalware Scan Interface (AMSI) Powershell (wscript.exe, cscript.exe).

JavaScript -.

(Windows 8.1, 10).

( -).

ESET Endpoint Antivirus ESET LiveGrid.

, .

(RMM) ESET Endpoint Antivirus.

1.2

ESET Endpoint Antivirus .

:

32- (x86) 64- (x64) , 1 (. 1)

: Microsoft Windows 10/8.1/8/7/Vista/XP SP3 (32-)/XP SP2 (64-)

, ESET , , 0,3 (. 2) 1 (. 3) : 1024x768 (. 4)

, , , .

6

(1). Windows XP .(2). , , (, URL-).(3). , , . (, , ), ( ). , ESET.(4). ( ).

1.3

( - ), , , . , .

ESET LiveGrid . . . , ESET , . . , . .

, . , , , . . Microsoft Windows -, Internet Explorer, , .

, , , . , DVD- . .

, , . . , , .

. . , : , . :

7

- .

, . -.

, .

.

8

2. , ESETRemote AdministratorESET Remote Administrator (ERA) , ESET . ESET RemoteAdministrator ESET . ESET Remote Administrator , , ESET .

ESET , . Microsoft, Linux Mac OS, ( ), .

, ESET ERA.

ESET Remote Administrator.

http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA

9

2.1 ESET Remote Administrator Server

ESET Remote Administrator Server ESET Remote Administrator. , , , ( ERA). ERA . ( , , ) . ERA . , ERA ., ERA, ,- RD Sensor, . ERA ( ), - ERA. - ERA, ESET .

2.2 -

- ERA , ERA , ESET . - . , , ESET , . - -, ESET Remote Administrator - .

- :

. , IPv4/IPv6 , , Enter, . , .

ESET Remote Administrator.

http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA

10

2.3 -

- ERA ESET Remote Administrator . (, 10000 ) - ERA , ERA. ERA Proxy . , ERA ERA - ERA, , . . - ERA ERA, ERA ( - ERA). , .

, - ERA , ERA.

- ERA ESET. , ERA -ERA, .

2.4

ERA ESET Remote Administrator. ESET (, ESET Endpoint Security) ERA . ESET . . . ERA ( -).

ESET .

1. .2. -.3. -.

ESET ESET, , , .

- ESET , , - .

2.5 RD Sensor

RD (Rogue Detection) Sensor ESET Remote Administrator, . ESET Remote Administrator . , , - . .

RD Sensor , ERA. ERA ( ).

11

3. ESET Endpoint Antivirus , ESET Endpoint Antivirus ESET RemoteAdministrator. ESET Endpoint Antivirus ( ).

3.1 ESET AV Remover

, . ESET AV Remover. ESET AV Remover . ESET EndpointAntivirus ESET AV Remover, ( ).

http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3527

12

3.1.1 ESET AV Remover

ESET AV Remover - , . ESET AV Remover, .

1. ESET, , ESET AV Remover.

2. , . , ESET Endpoint Antivirus , .

3. ESET AV Remover .


13

4. - . .

5. .

14

6. , ESET Endpoint Antivirus. , ESET AV Remover.

3.1.2 ESET AV Remover

ESET AV Remover, , ESET AV Remover. , , Windows ESET.

, . UAC .

ESET, AppRemover.log ESET. AppRemover.log eset. , %TEMP% Windows Explorer. ESET .

http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3527http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN146http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN146

15

3.2

.

!, . , . . . , ( ).

. , . , .


16

" " , ESET LiveGrid. ESET LiveGrid ESET , . ESET, , .

. , . . . , (, ESET ).

.

17

3.2.1

, .

, . :

C:\Program Files\ESET\ESET Endpoint Antivirus\

. :

C:\Program Files\ESET\ESET Endpoint Antivirus\C:\ProgramData\ESET\ESET Endpoint Antivirus\

..., ( ).

-, - . IP- URL- - . , - , , InternetExplorer () . -, -. . -.

18

, . ..., .

, . , . , .

. . , ESET Endpoint Antivirus. , , .

, .

19

3.3 ERA ( )

, ,, . msiexec.

:

APPDIR=o path .o .o : ees_nt64_ENU.msi /qn APPDIR=C:\ESET\ ADDLOCAL=DocumentProtection

APPDATADIR=o path .o .

MODULEDIR=o path .o .

ADDLOCAL=o , .o .msi ESET: ees_nt64_ENU.msi /qn ADDLOCAL= o ADDLOCAL http://

msdn.microsoft.com/uk-ua/library/aa367536%28v=vs.85%29.aspx.

o ADDLOCAL ( ).o , , ( ).o , .

o : - .o : .o : , .o : , ,

.

Endpoint 6.1.

/ / >

/ >

/ >

/

/

/

http://msdn.microsoft.com/en-us/library/aa367536%28v=vs.85%29.aspxhttp://msdn.microsoft.com/en-us/library/aa367536%28v=vs.85%29.aspx

20

/

/

/ /

MailPlugins

/ /

/- - Microsoft NAP Microsoft NAP

o , .

o , .

ees_nt64_ENU.msi /qn ADDLOCAL=WebAndEmail,WebAccessProtection,ProtocolFiltering

ees_nt64_ENU.msi /qn ADDLOCAL=WebAndEmail,EmailClientProtection,Antispam,MailPlugins

CFG_:

CFG_POTENTIALLYUNWANTED_ENABLED=1/0 0 , 1 PUA

CFG_LIVEGRID_ENABLED=1/0 0 , 1 LiveGrid

CFG_EPFW_MODE=0/1/2/3 0 , 1 , 2 , 3

CFG_PROXY_ENABLED=0/1 0 , 1

CFG_PROXY_ADDRESS= IP- -

CFG_PROXY_PORT= -

CFG_PROXY_USERNAME=

CFG_PROXY_PASSWORD=

SCCM, :

ACTIVATION_DLG_SUPPRESS=1 1 ( ) 0 ( )

21

3.4

.

, ESET Endpoint Antivirus. . ESET Endpoint Antivirus.

3.5

. , Smart-. . .

3.6

ESET Endpoint Antivirus , . :

1. , . , . , .

2. , .3. , ESET Remote

Administrator.

22

3.7

ESET Endpoint Antivirus .

3.7.1

ESET Endpoint Antivirus . , , , .

.

