Upload
ngonguyet
View
229
Download
0
Embed Size (px)
Citation preview
ESET ENDPOINT ANTIVIRUS 6
Microsoft Windows 10/8.1/8/7/Vista/XP x86 SP3/XP x64 SP2 ,
http://go.eset.eu/manual?prod_abb=eea&prod_version=6&doc_name=userguide&lng_abb=enu
ESET ENDPOINT ANTIVIRUS 6
ESET, spol. s r. o., 2017ESET Endpoint Antivirus ESET, spol. s r. o. . - www.eset.ua. . , - - - (, , , , ) - .ESET, spol. s r. o. - .
: www.eset.com/support
. 9/6/2017
http://www.eset.com/support
.......................................................5ESET Endpoint Antivirus 6.61.
....................................................................................................5 6.61.1
....................................................................................................5 1.2
....................................................................................................6 1.3
.......................................................8
, ESET RemoteAdministrator
2.
....................................................................................................9ESET Remote Administrator Server2.1
....................................................................................................9-2.2
....................................................................................................10-2.3
....................................................................................................102.4
....................................................................................................10RD Sensor2.5
.......................................................11 ESET EndpointAntivirus
3.
....................................................................................................11 ESET AV Remover3.1..............................................................................12ESET AV Remover3.1.1
..............................................................................14 ESET AVRemover
3.1.2
....................................................................................................153.2..............................................................................17 3.2.1
....................................................................................................19 ERA ( )3.3
....................................................................................................21 3.4
....................................................................................................21 3.5
....................................................................................................21 3.6
....................................................................................................22 3.7..............................................................................22 3.7.1
..............................................................................25 3.7.2
....................................................................................................26 3.8..............................................................................27 ESET Endpoint Antivirus3.8.1
..............................................................................27 ESET Endpoint Antivirus3.8.2
..............................................................................28
3.8.3
..............................................................................28 3.8.4
..............................................................................28 3.8.5
..............................................................................29 (24 )
3.8.6
..............................................................................29 ESET Endpoint Antivirus ESET RemoteAdministrator
3.8.7
..............................................................................29 3.8.8
..............................................................................30 Windows 10 ESETEndpoint Antivirus
3.8.9
..............................................................................30 3.8.10
..............................................................................32 (RMM)
3.8.11
....................................................................................................34 ESET Endpoint Antivirus3.9..............................................................................353.9.1
..................................................................................363.9.1.1
........................................................................37 3.9.1.1.1
..................................................................................39 3.9.1.2
..................................................................................39 3.9.1.3
........................................................................40 ThreatSense3.9.1.3.1
........................................................................41 3.9.1.3.2
........................................................................41 3.9.1.3.3
........................................................................41
3.9.1.3.4
........................................................................41 ,
3.9.1.3.5
..................................................................................42 3.9.1.4
........................................................................43 3.9.1.4.1
........................................................................45 3.9.1.4.2
........................................................................46 3.9.1.4.3
..................................................................................46 3.9.1.5
........................................................................47 3.9.1.5.1
........................................................................48 3.9.1.5.2
..................................................................................50 3.9.1.6
..................................................................................50 3.9.1.7
..................................................................................51 (HIPS)3.9.1.8
........................................................................53 3.9.1.8.1
........................................................................54 HIPS3.9.1.8.2
..................................................................................54 3.9.1.9
..................................................................................55 3.9.1.10
........................................................................55
3.9.1.10.1
..................................................................................56 3.9.1.11
..................................................................................563.9.1.12
..................................................................................57 ThreatSense3.9.1.13
........................................................................623.9.1.13.1
..............................................................................63 3.9.2
..................................................................................63 3.9.2.1
........................................................................64- 3.9.2.1.1
........................................................................64 3.9.2.1.2
........................................................................65 IP-3.9.2.1.3
........................................................................65SSL/TLS3.9.2.1.4
........................................................................66 SSL-3.9.2.1.4.1
........................................................................66 3.9.2.1.4.2
........................................................................67 , SSL/TLS
3.9.2.1.4.3
..................................................................................68 3.9.2.2
........................................................................68 3.9.2.2.1
........................................................................69 3.9.2.2.2
........................................................................70 3.9.2.2.3
..................................................................................71 3.9.2.3
........................................................................72-3.9.2.3.1
........................................................................72 URL-3.9.2.3.2
..................................................................................73 -3.9.2.4
..............................................................................75 3.9.3
..................................................................................78 3.9.3.1
........................................................................80 3.9.3.1.1
........................................................................80 3.9.3.1.2
........................................................................81 3.9.3.1.3
........................................................................81- HTTP3.9.3.1.4
........................................................................82 3.9.3.1.5
........................................................................833.9.3.1.6
........................................................................85 3.9.3.1.6.1
........................................................................87
3.9.3.1.6.2
..................................................................................87 3.9.3.2
..............................................................................883.9.4
..................................................................................893.9.4.1
........................................................................90 3.9.4.1.1
..................................................................................90 -3.9.4.2
..................................................................................913.9.4.3
..................................................................................93 3.9.4.4
..................................................................................93 3.9.4.5
..................................................................................94ESET SysInspector3.9.4.6
..................................................................................94ESET LiveGrid3.9.4.7
..................................................................................96 3.9.4.8
..................................................................................97 3.9.4.9
..................................................................................98 3.9.4.10
..................................................................................1003.9.4.11
..................................................................................101 Microsoft Windows3.9.4.12
..................................................................................101ESET CMD3.9.4.13
..............................................................................102 3.9.5
..................................................................................103 3.9.5.1
..................................................................................105 3.9.5.2
..................................................................................106 3.9.5.3
........................................................................107 3.9.5.3.1
..................................................................................107 3.9.5.4
..................................................................................108 3.9.5.5
....................................................................................................109 3.10..............................................................................109 3.10.1
..............................................................................1093.10.2
..............................................................................110 3.10.3
..............................................................................111 3.10.4
..............................................................................112 3.10.5
..............................................................................113ESET SysInspector3.10.6
..................................................................................113 ESET SysInspector3.10.6.1
........................................................................113 ESET SysInspector3.10.6.1.1
..................................................................................114 3.10.6.2
........................................................................114 3.10.6.2.1
........................................................................116 ESET SysInspector3.10.6.2.2
........................................................................117 3.10.6.2.2.1
........................................................................118 ""3.10.6.2.3
..................................................................................119 3.10.6.3
..................................................................................120 3.10.6.4
........................................................................120 3.10.6.4.1
........................................................................120 3.10.6.4.2
........................................................................123 3.10.6.4.3
..................................................................................123 3.10.6.5
..................................................................................124ESET SysInspector ESET Endpoint Antivirus3.10.6.6
..............................................................................125 3.10.7
..................................................................................126 RMM3.10.7.1
..................................................................................128 JSON3.10.7.2
........................................................................128 3.10.7.2.1
........................................................................129 3.10.7.2.2
........................................................................132 3.10.7.2.3
........................................................................132 3.10.7.2.4
........................................................................134 3.10.7.2.5
........................................................................134 3.10.7.2.6
........................................................................136 3.10.7.2.7
........................................................................137 3.10.7.2.8
........................................................................137 3.10.7.2.9
........................................................................138 3.10.7.2.10
........................................................................139 3.10.7.2.11
........................................................................140 3.10.7.2.12
........................................................................141 3.10.7.2.13
....................................................................................................1423.11..............................................................................142 3.11.1
..................................................................................1423.11.1.1
..................................................................................1423.11.1.2
..................................................................................142 3.11.1.3
..................................................................................1433.11.1.4
..................................................................................143 3.11.1.5
..................................................................................143 3.11.1.6
..................................................................................1443.11.1.7
..................................................................................144 3.11.1.8
..................................................................................144 3.11.1.9
..............................................................................147 3.11.2
..................................................................................1473.11.2.1
..................................................................................1473.11.2.2
..................................................................................1483.11.2.3
..................................................................................148 3.11.2.4
..............................................................................148 ESET3.11.3
..................................................................................148 3.11.3.1
..................................................................................148 3.11.3.2
..................................................................................149ESET LiveGrid3.11.3.3
..................................................................................149 Java3.11.3.4
..................................................................................149 3.11.3.5