: ESET Endpoint Antivirus.

: Smart-, . , .

: .

: , .

: " ", " ", " "," ", "", "", ESET SysInspector ESET SysRescue -. .

: , ESET - ESET. , .

. , .

http://go.eset.eu/knowledgebase?lng=1058&segment=business

23

ESET EndpointAntivirus .

. , . , , . , , .

24

(!) , . .

: .

: . ESET Endpoint Antivirus .

- : , .

: . .

: . . , .

(HIPS) : , HIPS " ". . , HIPS.

ESET LiveGrid : , ESET LiveGrid " ".

: ESET Endpoint Antivirus , .

: , .

: . . , .

"i" . :

: , .

: . , .

: , .

- : -, .

: , , (, ). . .

: , .

, , ESET. , ESET. ESET .

, ERA, .

http://go.eset.eu/knowledgebase?lng=1058&segment=business

25

3.7.2

. . > , .

, , .

26

( > F5 , ) . (, , -, ), . , . . ESET . , .

, . , > .

. . ESET Endpoint Antivirus. , ESET, .

3.8

, . , , :

ESET Endpoint Antivirus ESET Endpoint Antivirus ( 24 ) ESET Remote Administrator

, ESET Endpoint Antivirus , .

27

, ESET, .

Sirefef (ZeroAccess)? , ESET?

. - .

3.8.1 ESET Endpoint Antivirus

ESET Endpoint Antivirus . , .

, . > ( , ).

3.8.2 ESET Endpoint Antivirus

.

. , (CD-/DVD-, -ESET ).

ESET Endpoint Antivirus ,

. > > .

ESET Endpoint Antivirus, .

XXXX-XXXX-XXXX-XXXX-XXXX, .

, ESET License Administrator ( + ). .

, ESET . (.lf), . . ESET License Administrator.

, , ESET Remote Administrator. , .

, , ESET Endpoint Antivirus, . ? ESET, , .

. > . , ESET. , , . ,

.

http://go.eset.eu/knowledgebase?lng=1058&segment=bussineshttp://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2895http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3281http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN332http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN332https://ela.eset.com/http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=activation.htm

28

ESET Remote Administrator , . ESET RemoteAdministrator.

3.8.3

, ESETLicense Administrator, .

3.8.4

, , , "" , .

1. .

2. Smart-, .

3. , , .

4. , .

. ESET, .

3.8.5

, > .... :

: .

, . .

: , .

: ESET SysInspector, (, , ) .

: .

: , .

, , .

. . . : , ,, . , , , . . , , . .

, ( )

. , .

http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=client_tasks_product_activation.htmhttp://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=client_tasks_product_activation.htmhttps://ela.eset.com/https://ela.eset.com/http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2505

29

, , . . , . , . .

3.8.6 ( 24 )

, , > . 24 .

, .

1. " ".

2. .

3. .

4. 24 .

5. , - .

6. .

7. .

8. , .

3.8.7 ESET Endpoint Antivirus ESET Remote Administrator

ESET Endpoint Antivirus , ESET RemoteAdministrator, ERA. - , ERA. ESET RemoteAdministrator RD Sensor . , RD Sensor, -.

ESET . ESETRemote Administrator.

3.8.8

ESET Endpoint Antivirus , ESET Endpoint Security ESET EndpointAntivirus.

ESET Endpoint Antivirus HTTP-

F5, , > ., AUTOSELECT. HTTP- > > .

. ESET . > > . .

http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=fs_product_installation.htmhttp://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=fs_product_installation.htm

30

HTTP-, HTTP-.

3.8.9 Windows 10 ESET Endpoint Antivirus

Windows 10, ESET . Windows 10.

6.x

, Microsoft Windows 10.

32- ESET Endpoint Security 6 32- ESET EndpointAntivirus 6


5.x

, Microsoft Windows 10.



ESET, .

ESET Windows 10.

3.8.10

ESET Endpoint ( 6.5 ) Windows, , . ESET, . AD . 4 .

, - ERA . ( ).

, .

1. > > .

2. .

3. ESET Endpoint Windows.

4. .

http://http://download.eset.com/download/win/ees/ees_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/ees/ees_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/ees/v5/ees_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/ees/v5/ees_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://www.eset.com/download/business/http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3747

31

5. , .

6. , .

ERA Server ERA, " " ( ) " ".

1. .

2. .

3. ESET .

4. , ( , Active Directory).

5. ESET .

6. .

7. , .

, - , . ERA , .

.

32

1. > > .2. . ESET Endpoint Windows.3. ,

AD.4. , .5. ESET

.6. - ERA , , .7. ,

.8. . , ,

.9. , .10. .11. , .12. .13. , .14. , .

3.8.11 (RMM)

(RMM) (, , ) , .

ESET RMM . ESET RMM, " " (F5) . ESET RMM RMM.

: RMM . :

33

.

: RMM. , . .

RMM , ESET Endpoint.

: , , RMM.

: RMM. , .: . , .: .

ESET Endpoint Antivirus ermm.exe (, : c:\Program Files\ESET\ESET Security). ermm.exe RMM, RMM, RMM.

ermm.exe , ESET, - RMM.

RMM , Windows. RMM (, Kaseya), ermm.exe.

RMM (, Kaseya), Windows. RMM.

RMM . RMM: Kaseya, Labtech, Autotask, Max Focus Solarwinds N-able.

34

3.9 ESET Endpoint Antivirus

ESET Endpoint Antivirus , .

- ESET Remote Administrator . "" , , . , . ERA.

:

:

: , .

: Microsoft Office , , Internet Explorer (, Microsoft ActiveX).

HIPS: HIPS .

: , , . ( ), .

: , , . , .

http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?Admin_POL_Flags.htm

35

.

: , , HTTP HTTPS, .

: POP3 IMAP.

-: , , -, .

, . , .

, .

ERA, . , (, ), , ESET Remote Administrator. ESET Remote Administrator.

, , .

,

- .

. .xml , /. /.

(F5).

3.9.1

> . , . .

, , .

, (F5) > > . , "" > "" " ". " " .

: , , , . . , .

...: , (, ).

http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?admin_pol_override.htmhttp://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?admin_pol_override.htm

36

3.9.1.1

, , -. , : , , .

, F5.

(, , ) .

, . . .

, . , (, , ). . . .

, . , .

, , . , .

. , . , . , , , , , . , , .

AMSI: Microsoft AntimalwareScan Interface, ( Windows10).

37

3.9.1.1.1

, -, , (USB, , CD-, DVD-, ).

ESET Endpoint Antivirus , .

. . , . .

38

, , . : , . , . , , .

, , . , . , .

"" , ( ).

( ), .

, . , , . , . , , .

(, , , ), .

ESET Endpoint Antivirus " ".

Smart- ( . ).

, .

, .

39

3.9.1.2

. , . , . ESET Endpoint Antivirus . .

:

: IP- , .

: ( , " ").

: ESET ( ).

3.9.1.3

, . , . .

. (, ) , > .

:

: . : - DVD-, USB , Bluetooth . : .

40

,, .

, . , .

: , .

: , .

: , .

: .

: .

. , . , ThreatSense (. ThreatSense), , - . , .

, ( ). . Smart-. Smart-, , . , F5 , > . ThreatSense > Smart-.

3.9.1.3.1 ThreatSense

ThreatSense : , . . , , . , (.sfx) ( ). 10- , . , .

, . ThreatSense.

ThreatSense : . , Smart- ESET LiveGrid, .

41

3.9.1.3.2

. , ThreatSense ).

: . . , , .

: ( ). . , . , , .

: . . , , .

, . ( ) , . , , .

3.9.1.3.3

, , eicar.com. , . (EICAR) . http://www.eicar.org/download/eicar.com

3.9.1.3.4

, . . .

ESET Endpoint Antivirus , . ,

( > > ).

3.9.1.3.5 ,

, , .

, . , .

, , . , (F5) > > . , .

http://www.eicar.org/download/eicar.comhttp://www.eicar.org/download/eicar.com

42

, . , . ESET, .

, , , . , ESET.

3.9.1.4

ESET Endpoint Antivirus. . , . (, ) , , . , , .

. Smart- . , .

. .

Smart-

Smart- . Smart- . Smart- , . . , . .

, (, ). , . . , .

, > , . , , . , , . , ... > ThreatSense > .

, .

Smart-, (, CD-/DVD-/USB), . USB, .

, ,

43

.

(" ", " " ""), .

: , . 60 . , .

. > .

3.9.1.4.1

, > . ().

(, , , ), . , . .

: , .

: , USB, -/DVD-.

: .

: .

: .

( ), . , .

44

. . , , . , , ... > ThreatSense > . .

, . Smart-. . ThreatSense. ..., , " ". ThreatSense.

, , ( ).

, .

. , , .. , , , UAC .

45

3.9.1.4.2

, , .

, , ( pagef ile.sys ), . .

, . , .: , , . : , .: .: . , .: . : , , .

46

3.9.1.4.3

, :

;

;

, ;

;

;

;

.

3.9.1.5

ESET Endpoint Antivirus (CD/DVD/USB ). , . , .

:

( , USB)

-/DVD

USB-

FireWire

Bluetooth

-

LPT/COM

47

(F5) > .

ESET EndpointAntivirus. , . , .

, , , .

3.9.1.5.1

, , .

( ), , . , , , , , .

, . , , . , .

: , .

, .

: .

/ // .

. ESET Endpoint Antivirus > .

48

3.9.1.5.2

, , .

, . , . , .

( / /Bluetooth/FireWire ). . , . , USB FireWire. - - , SIM- . . , , .

. , .

, . , , .

/: .

: .

: , .

: (/), . : , .

49

: (). . , , (, Bluetooth, , ).

: .

. ( ).

: .

: .

: , . -/DVD-, , .

, . . (*, ?) .

, , .

: .

: , .

: , , .

: .

: .

, .

: : , .

: .

(, , ).

50

3.9.1.6

ESET Endpoint Antivirus (CD/DVD/USB ). . , .

, : , (CD/DVD/USB). , , .

: , .

: .

: " ".

:

: .

: .

: .

: , .

, ESET Endpoint Antivirus , . .

3.9.1.7

> > . , .. , . , , .

, ( ) . , , .

, ( > , ).

:

;

;

.

51

ThreatSense, (, ) .

3.9.1.8 (HIPS)

HIPS . .

(HIPS) , . HIPS , . HIPS : , .

HIPS (F5) > > HIPS > . HIPS (/) ESET Endpoint Antivirus( > ).

ESET Endpoint Antivirus , , . HIPS , Windows.

. , . . . .

, , -, PDF-, MS Office. . . .

.

52

: ( , ).

: .

: .

: .

: , . , , , , . " HIPS" " ", . ( 14). , HIPS . .

: , ESET Endpoint Antivirus .

HIPS , , . HIPS . , , .

, .

53

1. .2. . 3. . ESET Remote Administrator

.4. ,

. .

5. - , , - . .

6. , , . ( , , F1).

7. , , .

8. , .

3.9.1.8.1

.

, : , , .

: HIPS.

, : , .

. .


54

3.9.1.8.2 HIPS

, . . , .

, HIPS, , . . . , , , . , .

(/) , HIPS . , .

3.9.1.9

, , . , . , , . , .

> , . (F5) > , , ESET Endpoint Antivirus . , , . , .

, . , , .

55

, , .

3.9.1.10

. , .

. , >, , . (. ).

. .

3.9.1.10.1

, .

, , . :

( )

,

,

,

, ( )

:

, : , ( , , , winlogon, " ", dll ).

, , (, , HKEY_CURRENT_USER\SOFTWARE\Microsof t\Windows\CurrentVersion\Run).

, , .

: , :

: , .

: .

: .

: .

56

3.9.1.11

Microsoft Office , , Internet Explorer ( Microsoft ActiveX). , . , Microsoft Office.

. , F5 , > .

, Microsoft Antivirus API(, Microsoft Office 2000 Microsoft Internet Explorer 5.0 ).

3.9.1.12

"" . , . , . , , , (, ).

, .

1. .2. .

, . (?) , (*) , .

, "*.*".

, , "D:\*".

doc, "*.doc".

( ), (, "D"), : "D????.exe". ().

57

, .

: .

: , , . , . . ( , ) > , .

: .

: .

: .

3.9.1.13 ThreatSense

ThreatSense , . , . ( , , , ), , . , . , ThreatSense .

ThreatSense :

, ;

;

.

, ThreatSense - , ThreatSense (. ). . , ThreatSense :

;

;

;

;

;

;

.