5
1. ESET Endpoint Antivirus 6.6ESET Endpoint Antivirus 6 . ThreatSense , . , , , .
ESET Endpoint Antivirus 6 , , . , ,, , , .
ESET Endpoint Antivirus 6 . ESET Endpoint Antivirus ESET Remote Administrator - , , - .
1.1 6.6
ESET Endpoint Antivirus 6.6 . , 6.6 ESET Endpoint Antivirus.
Antimalware Scan Interface (AMSI) Powershell (wscript.exe, cscript.exe).
JavaScript -.
(Windows 8.1, 10).
( -).
ESET Endpoint Antivirus ESET LiveGrid.
, .
(RMM) ESET Endpoint Antivirus.
1.2
ESET Endpoint Antivirus .
:
32- (x86) 64- (x64) , 1 (. 1)
: Microsoft Windows 10/8.1/8/7/Vista/XP SP3 (32-)/XP SP2 (64-)
, ESET , , 0,3 (. 2) 1 (. 3) : 1024x768 (. 4)
, , , .
6
(1). Windows XP .(2). , , (, URL-).(3). , , . (, , ), ( ). , ESET.(4). ( ).
1.3
( - ), , , . , .
ESET LiveGrid . . . , ESET , . . , . .
, . , , , . . Microsoft Windows -, Internet Explorer, , .
, , , . , DVD- . .
, , . . , , .
. . , : , . :
7
- .
, . -.
, .
.
8
2. , ESETRemote AdministratorESET Remote Administrator (ERA) , ESET . ESET RemoteAdministrator ESET . ESET Remote Administrator , , ESET .
ESET , . Microsoft, Linux Mac OS, ( ), .
, ESET ERA.
ESET Remote Administrator.
http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA
9
2.1 ESET Remote Administrator Server
ESET Remote Administrator Server ESET Remote Administrator. , , , ( ERA). ERA . ( , , ) . ERA . , ERA ., ERA, ,- RD Sensor, . ERA ( ), - ERA. - ERA, ESET .
2.2 -
- ERA , ERA , ESET . - . , , ESET , . - -, ESET Remote Administrator - .
- :
. , IPv4/IPv6 , , Enter, . , .
ESET Remote Administrator.
http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA
10
2.3 -
- ERA ESET Remote Administrator . (, 10000 ) - ERA , ERA. ERA Proxy . , ERA ERA - ERA, , . . - ERA ERA, ERA ( - ERA). , .
, - ERA , ERA.
- ERA ESET. , ERA -ERA, .
2.4
ERA ESET Remote Administrator. ESET (, ESET Endpoint Security) ERA . ESET . . . ERA ( -).
ESET .
1. .2. -.3. -.
ESET ESET, , , .
- ESET , , - .
2.5 RD Sensor
RD (Rogue Detection) Sensor ESET Remote Administrator, . ESET Remote Administrator . , , - . .
RD Sensor , ERA. ERA ( ).
11
3. ESET Endpoint Antivirus , ESET Endpoint Antivirus ESET RemoteAdministrator. ESET Endpoint Antivirus ( ).
3.1 ESET AV Remover
, . ESET AV Remover. ESET AV Remover . ESET EndpointAntivirus ESET AV Remover, ( ).
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3527
12
3.1.1 ESET AV Remover
ESET AV Remover - , . ESET AV Remover, .
1. ESET, , ESET AV Remover.
2. , . , ESET Endpoint Antivirus , .
3. ESET AV Remover .
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3527
13
4. - . .
5. .
14
6. , ESET Endpoint Antivirus. , ESET AV Remover.
3.1.2 ESET AV Remover
ESET AV Remover, , ESET AV Remover. , , Windows ESET.
, . UAC .
ESET, AppRemover.log ESET. AppRemover.log eset. , %TEMP% Windows Explorer. ESET .
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3527http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN146http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN146
15
3.2
.
!, . , . . . , ( ).
. , . , .
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN146
16
" " , ESET LiveGrid. ESET LiveGrid ESET , . ESET, , .
. , . . . , (, ESET ).
.
17
3.2.1
, .
, . :
C:\Program Files\ESET\ESET Endpoint Antivirus\
. :
C:\Program Files\ESET\ESET Endpoint Antivirus\C:\ProgramData\ESET\ESET Endpoint Antivirus\
..., ( ).
-, - . IP- URL- - . , - , , InternetExplorer () . -, -. . -.
18
, . ..., .
, . , . , .
. . , ESET Endpoint Antivirus. , , .
, .
19
3.3 ERA ( )
, ,, . msiexec.
:
APPDIR=o path .o .o : ees_nt64_ENU.msi /qn APPDIR=C:\ESET\ ADDLOCAL=DocumentProtection
APPDATADIR=o path .o .
MODULEDIR=o path .o .
ADDLOCAL=o , .o .msi ESET: ees_nt64_ENU.msi /qn ADDLOCAL= o ADDLOCAL http://
msdn.microsoft.com/uk-ua/library/aa367536%28v=vs.85%29.aspx.
o ADDLOCAL ( ).o , , ( ).o , .
o : - .o : .o : , .o : , ,
.
Endpoint 6.1.