ThreatSense , . , , ( ). ThreatSense , .

, .

: , .

58

: .

: : DBX (Outlook Express) EML.

: : ARJ, BZ2, CAB, CHM, DBX, GZIP, ISO/BIN/NRG, LHA, MIME, NSIS,RAR, SIS, TAR, TNEF, UUE, WISE, ZIP, ACE .

: SFX .

: ( ) . (UPX, yoda, ASPack, FGS ), .

. .

: , . , . ( ) .

/DNA/Smart-: , ESET, , . ESET . . . , ( ).

, , . . ESET , .

!

, , .

1. /: .

2. : .3. ,

/ .

59

, , . , > > -.

ESET , .

, .

60

- . , , .

1. ESET. ESET? 2. F5, .3.

, . , OK.

, . , , , . - . . ESET , .

. ESET.

.

: , (. ). , , (, , ). .

. 3 .

: . . , , .

http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3152http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2629http://www.virusradar.com/en/glossary/pua

61

: ( ). . , . , , .

: . . , , .

, . ( ) , . , , .

, . . ThreatSense , .

ThreatSense .

(ADS): NTFS , , . , .

: . , , .

: , , . , , , .

Smart-: Smart- , , . , . Smart-, ThreatSense .

: , , (, ).

"" , .

: , . , . , . : .

(): .

62

, , , . : .

: . : 10.

: , ( ), . : .

, .

3.9.1.13.1

, . . ThreatSense , .

. - , .

, . , .edb, .eml .tmp Microsoft Exchange.

. , , OK. , , , . , . , . , .

? ( ). - .

( ) Windows , > > .

63

3.9.2

> . .

. , . , .

POP3 IMAP. plug-in ESET Endpoint Antivirus (POP3, IMAP, HTTP, MAPI).

- , -, . - . . -.

: , -

.

3.9.2.1

ThreatSense, . , - . (SSL), > SSL.

: . , ESET Endpoint Antivirus ( , , , -) .

: .

64

, .

IP-: . , .

: Windows XP , , .

3.9.2.1.1 -

Windows Vista 1 Windows Server 2008, Windows (Windows Filtering Platform,WFP). WFP , - .

, . - . ESET Endpoint Antivirus -. , , -. - , , .

3.9.2.1.2

, . HTTP/POP3/IMAP, , . , .

, , .

: .

: .

65

3.9.2.1.3 IP-

IP- . HTTP/POP3/IMAP, , . .

: , IP-, , .

: .

: .

3.9.2.1.4 SSL/TLS

ESET Endpoint Antivirus , SSL. SSL-, , , SSL-.

SSL/TLS: , SSL-.

SSL/TLS .

: , SSL-, . , . , ( ), , .

: - SSL ( ) , . SSL, .

, SSL v2: , SSL.

: SSL

66

, () ESET. . , ESET (, Opera Firefox). , , (, Internet Explorer).

, > > , .

TRCA( ), , (, - ), . (,) , TRCA. ( ), , . , , , .

, , . , .

ESET Endpoint Antivirus SSL.

3.9.2.1.4.1 SSL-

SSL-, .

: - , , ESETEndpoint Antivirus ( "" , , "" ), , ( ).

: SSL , - , ( ). , SSL-. ESET Endpoint Antivirus , .

. .

3.9.2.1.4.2

ESET Endpoint Antivirus SSL, , SSL/TLS . (F5) > > SSL/TLS > .

.

: .

: .

67

: , , .

: , , . , . , .

: , , . , , . , .

: ; .cer, .crt .pem. , , URL, .

: , , .

: .

OK/: OK, , , .

3.9.2.1.4.3 , SSL/TLS

, SSL/TLS , ESET Endpoint Antivirus , , SSL/TLS . , (F5)> > SSL/TLS> , SSL/TLS.

, SSL/TLS .

: .

: , . , , . , .

: .

: , , .

: .

OK/: OK, , , .

68

3.9.2.2

3.9.2.2.1

ESET Endpoint Antivirus . , ESET Endpoint Antivirus. , ESET Endpoint Antivirus ( Windows Live Mail ), . > > > > .

: Microsoft Outlook, Outlook Express, Windows Mail Windows LiveMail. plug-in . plug-in . , . , . ESET.

, (POP3,IMAP).

, ( MS Outlook). Kerio Outlook Connector Store.

: , . : / . : / . : / .

,

: , . : . "": "". : .

: , .

: / .

: ( POP3, IMAP).

(" " (F5) >" " > " " > " ").


69

3.9.2.2.2

IMAP POP3 , . ESET Endpoint Antivirus .

IMAP/IMAPS POP3/POP3S . , > > .

: .

Windows Vista IMAP POP3 . Windows XP , IMAP/POP3. , .

ESET Endpoint Antivirus IMAPS POP3S, . ESET Endpoint Antivirus , SSL (Secure Socket Layer ) TLS(Transport Layer Security ). , , IMAPS/POP3S, .

, . , SSL/TLS, , SSL/TLS, SSL/TLS.

70

3.9.2.2.3

, POP3 IMAP. plug-in Microsoft Outlook ESET Endpoint Antivirus (POP3, MAPI, IMAP, HTTP). , ThreatSense. , , . , POP3 IMAP, , .

> > .

ThreatSense: , . , .

. - , - . , - HTML- . - . :

: - .

: , ( ).

: .

: , . ( ). , .

, : , . "!", ("[virus]"), : "[virus] !". %VIRUSNAME% .

71

3.9.2.3

. , . - HTTP( ) HTTPS ( HTTP).

- . - ThreatSense . : .

. , ESET Endpoint Antivirus > > .

(F5) > > :

-: , -.

URL-: HTTP-, , .

ThreatSense: , ,, ( , ), .

72

3.9.2.3.1 -

ESET Endpoint Antivirus HTTP, -.

Windows Vista HTTP . Windows XP , HTTP, (F5) > > > - > HTTP. HTTP , .

ESET Endpoint Antivirus HTTPS. HTTPS . ESET EndpointAntivirus , SSL (Secure Socket Layer ) TLS (Transport Layer Security ). , , HTTPS, .

, . , SSL/TLS, , SSL/TLS, SSL/TLS.

3.9.2.3.2 URL-

URL- HTTP-, , .

- , . - , , .

SSL, HTTPS - HTTP. HTTPS, URL-.

: (*) (?). - , - . , . , , * ? . HTTP-/ , , . , . , .

HTTP-, , * .

73

: . , . , - , . , .

: . , .

: . , , .

3.9.2.4 -

"" ( ). , , , - . . . ESET Endpoint Antivirus -, -, , , .

ESET Endpoint Antivirus. (F5) > -.

, - ESET Endpoint Antivirus.

-

- . -, ( ).


74

-, , . - , URL-. (F5) > > URL-> , -, .

/ - ESET .

- ESET, , .

- .

- . .

- . [email protected]. - (, -, , ).

http://phishing.eset.com/report/ukrhttp://phishing.eset.com/remove/ukrhttp://phishing.eset.com/remove/ukrmailto:[email protected]

75

3.9.3

ESET Endpoint Antivirus . , . : .

, , , , . , .

, , , . . . , , , ESET.

ESET Endpoint Antivirus , , , . , .

ESET ESET Endpoint Antivirus.

: ESET Endpoint Antivirus.

: . , : , .

: .

: , .

76

, . . , .

! . , , . .

: . . .

77

.

1. : . . ( , F5 ) . > .

78

2. : . (, - -). - , , . -, .

. ESET.

3.9.3.1

(F5) . (, ).

. , , .

, , / .

: ( ), . : 7.

, / ,


79

. , , .

ESET Endpoint Antivirus . , . , .

( (F5) > > ), , .

, . , , ESET ( HTTP).

, , . , .

. ESET . ( - ) , . - . , , . , X. , , .

80

: . , . , .

: , . , . , .

. . ESET .

HTTP- ( "") :http://____IP-:2221.

HTTP- SSL : https://____IP-:2221.

: \\computer_name_or_its_IP_address\shared_f older

, . - . .

3.9.3.1.1

. , , .

( ). , , .

3.9.3.1.2

( (F5) > > ), , .

( ) . , .

,

https://???_?????????_???_????_IP-??????:2221.

81

.

, 10646. 10645 10643 . , 10644 (, , , 10644, ). 2 , ( ) 10643. . , ESET Endpoint Antivirus .

3.9.3.1.3

, . .

. . . .

: . , .

: . , .

: . , .

, . . , .

: . ESET Endpoint Antivirus , .

, .

, , (), .

3.9.3.1.4 - HTTP

- , (F5) > - HTTP. - .

-

-

-

-, -, > > -.

-, , ESET Endpoint Antivirus -.

82

- .

- ESET Endpoint Antivirus ( > -). : - (), (3128 ), - ( ).

- , ESET EndpointAntivirus - .

-. Internet Explorer, (, ), , - HTTP . .

- -.

, - : - , .

( ) -. , . , / ESET Endpoint Antivirus. , , - .

3.9.3.1.5

Windows NT .

, :

( ),

,

.

( ), . , , .

, , . , , .

, , . , . , . .

, . . : _\ ( __\) . HTTP- .

83

, , .

3.9.3.1.6

ESET Endpoint Antivirus , . ( ) , . - . . .

- . , F5, > .

, . , , .

HTTP-: , HTTP ( ).

HTTP-, Windows XP 2 .

- . : HTTP-.

, ,

84

. , , C:\ProgramData\ESET\ESET Endpoint Antivirus\mirror, , . , . Windows NT/2000/XP, . : / /. .

: , . .

HTTP-

: 2221.

: . : , NTLM. , base64 . NTLM . . , , .

, HTTP- HTTPS (SSL). : ASN, PEM PFX. HTTPS. . ( ). , .

: ( ), .

85

. . .

, , .

: . . .

: .

3.9.3.1.6.1

, . HTTP-.

HTTP-

, . HTTP-, > > > .

HTTP- , HTTP-, ( ), HTTP-. 2221. . : , NTLM. , base64 . NTLM . . , , .

HTTP-, , ESET Endpoint Antivirus, .

SSL HTTP-

, HTTP- HTTPS (SSL). : PEM, PFX ASN. HTTPS. . , , .

, () . > > > . .

86

- . .

(F5) > > .

:http://IP___:2221https://IP___:2221 ( SSL)

. , , , ESET Endpoint Antivirus .

> > > , HTTP-. .

, . , ESET Endpoint Antivirus (F5) > > . , .

\\UNC\ .

1. ESET Endpoint Antivirus > > .2. \\UNC

\PATH.

UNC. .

87

. . , , , . . .

3.9.3.1.6.2

- : , , , , . , .

ESET Endpoint Antivirus -: , ( ), . , Windows, , OK. .

ESET Endpoint Antivirus : , ( ) . , . , . , /_ _/_ . - " ", , - . " " " - ". , . , " ", .

ESET Endpoint Antivirus -: , HTTP- , .

3.9.3.2

, , .

. , > . ESET Endpoint Antivirus .

. , . . .

88

3.9.4

, .

:

( ESET LiveGrid ESET Endpoint Antivirus)

ESET SysInspector

: ESET. , , .

ESET SysRescue: ESET SysRescue Live, ESET SysRescueLive Live CD/USB Creator Microsoft Windows.

89

3.9.4.1

. , . . , , . ESET Endpoint Antivirus. .

, > . . :

: , ESET EndpointAntivirus. , , , , , . - , .

: , ESET Endpoint Antivirus, . , . , . , .

: . . - , .

: , . , , , .

HIPS: , . , , ( ), .

-: -, . , URL-, , .

: , . , . , . , , ().

( Ctrl + C). . Ctrl Shift .

, , .

90

, . .

: .

: (, ).

.../...: .

: .

: ( ).

/ : .

/ : ( ).

...: XML.

: XML.

: , .

3.9.4.1.1

. .

. , .

: :

: , , .

: , , .

: .

: , " ", .

: ( , ). : , .

: , , .

: , .

: , .

3.9.4.2 -

- . . . ESET Endpoint Antivirus - .

-, - >-. - ESET Endpoint Antivirus. , .

- , -, - .

- , - . ,

91

- . , Internet Explorer.

-.

, - : - HTTP, , - ESET.

- : > > - HTTP - -. . , . , . .

3.9.4.3

"" .

"" ESET Endpoint Antivirus, > . , , , .

: , , . ( ). - , : , , . , .

:

( )

( )

( , ), ... .

1. .

2. .

92

3. :

: .