/ / >
/ >
/ >
/
/
/
http://msdn.microsoft.com/en-us/library/aa367536%28v=vs.85%29.aspxhttp://msdn.microsoft.com/en-us/library/aa367536%28v=vs.85%29.aspx
20
/
/
/ /
MailPlugins
/ /
/- - Microsoft NAP Microsoft NAP
o , .
o , .
ees_nt64_ENU.msi /qn ADDLOCAL=WebAndEmail,WebAccessProtection,ProtocolFiltering
ees_nt64_ENU.msi /qn ADDLOCAL=WebAndEmail,EmailClientProtection,Antispam,MailPlugins
CFG_:
CFG_POTENTIALLYUNWANTED_ENABLED=1/0 0 , 1 PUA
CFG_LIVEGRID_ENABLED=1/0 0 , 1 LiveGrid
CFG_EPFW_MODE=0/1/2/3 0 , 1 , 2 , 3
CFG_PROXY_ENABLED=0/1 0 , 1
CFG_PROXY_ADDRESS= IP- -
CFG_PROXY_PORT= -
CFG_PROXY_USERNAME=
CFG_PROXY_PASSWORD=
SCCM, :
ACTIVATION_DLG_SUPPRESS=1 1 ( ) 0 ( )
21
3.4
.
, ESET Endpoint Antivirus. . ESET Endpoint Antivirus.
3.5
. , Smart-. . .
3.6
ESET Endpoint Antivirus , . :
1. , . , . , .
2. , .3. , ESET Remote
Administrator.
22
3.7
ESET Endpoint Antivirus .
3.7.1
ESET Endpoint Antivirus . , , , .
.
: ESET Endpoint Antivirus.
: Smart-, . , .
: .
: , .
: " ", " ", " "," ", "", "", ESET SysInspector ESET SysRescue -. .
: , ESET - ESET. , .
. , .
http://go.eset.eu/knowledgebase?lng=1058&segment=business
23
ESET EndpointAntivirus .
. , . , , . , , .
24
(!) , . .
: .
: . ESET Endpoint Antivirus .
- : , .
: . .
: . . , .
(HIPS) : , HIPS " ". . , HIPS.
ESET LiveGrid : , ESET LiveGrid " ".
: ESET Endpoint Antivirus , .
: , .
: . . , .
"i" . :
: , .
: . , .
: , .
- : -, .
: , , (, ). . .
: , .
, , ESET. , ESET. ESET .
, ERA, .
http://go.eset.eu/knowledgebase?lng=1058&segment=business
25
3.7.2
. . > , .
, , .
26
( > F5 , ) . (, , -, ), . , . . ESET . , .
, . , > .
. . ESET Endpoint Antivirus. , ESET, .
3.8
, . , , :
ESET Endpoint Antivirus ESET Endpoint Antivirus ( 24 ) ESET Remote Administrator
, ESET Endpoint Antivirus , .
27
, ESET, .
Sirefef (ZeroAccess)? , ESET?
. - .
3.8.1 ESET Endpoint Antivirus
ESET Endpoint Antivirus . , .
, . > ( , ).
3.8.2 ESET Endpoint Antivirus
.
. , (CD-/DVD-, -ESET ).
ESET Endpoint Antivirus ,
. > > .
ESET Endpoint Antivirus, .
XXXX-XXXX-XXXX-XXXX-XXXX, .
, ESET License Administrator ( + ). .
, ESET . (.lf), . . ESET License Administrator.
, , ESET Remote Administrator. , .
, , ESET Endpoint Antivirus, . ? ESET, , .
. > . , ESET. , , . ,
.
http://go.eset.eu/knowledgebase?lng=1058&segment=bussineshttp://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2895http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3281http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN332http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN332https://ela.eset.com/http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=activation.htm
28
ESET Remote Administrator , . ESET RemoteAdministrator.
3.8.3
, ESETLicense Administrator, .
3.8.4
, , , "" , .
1. .
2. Smart-, .
3. , , .
4. , .
. ESET, .
3.8.5
, > .... :
: .
, . .
: , .
: ESET SysInspector, (, , ) .
: .
: , .
, , .
. . . : , ,, . , , , . . , , . .
, ( )
. , .
http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=client_tasks_product_activation.htmhttp://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=client_tasks_product_activation.htmhttps://ela.eset.com/https://ela.eset.com/http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2505
29
, , . . , . , . .
3.8.6 ( 24 )
, , > . 24 .
, .
1. " ".
2. .
3. .
4. 24 .
5. , - .
6. .
7. .
8. , .
3.8.7 ESET Endpoint Antivirus ESET Remote Administrator
ESET Endpoint Antivirus , ESET RemoteAdministrator, ERA. - , ERA. ESET RemoteAdministrator RD Sensor . , RD Sensor, -.
ESET . ESETRemote Administrator.
3.8.8
ESET Endpoint Antivirus , ESET Endpoint Security ESET EndpointAntivirus.
ESET Endpoint Antivirus HTTP-
F5, , > ., AUTOSELECT. HTTP- > > .
. ESET . > > . .
http://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=fs_product_installation.htmhttp://help.eset.com/getHelp?product=era&version=6.0.0_MAJOR&lang=uk-UA&topic=fs_product_installation.htm
30
HTTP-, HTTP-.
3.8.9 Windows 10 ESET Endpoint Antivirus
Windows 10, ESET . Windows 10.
6.x
, Microsoft Windows 10.
32- ESET Endpoint Security 6 32- ESET EndpointAntivirus 6
64- ESET Endpoint Security 6 64- ESET EndpointAntivirus 6
5.x
, Microsoft Windows 10.
32- ESET Endpoint Security 5 32- ESET EndpointAntivirus 5
64- ESET Endpoint Security 5 64- ESET EndpointAntivirus 5
ESET, .
ESET Windows 10.
3.8.10
ESET Endpoint ( 6.5 ) Windows, , . ESET, . AD . 4 .
, - ERA . ( ).
, .
1. > > .
2. .
3. ESET Endpoint Windows.
4. .
http://http://download.eset.com/download/win/ees/ees_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/ees/ees_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/ees/v5/ees_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/eea/eea_nt32_enu.msihttp://download.eset.com/download/win/ees/v5/ees_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://download.eset.com/download/win/eea/eea_nt64_enu.msihttp://www.eset.com/download/business/http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3747
31
5. , .
6. , .
ERA Server ERA, " " ( ) " ".
1. .
2. .
3. ESET .
4. , ( , Active Directory).
5. ESET .
6. .
7. , .
, - , . ERA , .
.
32
1. > > .2. . ESET Endpoint Windows.3. ,
AD.4. , .5. ESET
.6. - ERA , , .7. ,
.8. . , ,
.9. , .10. .11. , .12. .13. , .14. , .
3.8.11 (RMM)
(RMM) (, , ) , .
ESET RMM . ESET RMM, " " (F5) . ESET RMM RMM.
: RMM . :
33
.
: RMM. , . .
RMM , ESET Endpoint.
: , , RMM.
: RMM. , .: . , .: .
ESET Endpoint Antivirus ermm.exe (, : c:\Program Files\ESET\ESET Security). ermm.exe RMM, RMM, RMM.
ermm.exe , ESET, - RMM.
RMM , Windows. RMM (, Kaseya), ermm.exe.
RMM (, Kaseya), Windows. RMM.
RMM . RMM: Kaseya, Labtech, Autotask, Max Focus Solarwinds N-able.
34
3.9 ESET Endpoint Antivirus
ESET Endpoint Antivirus , .
- ESET Remote Administrator . "" , , . , . ERA.
:
:
: , .
: Microsoft Office , , Internet Explorer (, Microsoft ActiveX).
HIPS: HIPS .
: , , . ( ), .
: , , . , .
http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?Admin_POL_Flags.htm
35
.
: , , HTTP HTTPS, .
: POP3 IMAP.
-: , , -, .
, . , .
, .
ERA, . , (, ), , ESET Remote Administrator. ESET Remote Administrator.
, , .
,
- .
. .xml , /. /.
(F5).
3.9.1
> . , . .
, , .
, (F5) > > . , "" > "" " ". " " .
: , , , . . , .
...: , (, ).
http://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?admin_pol_override.htmhttp://help.eset.com/getHelp?product=era_admin&version=6.0.0_MAJOR&lang=uk-UA/index.html?admin_pol_override.htm
36
3.9.1.1
, , -. , : , , .
, F5.
(, , ) .
, . . .
, . , (, , ). . . .
, . , .
, , . , .
. , . , . , , , , , . , , .
AMSI: Microsoft AntimalwareScan Interface, ( Windows10).
37
3.9.1.1.1
, -, , (USB, , CD-, DVD-, ).
ESET Endpoint Antivirus , .
. . , . .
38
, , . : , . , . , , .
, , . , . , .
"" , ( ).
( ), .
, . , , . , . , , .
(, , , ), .
ESET Endpoint Antivirus " ".
Smart- ( . ).
, .
, .
39
3.9.1.2
. , . , . ESET Endpoint Antivirus . .
:
: IP- , .
: ( , " ").
: ESET ( ).
3.9.1.3
, . , . .
. (, ) , > .
:
: . : - DVD-, USB , Bluetooth . : .
40
,, .
, . , .
: , .
: , .
: , .
: .
: .
. , . , ThreatSense (. ThreatSense), , - . , .
, ( ). . Smart-. Smart-, , . , F5 , > . ThreatSense > Smart-.
3.9.1.3.1 ThreatSense
ThreatSense : , . . , , . , (.sfx) ( ). 10- , . , .
, . ThreatSense.
ThreatSense : . , Smart- ESET LiveGrid, .
41
3.9.1.3.2
. , ThreatSense ).
: . . , , .
: ( ). . , . , , .
: . . , , .
, . ( ) , . , , .
3.9.1.3.3
, , eicar.com. , . (EICAR) . http://www.eicar.org/download/eicar.com
3.9.1.3.4
, . . .
ESET Endpoint Antivirus , . ,
( > > ).
3.9.1.3.5 ,
, , .
, . , .
, , . , (F5) > > . , .
http://www.eicar.org/download/eicar.comhttp://www.eicar.org/download/eicar.com
42
, . , . ESET, .
, , , . , ESET.
3.9.1.4
ESET Endpoint Antivirus. . , . (, ) , , . , , .
. Smart- . , .
. .
Smart-
Smart- . Smart- . Smart- , . . , . .
, (, ). , . . , .
, > , . , , . , , . , ... > ThreatSense > .
, .
Smart-, (, CD-/DVD-/USB), . USB, .
, ,
43
.
(" ", " " ""), .
: , . 60 . , .
. > .
3.9.1.4.1
, > . ().
(, , , ), . , . .
: , .
: , USB, -/DVD-.
: .
: .
: .
( ), . , .
44
. . , , . , , ... > ThreatSense > . .
, . Smart-. . ThreatSense. ..., , " ". ThreatSense.
, , ( ).
, .
. , , .. , , , UAC .
45
3.9.1.4.2
, , .
, , ( pagef ile.sys ), . .
, . , .: , , . : , .: .: . , .: . : , , .
46
3.9.1.4.3
, :
;
;
, ;
;
;
;
.
3.9.1.5
ESET Endpoint Antivirus (CD/DVD/USB ). , . , .
:
( , USB)
-/DVD
USB-
FireWire
Bluetooth
-
LPT/COM
47
(F5) > .
ESET EndpointAntivirus. , . , .
, , , .
3.9.1.5.1
, , .
( ), , . , , , , , .
, . , , . , .
: , .
, .
: .
/ // .
. ESET Endpoint Antivirus > .
48
3.9.1.5.2
, , .
, . , . , .
( / /Bluetooth/FireWire ). . , . , USB FireWire. - - , SIM- . . , , .
. , .
, . , , .
/: .
: .
: , .
: (/), . : , .
49
: (). . , , (, Bluetooth, , ).
: .
. ( ).
: .
: .
: , . -/DVD-, , .
, . . (*, ?) .
, , .
: .
: , .
: , , .
: .
: .
, .
: : , .
: .
(, , ).
50
3.9.1.6
ESET Endpoint Antivirus (CD/DVD/USB ). . , .
, : , (CD/DVD/USB). , , .
: , .
: .
: " ".
:
: .
: .
: .
: , .
, ESET Endpoint Antivirus , . .
3.9.1.7
> > . , .. , . , , .
, ( ) . , , .
, ( > , ).
:
;
;
.
51
ThreatSense, (, ) .
3.9.1.8 (HIPS)
HIPS . .
(HIPS) , . HIPS , . HIPS : , .
HIPS (F5) > > HIPS > . HIPS (/) ESET Endpoint Antivirus( > ).
ESET Endpoint Antivirus , , . HIPS , Windows.
. , . . . .
, , -, PDF-, MS Office. . . .
.
52
: ( , ).
: .
: .
: .
: , . , , , , . " HIPS" " ", . ( 14). , HIPS . .
: , ESET Endpoint Antivirus .
HIPS , , . HIPS . , , .
, .
53
1. .2. . 3. . ESET Remote Administrator
.4. ,
. .
5. - , , - . .
6. , , . ( , , F1).
7. , , .
8. , .
3.9.1.8.1
.
, : , , .
: HIPS.
, : , .
. .
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2908
54
3.9.1.8.2 HIPS
, . . , .
, HIPS, , . . . , , , . , .
(/) , HIPS . , .
3.9.1.9
, , . , . , , . , .
> , . (F5) > , , ESET Endpoint Antivirus . , , . , .
, . , , .
55
, , .
3.9.1.10
. , .
. , >, , . (. ).
. .
3.9.1.10.1
, .