: , . .

: , .

: ESET SysInspector, (, , ) .

: .

: , .

4. , ( , / ), :

: .

: .

: .

: .

: , .

5. , , , . . , , :

, ( )

, .

93

3.9.4.4

, ESET Endpoint Antivirus, > . , . , .

:

: .

: , .

: , .

-: , -.

, , . , , , .

3.9.4.5

, > . , . .

.

1 : 10.

1 ( 24 ): 24 .

1 ( ): .

1 ( ):

94

().

( ) ( ) . ()//. , .

3.9.4.6 ESET SysInspector

ESET SysInspector , , , . , . , .

SysInspector :

: .

: .

: , .

: .

:

: . .

: .

...: . , , ESET SysInspector ( "").

: .

:

: ESET SysInspector ( ).

: .

...: . , , ESET SysInspector ( "").

: .

...: .xml .xml.

3.9.4.7 ESET LiveGrid

ESET LiveGrid , . . , ESET . ESET LiveGrid. ESET Endpoint Antivirus .

1. ESET LiveGrid. , ESET Endpoint Antivirus , .

2. ESET LiveGrid . ESET . ESET .

ESET LiveGrid . , , , , , , ,

95

.

ESET Endpoint Antivirus ESET. , .doc .xls, . , .

ESET LiveGrid . ESET LiveGrid, F5 ( ), > ESET LiveGrid.

ESET LiveGrid (): ESET LiveGrid ESET , , .

: ESET , , , , .

: , , ESET.

, . . , , .

(): - , . , ESET, .

: . , , (, ). ESET, . (.doc ). .

ESET LiveGrid, , , . ESET. .

96

3.9.4.8

ESET . ESET Endpoint Antivirus , ESETLiveGrid.

: ESET Endpoint Antivirus ESET LiveGrid (, , ), , . : 1 () 9 ().

: , . Windows. , " " Ctrl+Shift+Esc .

PID: , Windows.

() ( ) . .

: , . ESET LiveGrid.

: , ESET LiveGrid.

(), .

97

. , , ESET. , , .

: , .

, .

: .

: () ().

: .

: .

: .

: / .

: .

: .

, /. , , > ESETLiveGrid.

3.9.4.9

ESET . , > . , , -, ESET. , - , .

. , WinRAR/ZIP, "infected", [email protected]. , (, -, ).

ESET, , .

-

-

, , .

, :

(-, - )

(, )

,

mailto:[email protected]

98

/ -, .

, ESET , , . . ESET ( , ), .

3.9.4.10

ESET Endpoint Antivirus , . , .

SMTP

SMTP-: SMTP (, smtp.provider.com:587, 25).

SMTP TLS ESET Endpoint Antivirus.

: SMTP- , , SMTP-.

: , .

: , . , .

99

, .

: , , .

: (, ), , .

: ( ).

: ( ) .

: ( ).

TLS: TLS.

, (): , . 0, .

: , . .

( Windows). . , , .

: , .

: . . (, ) .

: ANSI Windows (, windows-1250). , ACSII (7-)(, "" "a", "?").

: Quoted-printable (QP), ASCII 8- ().

(, %) , . :

%ComputerName%: , .

%ProgramName%: , .

%TimeStamp%: .

%UserName%: , , .

%InfectedObject%: , .

%VirusName%: .

%ErrorDescription%: , .

%Scanner%: .

%Action%: , .

%InfectedObject% %VirusName% , %ErrorDescription% .

100

3.9.4.11

. , , ESET Endpoint Antivirus .

- . , . ESET.

, , , , , , (, , ) (, , ).

ESET Endpoint Antivirus ( ). - , . . : .

. , "" . , . ..., , , .

: Delete .

101

.

, , ESET.

, , , ESET. , .

3.9.4.12 Microsoft Windows

Windows Update . Microsoft Windows , . ESET Endpoint Antivirus , . .

: .

: , , .

: , , , .

: , , , .

: .

OK, . " " . , .

3.9.4.13 ESET CMD

ecmd, (ecmd.exe). . .xml.

ESET CMD , .

. , - , .

. .xml, ( , .xml). , , , . , .xml , .

ESET CMD , . .

! ecmd, Windows (cmd), . , Error executing command.. , , .

102

ecmd . ERA .

:ecmd /getcfg c:\config\settings.xml

:ecmd /setcfg c:\config\settings.xml

.xml

1. XmlSignTool ESET, . eset .xml.

2. Windows (cmd), .

3. XmlSignTool.exe..

4. , .xml: XmlSignTool

5. XmlSignTool, , . .xml , ESETCMD " ".

ESET CMD , - . > > , .

3.9.5

.

, .

, - .

, . .

, > . .

, . , ESET Endpoint Antivirus .

, , .

https://www.eset.com/int/download-utilities/

103

3.9.5.1

ESET Endpoint Antivirus . > ESET Endpoint Antivirus.

. , .

: .

: , .

: .

: , . , . .

, , . , "", > ESET> ESET EndpointAntivirus. ESET Remote Administrator.

ESET Endpoint Antivirus, .

ESET Endpoint Antivirus (, ), .

: ESET Endpoint Antivirus .

: , , .

: , .

: , .

. : ESETEndpoint Antivirus, MSP, .

105

3.9.5.2

ESETEndpoint Antivirus. - . , ESET Endpoint Antivirus . > ( (F5)).

: . , "".

, .

: , ( ) ( (UAC) Windows Vista). .

Windows XP:

( UAC): , ESETEndpoint Antivirus .

106

3.9.5.3

(, ) ESET Endpoint Antivirus. ( , ).

, . ().

, . . , . , . (, ) .

, . .

: , , .

: , , .

: .

: , " ", .

: ( , ).

.

107

, , . , . , .

, . , .

: , , .

3.9.5.3.1

, (, HIPS) .

! , ( ). HIPS .

3.9.5.4

,

.

: , , , , , .

108

, .

: , . , F5 > .

: .

ESET Endpoint Antivirus: ESET Endpoint Antivirus, .


: .

: , , ESET Endpoint Antivirus , . .

3.9.5.5

, () . , .

ESET Endpoint Antivirus . > .


109

3.10

3.10.1

ESET Endpoint Antivirus: .

. ( , ) , .

, (F5) > , . . , , ThreatSense, .

. , , Smart-, . . . OK, .

. ( ) , .