, , . :
( )
,
,
,
, ( )
:
, : , ( , , , winlogon, " ", dll ).
, , (, , HKEY_CURRENT_USER\SOFTWARE\Microsof t\Windows\CurrentVersion\Run).
, , .
: , :
: , .
: .
: .
: .
56
3.9.1.11
Microsoft Office , , Internet Explorer ( Microsoft ActiveX). , . , Microsoft Office.
. , F5 , > .
, Microsoft Antivirus API(, Microsoft Office 2000 Microsoft Internet Explorer 5.0 ).
3.9.1.12
"" . , . , . , , , (, ).
, .
1. .2. .
, . (?) , (*) , .
, "*.*".
, , "D:\*".
doc, "*.doc".
( ), (, "D"), : "D????.exe". ().
57
, .
: .
: , , . , . . ( , ) > , .
: .
: .
: .
3.9.1.13 ThreatSense
ThreatSense , . , . ( , , , ), , . , . , ThreatSense .
ThreatSense :
, ;
;
.
, ThreatSense - , ThreatSense (. ). . , ThreatSense :
;
;
;
;
;
;
.
ThreatSense , . , , ( ). ThreatSense , .
, .
: , .
58
: .
: : DBX (Outlook Express) EML.
: : ARJ, BZ2, CAB, CHM, DBX, GZIP, ISO/BIN/NRG, LHA, MIME, NSIS,RAR, SIS, TAR, TNEF, UUE, WISE, ZIP, ACE .
: SFX .
: ( ) . (UPX, yoda, ASPack, FGS ), .
. .
: , . , . ( ) .
/DNA/Smart-: , ESET, , . ESET . . . , ( ).
, , . . ESET , .
!
, , .
1. /: .
2. : .3. ,
/ .
59
, , . , > > -.
ESET , .
, .
60
- . , , .
1. ESET. ESET? 2. F5, .3.
, . , OK.
, . , , , . - . . ESET , .
. ESET.
.
: , (. ). , , (, , ). .
. 3 .
: . . , , .
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3152http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2629http://www.virusradar.com/en/glossary/pua
61
: ( ). . , . , , .
: . . , , .
, . ( ) , . , , .
, . . ThreatSense , .
ThreatSense .
(ADS): NTFS , , . , .
: . , , .
: , , . , , , .
Smart-: Smart- , , . , . Smart-, ThreatSense .
: , , (, ).
"" , .
: , . , . , . : .
(): .
62
, , , . : .
: . : 10.
: , ( ), . : .
, .
3.9.1.13.1
, . . ThreatSense , .
. - , .
, . , .edb, .eml .tmp Microsoft Exchange.
. , , OK. , , , . , . , . , .
? ( ). - .
( ) Windows , > > .
63
3.9.2
> . .
. , . , .
POP3 IMAP. plug-in ESET Endpoint Antivirus (POP3, IMAP, HTTP, MAPI).
- , -, . - . . -.
: , -
.
3.9.2.1
ThreatSense, . , - . (SSL), > SSL.
: . , ESET Endpoint Antivirus ( , , , -) .
: .
64
, .
IP-: . , .
: Windows XP , , .
3.9.2.1.1 -
Windows Vista 1 Windows Server 2008, Windows (Windows Filtering Platform,WFP). WFP , - .
, . - . ESET Endpoint Antivirus -. , , -. - , , .
3.9.2.1.2
, . HTTP/POP3/IMAP, , . , .
, , .
: .
: .
65
3.9.2.1.3 IP-
IP- . HTTP/POP3/IMAP, , . .
: , IP-, , .
: .
: .
3.9.2.1.4 SSL/TLS
ESET Endpoint Antivirus , SSL. SSL-, , , SSL-.
SSL/TLS: , SSL-.
SSL/TLS .
: , SSL-, . , . , ( ), , .
: - SSL ( ) , . SSL, .
, SSL v2: , SSL.
: SSL
66
, () ESET. . , ESET (, Opera Firefox). , , (, Internet Explorer).
, > > , .
TRCA( ), , (, - ), . (,) , TRCA. ( ), , . , , , .
, , . , .
ESET Endpoint Antivirus SSL.
3.9.2.1.4.1 SSL-
SSL-, .
: - , , ESETEndpoint Antivirus ( "" , , "" ), , ( ).
: SSL , - , ( ). , SSL-. ESET Endpoint Antivirus , .
. .
3.9.2.1.4.2
ESET Endpoint Antivirus SSL, , SSL/TLS . (F5) > > SSL/TLS > .
.
: .
: .
67
: , , .
: , , . , . , .
: , , . , , . , .
: ; .cer, .crt .pem. , , URL, .
: , , .
: .
OK/: OK, , , .
3.9.2.1.4.3 , SSL/TLS
, SSL/TLS , ESET Endpoint Antivirus , , SSL/TLS . , (F5)> > SSL/TLS> , SSL/TLS.
, SSL/TLS .
: .
: , . , , . , .
: .
: , , .
: .
OK/: OK, , , .
68
3.9.2.2
3.9.2.2.1
ESET Endpoint Antivirus . , ESET Endpoint Antivirus. , ESET Endpoint Antivirus ( Windows Live Mail ), . > > > > .
: Microsoft Outlook, Outlook Express, Windows Mail Windows LiveMail. plug-in . plug-in . , . , . ESET.
, (POP3,IMAP).
, ( MS Outlook). Kerio Outlook Connector Store.
: , . : / . : / . : / .
,
: , . : . "": "". : .
: , .
: / .
: ( POP3, IMAP).
(" " (F5) >" " > " " > " ").
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2138
69
3.9.2.2.2
IMAP POP3 , . ESET Endpoint Antivirus .
IMAP/IMAPS POP3/POP3S . , > > .
: .
Windows Vista IMAP POP3 . Windows XP , IMAP/POP3. , .
ESET Endpoint Antivirus IMAPS POP3S, . ESET Endpoint Antivirus , SSL (Secure Socket Layer ) TLS(Transport Layer Security ). , , IMAPS/POP3S, .
, . , SSL/TLS, , SSL/TLS, SSL/TLS.
70
3.9.2.2.3
, POP3 IMAP. plug-in Microsoft Outlook ESET Endpoint Antivirus (POP3, MAPI, IMAP, HTTP). , ThreatSense. , , . , POP3 IMAP, , .
> > .
ThreatSense: , . , .
. - , - . , - HTML- . - . :
: - .
: , ( ).
: .
: , . ( ). , .
, : , . "!", ("[virus]"), : "[virus] !". %VIRUSNAME% .
71
3.9.2.3
. , . - HTTP( ) HTTPS ( HTTP).
- . - ThreatSense . : .
. , ESET Endpoint Antivirus > > .
(F5) > > :
-: , -.
URL-: HTTP-, , .