, , , () , ( ) ESET. : , ESET. , > . , .

: , . , .

: .

3.10.2

ESET (, ekrn). , . ESET Endpoint Antivirus . :

( ), .

: , . , . , , .

: . , .

: , PCAP, ,

110

.

:C:\ProgramData\ESET\ESET Smart Security\Diagnostics\ Windows Vista C:\Documents and Settings\All Users\... Windows.

: .

: , Windows.

3.10.3

ESET Endpoint Antivirus .xml .

, ESET Endpoint Antivirus . , : , .xml.

. > /, . ... , .

. > /. , (, export.xml). , .

, .

111

3.10.4

ESET Endpoint Antivirus : ( ecls) (bat). ESET:

ecls [OPTIONS..] FILES..

.

/base-dir= /quar-dir= /exclude= , , /subdir ( )/no-subdir /max-subdir-level= , /symlink ( )/no-symlink /ads ADS ( )/no-ads ADS/log-file= /log-rewrite ( )/log-console ( )/no-log-console /log-all /no-log-all ( )/aind /auto

/files ( )/no-files /memory /boots /no-boots ( )/arch ( )/no-arch /max-obj-size= ,

( 0 = )/max-arch-level= ( ) /scan-timeout= , /max-arch-size= , (

0 = )/max-sfx-size= ,

( 0 = )/mail ( )/no-mail /mailbox ( )/no-mailbox /sfx ( )/no-sfx /rtp ( )/no-rtp /unsafe /no-unsafe ( )/unwanted /no-unwanted ( )

112

/suspicious ( )/no-suspicious /pattern ( )/no-pattern /heur ( )/no-heur /adv-heur ( )/no-adv-heur /ext= , , /ext-exclude= , , /clean-mode=

.

.

( ) ecls.exe .

ecls.exe ( ).

ecls.exe .

ecls.exe , (, Windows).

/quarantine ( ) ( , )

/no-quarantine

/help /version /preserve-time

0 1 10 ( ) 50 100

100 , , , .

3.10.5

> > ( ). , :

;

;

.

, .

113

3.10.6 ESET SysInspector

3.10.6.1 ESET SysInspector

ESET SysInspector , . , , , , .

ESET SysInspector : ESET Security (SysInspector.exe) - ESET. . . .xml . > ESET SysInspector ( ESET Remote Administrator). , . ESET SysInspector ESET Endpoint Antivirus.

, ESET SysInspector . 10 , , .

3.10.6.1.1 ESET SysInspector

ESET SysInspector, SysInspector.exe, - ESET. ESET Security, ESET SysInspector "" ( > ESET > ESET Endpoint Antivirus).

, . .

114

3.10.6.2

: , , , , . " " ( , , , , ).

3.10.6.2.1

, ESET SysInspector.

, . . ( , , , , ).

ESET SysInspector , . Windows Vista.

, .

, , .

115

.

."" , . "" . "" ESETSysInspector , .

. , . ( 1), . , , , , . , .

, 69, . ESET, ESET SysInspector - , ESET Online Scanner. ESET Online Scanner .

, , , .

, , , .

. .

, , . Backspace .

, .

!, , , ., , , . , .

http://go.eset.eu/onlinescanner?lng=1058

116

3.10.6.2.2 ESET SysInspector

ESET SysInspector . , , . , . , . , .

.

, . : , , , .

, , .

, , . ESET SysInspector , \??\. ; .

, , (TCP UDP), , . IP- DNS-.

, , .

, , , , .

, . .

, Windows. , .

, .

Microsoft Windows.

, Windows /.

, , .

117

Program Files. .

ESET SysInspector .

3.10.6.2.2.1

ESET SysInspector .

Ctrl+O Ctrl+S

Ctrl+G Ctrl+H

1, O , 192 , 293 , 394, U , 495 , 596 , 697, B , 798 , 899 , 9- + Ctrl+9 , Ctrl+0 ,

Ctrl+5 ( )Ctrl+6 ( Microsoft)Ctrl+7 ( )Ctrl+3 Ctrl+2 Ctrl+1 BackSpace Ctrl+W Ctrl+Q

Ctrl+T Ctrl+P Ctrl+A Ctrl+C Ctrl+X Ctrl+B Ctrl+L , Ctrl+R

118

Ctrl+Z ( )Ctrl+F Ctrl+D Ctrl+E

Ctrl+Alt+O / Ctrl+Alt+R Ctrl+Alt+1 Ctrl+Alt+2 ; ,

Ctrl+Alt+3 ; ,

Ctrl+Alt+4 ( )Ctrl+Alt+5 Ctrl+Alt+C Ctrl+Alt+N Ctrl+Alt+P

F1 Alt+F4 Alt+Shift+F4 Ctrl+I

3.10.6.2.3 ""

"" . , . , .

, . > , . . , > . ESET SysInspector .

, , . , > , . , . .

, > , ZIP-. . , , , .

ESET SysInspector , .

, , .

, ;

;

, ;

;

/ ;

/;

/ ;

/ .

119

, .

- .

".xml". , ESET SysInspector . .xml.

, > . , .

:

SysIsnpector.exe .xml .xml

3.10.6.3

ESET SysInspector :

/gen /privacy /zip zip-/silent /blank ESET SysInspector /

:Sysinspector.exe [load.xml] [/gen=save.xml] [/privacy] [/zip] [compareto.xml]

, SysInspector.exe .\clientlog.xml , SysInspector.exe /gen=.\mynewlog.xml , SysInspector.exe /gen=.\mynewlog.zip /privacy /zip , SysInspector.exe new.xmlold.xml

/ , .

120

3.10.6.4

, ESET SysInspector, .

ESET SysInspector . , , .

, . .

, , , .

1. ESET SysInspector, .2. ( ), Shift ,

.3.

.4. .5. : "-" "+"

, . , /, .

6. ESET SysInspector, > .

7. OK, .

3.10.6.4.1

, - ( ) ESET SysInspector. .

.

3.10.6.4.2

(ev), (gv) (lv). .xml, . .

, ( , ). , , "-" "+". . .

01) Running processes ( )

, . UNC - CRC16, (*).

121

01) Running processes:

- \SystemRoot\System32\smss.exe *4725*

- C:\Windows\system32\svchost.exe *FD08*

+ C:\Windows\system32\module32.exe *CF8A*

[...]

module32.exe ( "+"); .