ThreatSense: , ,, ( , ), .
72
3.9.2.3.1 -
ESET Endpoint Antivirus HTTP, -.
Windows Vista HTTP . Windows XP , HTTP, (F5) > > > - > HTTP. HTTP , .
ESET Endpoint Antivirus HTTPS. HTTPS . ESET EndpointAntivirus , SSL (Secure Socket Layer ) TLS (Transport Layer Security ). , , HTTPS, .
, . , SSL/TLS, , SSL/TLS, SSL/TLS.
3.9.2.3.2 URL-
URL- HTTP-, , .
- , . - , , .
SSL, HTTPS - HTTP. HTTPS, URL-.
: (*) (?). - , - . , . , , * ? . HTTP-/ , , . , . , .
HTTP-, , * .
73
: . , . , - , . , .
: . , .
: . , , .
3.9.2.4 -
"" ( ). , , , - . . . ESET Endpoint Antivirus -, -, , , .
ESET Endpoint Antivirus. (F5) > -.
, - ESET Endpoint Antivirus.
-
- . -, ( ).
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN3100
74
-, , . - , URL-. (F5) > > URL-> , -, .
/ - ESET .
- ESET, , .
- .
- . .
- . [email protected]. - (, -, , ).
http://phishing.eset.com/report/ukrhttp://phishing.eset.com/remove/ukrhttp://phishing.eset.com/remove/ukrmailto:[email protected]
75
3.9.3
ESET Endpoint Antivirus . , . : .
, , , , . , .
, , , . . . , , , ESET.
ESET Endpoint Antivirus , , , . , .
ESET ESET Endpoint Antivirus.
: ESET Endpoint Antivirus.
: . , : , .
: .
: , .
76
, . . , .
! . , , . .
: . . .
77
.
1. : . . ( , F5 ) . > .
78
2. : . (, - -). - , , . -, .
. ESET.
3.9.3.1
(F5) . (, ).
. , , .
, , / .
: ( ), . : 7.
, / ,
http://go.eset.eu/knowledgebase?lng=1058&segment=business&KBID=SOLN2850
79
. , , .
ESET Endpoint Antivirus . , . , .
( (F5) > > ), , .
, . , , ESET ( HTTP).
, , . , .
. ESET . ( - ) , . - . , , . , X. , , .
80
: . , . , .
: , . , . , .
. . ESET .
HTTP- ( "") :http://____IP-:2221.
HTTP- SSL : https://____IP-:2221.
: \\computer_name_or_its_IP_address\shared_f older
, . - . .
3.9.3.1.1
. , , .
( ). , , .
3.9.3.1.2
( (F5) > > ), , .
( ) . , .
,
https://???_?????????_???_????_IP-??????:2221.
81
.
, 10646. 10645 10643 . , 10644 (, , , 10644, ). 2 , ( ) 10643. . , ESET Endpoint Antivirus .
3.9.3.1.3
, . .
. . . .
: . , .
: . , .
: . , .
, . . , .
: . ESET Endpoint Antivirus , .
, .
, , (), .
3.9.3.1.4 - HTTP
- , (F5) > - HTTP. - .
-
-
-
-, -, > > -.
-, , ESET Endpoint Antivirus -.
82
- .
- ESET Endpoint Antivirus ( > -). : - (), (3128 ), - ( ).
- , ESET EndpointAntivirus - .
-. Internet Explorer, (, ), , - HTTP . .
- -.
, - : - , .
( ) -. , . , / ESET Endpoint Antivirus. , , - .
3.9.3.1.5
Windows NT .
, :
( ),
,
.
( ), . , , .
, , . , , .
, , . , . , . .
, . . : _\ ( __\) . HTTP- .
83
, , .
3.9.3.1.6
ESET Endpoint Antivirus , . ( ) , . - . . .
- . , F5, > .
, . , , .
HTTP-: , HTTP ( ).
HTTP-, Windows XP 2 .
- . : HTTP-.
, ,
84
. , , C:\ProgramData\ESET\ESET Endpoint Antivirus\mirror, , . , . Windows NT/2000/XP, . : / /. .
: , . .
HTTP-
: 2221.
: . : , NTLM. , base64 . NTLM . . , , .
, HTTP- HTTPS (SSL). : ASN, PEM PFX. HTTPS. . ( ). , .
: ( ), .
85
. . .
, , .
: . . .
: .
3.9.3.1.6.1
, . HTTP-.
HTTP-
, . HTTP-, > > > .
HTTP- , HTTP-, ( ), HTTP-. 2221. . : , NTLM. , base64 . NTLM . . , , .
HTTP-, , ESET Endpoint Antivirus, .
SSL HTTP-
, HTTP- HTTPS (SSL). : PEM, PFX ASN. HTTPS. . , , .
, () . > > > . .
86
- . .
(F5) > > .
:http://IP___:2221https://IP___:2221 ( SSL)
. , , , ESET Endpoint Antivirus .
> > > , HTTP-. .
, . , ESET Endpoint Antivirus (F5) > > . , .
\\UNC\ .
1. ESET Endpoint Antivirus > > .2. \\UNC
\PATH.
UNC. .
87
. . , , , . . .
3.9.3.1.6.2
- : , , , , . , .
ESET Endpoint Antivirus -: , ( ), . , Windows, , OK. .
ESET Endpoint Antivirus : , ( ) . , . , . , /_ _/_ . - " ", , - . " " " - ". , . , " ", .
ESET Endpoint Antivirus -: , HTTP- , .
3.9.3.2
, , .
. , > . ESET Endpoint Antivirus .
. , . . .
88
3.9.4
, .
:
( ESET LiveGrid ESET Endpoint Antivirus)
ESET SysInspector
: ESET. , , .
ESET SysRescue: ESET SysRescue Live, ESET SysRescueLive Live CD/USB Creator Microsoft Windows.
89
3.9.4.1
. , . . , , . ESET Endpoint Antivirus. .
, > . . :
: , ESET EndpointAntivirus. , , , , , . - , .
: , ESET Endpoint Antivirus, . , . , . , .
: . . - , .
: , . , , , .
HIPS: , . , , ( ), .
-: -, . , URL-, , .
: , . , . , . , , ().
( Ctrl + C). . Ctrl Shift .
, , .
90
, . .
: .
: (, ).
.../...: .
: .
: ( ).
/ : .
/ : ( ).
...: XML.
: XML.
: , .
3.9.4.1.1
. .
. , .
: :
: , , .
: , , .
: .
: , " ", .
: ( , ). : , .
: , , .
: , .
: , .
3.9.4.2 -
- . . . ESET Endpoint Antivirus - .
-, - >-. - ESET Endpoint Antivirus. , .
- , -, - .
- , - . ,
91
- . , Internet Explorer.
-.
, - : - HTTP, , - ESET.