02) Loaded modules ( )

.

02) Loaded modules:

- c:\windows\system32\svchost.exe

- c:\windows\system32\kernel32.dll

+ c:\windows\system32\khbekhb.dll

- c:\windows\system32\advapi32.dll

[...]

khbekhb.dll "+". , , , .

03) TCP connections ( TCP)

TCP.

03) TCP connections:

- Active connection: 127.0.0.1:30606 -> 127.0.0.1:55320, owner: ekrn.exe

- Active connection: 127.0.0.1:50007 -> 127.0.0.1:50006,

- Active connection: 127.0.0.1:55320 -> 127.0.0.1:30606, owner: OUTLOOK.EXE

- Listening on *, port 135 (epmap), owner: svchost.exe

+ Listening on *, port 2401, owner: fservice.exe Listening on *, port 445 (microsoft-ds), owner:

System

[...]

, TCP , .

04) UDP endpoints ( UDP)

UDP.

04) UDP endpoints:

- 0.0.0.0, port 123 (ntp)

+ 0.0.0.0, port 3702

- 0.0.0.0, port 4500 (ipsec-msft)

- 0.0.0.0, port 500 (isakmp)

[...]

, UDP .

05) DNS server entries ( DNS-)

DNS-.

122

05) DNS server entries:

+ 204.74.105.85

- 172.16.152.2

[...]

DNS- .

06) Important registry entries ( )

.

06) Important registry entries:

* Category: Standard Autostart (3 items)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

- HotKeysCmds = C:\Windows\system32\hkcmd.exe

- IgfxTray = C:\Windows\system32\igfxtray.exe

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

- Google Update = "C:\Users\antoniak\AppData\Local\Google\Update\GoogleUpdate.exe" /c

* Category: Internet Explorer (7 items)

HKLM\Software\Microsoft\Internet Explorer\Main

+ Default_Page_URL = http://thatcrack.com/

[...]

, 0 , . , , .

07) Services ()

, .

07) Services:

- Name: Andrea ADI Filters Service, exe path: c:\windows\system32\aeadisrv.exe, state: Running,

startup: Automatic

- Name: Application Experience Service, exe path: c:\windows\system32\aelupsvc.dll, state: Running,

startup: Automatic

- Name: Application Layer Gateway Service, exe path: c:\windows\system32\alg.exe, state: Stopped,

startup: Manual

[...]

, , .

08) Drivers ()

.

08) Drivers:

- Name: Microsoft ACPI Driver, exe path: c:\windows\system32\drivers\acpi.sys, state: Running,

startup: Boot

- Name: ADI UAA Function Driver for High Definition Audio Service, exe path: c:\windows\system32

\drivers\adihdaud.sys, state: Running, startup: Manual

[...]

. , .

09) Critical files ( )

, .

123

09) Critical files:

* File: win.ini

- [fonts]

- [extensions]

- [files]

- MAPI=1

[...]

* File: system.ini

- [386Enh]

- woafont=dosapp.fon

- EGA80WOA.FON=EGA80WOA.FON

[...]

* File: hosts

- 127.0.0.1 localhost

- ::1 localhost

[...]

, .

3.10.6.4.3

, . ESET SysInspector, "". : "%Scriptname%"? , , , . , .

.

, : . ? , , .

, : . . ? ( , , ). .

3.10.6.5

ESET SysInspector?

ESET SysInspector , , , . " " " ", .

ESET SysInspector ?

ESET SysInspector . , > . XML-. %_%\ \ "SysInpsector-%_%--.XML". .

ESET SysInspector?

, ESET SysInspector, > . , ESET SysInspector. ESET SysInspector,

124

SYSINSPECTOR.EXE ; , . Windows Vista/7 , .

? SDK?

, SDK , . .

ESET SysInspector , ?

ESET SysInspector (, , ), , . : 1 () 9 (). .

"6 ()" , ?

ESET SysInspector , : . ESETSysInspector , , .

ESET SysInspector ?

, ESET SysInspector , , ESET . , , . Microsoft Windows.

Anti-Stealth?

Anti-Stealth .

, , . .

" MS" ""?

, ESET SysInspector , . , . , ESI CAT ( %systemroot%\system32\catroot), . CAT, CAT.

" MS", " " .

3.10.6.6 ESET SysInspector ESET Endpoint Antivirus

ESET SysInspector ESET Endpoint Antivirus, > ESET SysInspector. ESET SysInspector . (, , , ) .

ESET SysInspector : , , , , .

, , , ESET SysInspector. . , .

125

, ....

.

. , . , .

... . . , . . .

/ .

... XML- ( ZIP).

3.10.7

Remote Monitoring and Management (RMM) is the process of supervising and controlling software systems using alocally installed agent that can be accessed by a management service provider. The default ESET Endpoint Antivirus installation contains the file ermm.exe located in the Endpoint application within the directory c:\Program Files\ESET\ESET Security. ermm.exe is a command line utility designed to facilitate the management of endpointproducts and communications with any RMM Plugin. ermm.exe exchanges data with the RMM Plugin, whichcommunicates with the RMM Agent linked to an RMM Server. By default, the ESET RMM tool is disabled. For moreinformation, see .

The default ESET Endpoint Antivirus installation contains file ermm.exe located in the Endpoint applicationdirectory (default path c:\Program Files\ESET\ESET Security ). ermm.exe exchanges data with the RMM Plugin, whichcommunicates with the RMM Agent that is linked to an RMM Server.

ermm.exe command line utility developed by ESET that allows managing of Endpoint products andcommunication with any RMM Plugin.

126

3.10.7.1 RMM

Remote monitoring management is run using the command line interface. The default ESET Endpoint Antivirusinstallation contains the file ermm.exe located in the Endpoint application within the directory c:\Program Files\ESET\ESET Security.

Run the Command Prompt (cmd.exe) as an Administrator and navigate to the mentioned path. (To open CommandPrompt, press Windows button + R on your keyboard, type a cmd.exe into the Run window and press Enter.)

The command syntax is: ermm context command [options]

Also note that the log parameters are case sensitive.

ermm.exe uses three basic contexts: Get, Start and Set. In the table below you can find examples of commandssyntax. Click the link in the Command column to see the further options, parameters, and usage examples. Aftersuccessful execution of command, the output part (result) will be displayed.