- : > > - HTTP - -. . , . , . .
3.9.4.3
"" .
"" ESET Endpoint Antivirus, > . , , , .
: , , . ( ). - , : , , . , .
:
( )
( )
( , ), ... .
1. .
2. .
92
3. :
: .
: , . .
: , .
: ESET SysInspector, (, , ) .
: .
: , .
4. , ( , / ), :
: .
: .
: .
: .
: , .
5. , , , . . , , :
, ( )
, .
93
3.9.4.4
, ESET Endpoint Antivirus, > . , . , .
:
: .
: , .
: , .
-: , -.
, , . , , , .
3.9.4.5
, > . , . .
.
1 : 10.
1 ( 24 ): 24 .
1 ( ): .
1 ( ):
94
().
( ) ( ) . ()//. , .
3.9.4.6 ESET SysInspector
ESET SysInspector , , , . , . , .
SysInspector :
: .
: .
: , .
: .
:
: . .
: .
...: . , , ESET SysInspector ( "").
: .
:
: ESET SysInspector ( ).
: .
...: . , , ESET SysInspector ( "").
: .
...: .xml .xml.
3.9.4.7 ESET LiveGrid
ESET LiveGrid , . . , ESET . ESET LiveGrid. ESET Endpoint Antivirus .
1. ESET LiveGrid. , ESET Endpoint Antivirus , .
2. ESET LiveGrid . ESET . ESET .
ESET LiveGrid . , , , , , , ,
95
.
ESET Endpoint Antivirus ESET. , .doc .xls, . , .
ESET LiveGrid . ESET LiveGrid, F5 ( ), > ESET LiveGrid.
ESET LiveGrid (): ESET LiveGrid ESET , , .
: ESET , , , , .
: , , ESET.
, . . , , .
(): - , . , ESET, .
: . , , (, ). ESET, . (.doc ). .
ESET LiveGrid, , , . ESET. .
96
3.9.4.8
ESET . ESET Endpoint Antivirus , ESETLiveGrid.
: ESET Endpoint Antivirus ESET LiveGrid (, , ), , . : 1 () 9 ().
: , . Windows. , " " Ctrl+Shift+Esc .
PID: , Windows.
() ( ) . .
: , . ESET LiveGrid.
: , ESET LiveGrid.
(), .
97
. , , ESET. , , .
: , .
, .
: .
: () ().
: .
: .
: .
: / .
: .
: .
, /. , , > ESETLiveGrid.
3.9.4.9
ESET . , > . , , -, ESET. , - , .
. , WinRAR/ZIP, "infected", [email protected]. , (, -, ).
ESET, , .
-
-
, , .
, :
(-, - )
(, )
,
mailto:[email protected]
98
/ -, .
, ESET , , . . ESET ( , ), .
3.9.4.10
ESET Endpoint Antivirus , . , .
SMTP
SMTP-: SMTP (, smtp.provider.com:587, 25).
SMTP TLS ESET Endpoint Antivirus.
: SMTP- , , SMTP-.
: , .
: , . , .
99
, .
: , , .
: (, ), , .
: ( ).
: ( ) .
: ( ).
TLS: TLS.
, (): , . 0, .
: , . .
( Windows). . , , .
: , .
: . . (, ) .
: ANSI Windows (, windows-1250). , ACSII (7-)(, "" "a", "?").
: Quoted-printable (QP), ASCII 8- ().
(, %) , . :
%ComputerName%: , .
%ProgramName%: , .
%TimeStamp%: .
%UserName%: , , .
%InfectedObject%: , .
%VirusName%: .
%ErrorDescription%: , .
%Scanner%: .
%Action%: , .
%InfectedObject% %VirusName% , %ErrorDescription% .
100
3.9.4.11
. , , ESET Endpoint Antivirus .
- . , . ESET.
, , , , , , (, , ) (, , ).
ESET Endpoint Antivirus ( ). - , . . : .
. , "" . , . ..., , , .
: Delete .
101
.
, , ESET.
, , , ESET. , .
3.9.4.12 Microsoft Windows
Windows Update . Microsoft Windows , . ESET Endpoint Antivirus , . .
: .
: , , .
: , , , .
: , , , .
: .
OK, . " " . , .
3.9.4.13 ESET CMD
ecmd, (ecmd.exe). . .xml.
ESET CMD , .
. , - , .
. .xml, ( , .xml). , , , . , .xml , .
ESET CMD , . .
! ecmd, Windows (cmd), . , Error executing command.. , , .
102
ecmd . ERA .
:ecmd /getcfg c:\config\settings.xml
:ecmd /setcfg c:\config\settings.xml
.xml
1. XmlSignTool ESET, . eset .xml.
2. Windows (cmd), .
3. XmlSignTool.exe..
4. , .xml: XmlSignTool
5. XmlSignTool, , . .xml , ESETCMD " ".
ESET CMD , - . > > , .
3.9.5
.
, .
, - .
, . .
, > . .
, . , ESET Endpoint Antivirus .
, , .
https://www.eset.com/int/download-utilities/
103
3.9.5.1
ESET Endpoint Antivirus . > ESET Endpoint Antivirus.
. , .
: .
: , .
: .
: , . , . .
, , . , "", > ESET> ESET EndpointAntivirus. ESET Remote Administrator.
ESET Endpoint Antivirus, .
ESET Endpoint Antivirus (, ), .
: ESET Endpoint Antivirus .
: , , .
: , .
: , .
. : ESETEndpoint Antivirus, MSP, .
104
105
3.9.5.2
ESETEndpoint Antivirus. - . , ESET Endpoint Antivirus . > ( (F5)).
: . , "".
, .
: , ( ) ( (UAC) Windows Vista). .
Windows XP:
( UAC): , ESETEndpoint Antivirus .
106
3.9.5.3
(, ) ESET Endpoint Antivirus. ( , ).
, . ().
, . . , . , . (, ) .
, . .
: , , .
: , , .
: .
: , " ", .
: ( , ).
.
107
, , . , . , .
, . , .
: , , .
3.9.5.3.1
, (, HIPS) .
! , ( ). HIPS .
3.9.5.4
,
.
: , , , , , .
108
, .
: , . , F5 > .
: .
ESET Endpoint Antivirus: ESET Endpoint Antivirus, .
: ESET Endpoint Antivirus .
: .
: , , ESET Endpoint Antivirus , . .
3.9.5.5
, () . , .
ESET Endpoint Antivirus . > .
: ESET Endpoint Antivirus .
109
3.10
3.10.1
ESET Endpoint Antivirus: .
. ( , ) , .
, (F5) > , . . , , ThreatSense, .
. , , Smart-, . . . OK, .
. ( ) , .
, , , () , ( ) ESET. : , ESET. , > . , .
: , . , .
: .
3.10.2
ESET (, ekrn). , . ESET Endpoint Antivirus . :
( ), .
: , . , . , , .
: . , .
: , PCAP, ,
110
.
:C:\ProgramData\ESET\ESET Smart Security\Diagnostics\ Windows Vista C:\Documents and Settings\All Users\... Windows.
: .
: , Windows.
3.10.3
ESET Endpoint Antivirus .xml .
, ESET Endpoint Antivirus . , : , .xml.
. > /, . ... , .
. > /. , (, export.xml). , .
, .
111
3.10.4
ESET Endpoint Antivirus : ( ecls) (bat). ESET:
ecls [OPTIONS..] FILES..
.
/base-dir= /quar-dir= /exclude= , , /subdir ( )/no-subdir /max-subdir-level= , /symlink ( )/no-symlink /ads ADS ( )/no-ads ADS/log-file= /log-rewrite ( )/log-console ( )/no-log-console /log-all /no-log-all ( )/aind /auto
/files ( )/no-files /memory /boots /no-boots ( )/arch ( )/no-arch /max-obj-size= ,
( 0 = )/max-arch-level= ( ) /scan-timeout= , /max-arch-size= , (
0 = )/max-sfx-size= ,
( 0 = )/mail ( )/no-mail /mailbox ( )/no-mailbox /sfx ( )/no-sfx /rtp ( )/no-rtp /unsafe /no-unsafe ( )/unwanted /no-unwanted ( )
112
/suspicious ( )/no-suspicious /pattern ( )/no-pattern /heur ( )/no-heur /adv-heur ( )/no-adv-heur /ext= , , /ext-exclude= , , /clean-mode=
.
.
( ) ecls.exe .
ecls.exe ( ).
ecls.exe .
ecls.exe , (, Windows).
/quarantine ( ) ( , )
/no-quarantine
/help /version /preserve-time
0 1 10 ( ) 50 100
100 , , , .
3.10.5
> > ( ). , :
;
;
.
, .
113
3.10.6 ESET SysInspector
3.10.6.1 ESET SysInspector
ESET SysInspector , . , , , , .
ESET SysInspector : ESET Security (SysInspector.exe) - ESET. . . .xml . > ESET SysInspector ( ESET Remote Administrator). , . ESET SysInspector ESET Endpoint Antivirus.
, ESET SysInspector . 10 , , .
3.10.6.1.1 ESET SysInspector
ESET SysInspector, SysInspector.exe, - ESET. ESET Security, ESET SysInspector "" ( > ESET > ESET Endpoint Antivirus).
, . .
114
3.10.6.2
: , , , , . " " ( , , , , ).
3.10.6.2.1
, ESET SysInspector.
, . . ( , , , , ).
ESET SysInspector , . Windows Vista.
, .
, , .
115
.
."" , . "" . "" ESETSysInspector , .
. , . ( 1), . , , , , . , .
, 69, . ESET, ESET SysInspector - , ESET Online Scanner. ESET Online Scanner .
, , , .
, , , .
. .
, , . Backspace .
, .
!, , , ., , , . , .
http://go.eset.eu/onlinescanner?lng=1058
116
3.10.6.2.2 ESET SysInspector
ESET SysInspector . , , . , . , . , .
.
, . : , , , .
, , .
, , . ESET SysInspector , \??\. ; .
, , (TCP UDP), , . IP- DNS-.
, , .
, , , , .
, . .
, Windows. , .
, .
Microsoft Windows.
, Windows /.
, , .
117
Program Files. .
ESET SysInspector .
3.10.6.2.2.1
ESET SysInspector .
Ctrl+O Ctrl+S
Ctrl+G Ctrl+H
1, O , 192 , 293 , 394, U , 495 , 596 , 697, B , 798 , 899 , 9- + Ctrl+9 , Ctrl+0 ,
Ctrl+5 ( )Ctrl+6 ( Microsoft)Ctrl+7 ( )Ctrl+3 Ctrl+2 Ctrl+1 BackSpace Ctrl+W Ctrl+Q
Ctrl+T Ctrl+P Ctrl+A Ctrl+C Ctrl+X Ctrl+B Ctrl+L , Ctrl+R
118
Ctrl+Z ( )Ctrl+F Ctrl+D Ctrl+E
Ctrl+Alt+O / Ctrl+Alt+R Ctrl+Alt+1 Ctrl+Alt+2 ; ,
Ctrl+Alt+3 ; ,
Ctrl+Alt+4 ( )Ctrl+Alt+5 Ctrl+Alt+C Ctrl+Alt+N Ctrl+Alt+P
F1 Alt+F4 Alt+Shift+F4 Ctrl+I
3.10.6.2.3 ""
"" . , . , .
, . > , . . , > . ESET SysInspector .
, , . , > , . , . .
, > , ZIP-. . , , , .
ESET SysInspector , .
, , .
, ;
;
, ;
;
/ ;
/;
/ ;
/ .
119
, .
- .
".xml". , ESET SysInspector . .xml.
, > . , .
:
SysIsnpector.exe .xml .xml
3.10.6.3
ESET SysInspector :
/gen /privacy /zip zip-/silent /blank ESET SysInspector /
:Sysinspector.exe [load.xml] [/gen=save.xml] [/privacy] [/zip] [compareto.xml]
, SysInspector.exe .\clientlog.xml , SysInspector.exe /gen=.\mynewlog.xml , SysInspector.exe /gen=.\mynewlog.zip /privacy /zip , SysInspector.exe new.xmlold.xml
/ , .
120
3.10.6.4
, ESET SysInspector, .
ESET SysInspector . , , .
, . .
, , , .
1. ESET SysInspector, .2. ( ), Shift ,
.3.
.4. .5. : "-" "+"
, . , /, .
6. ESET SysInspector, > .
7. OK, .
3.10.6.4.1
, - ( ) ESET SysInspector. .
.
3.10.6.4.2
(ev), (gv) (lv). .xml, . .
, ( , ). , , "-" "+". . .
01) Running processes ( )
, . UNC - CRC16, (*).
121
01) Running processes:
- \SystemRoot\System32\smss.exe *4725*
- C:\Windows\system32\svchost.exe *FD08*
+ C:\Windows\system32\module32.exe *CF8A*
[...]
module32.exe ( "+"); .
02) Loaded modules ( )
.
02) Loaded modules:
- c:\windows\system32\svchost.exe
- c:\windows\system32\kernel32.dll
+ c:\windows\system32\khbekhb.dll
- c:\windows\system32\advapi32.dll
[...]
khbekhb.dll "+". , , , .
03) TCP connections ( TCP)
TCP.
03) TCP connections:
- Active connection: 127.0.0.1:30606 -> 127.0.0.1:55320, owner: ekrn.exe
- Active connection: 127.0.0.1:50007 -> 127.0.0.1:50006,
- Active connection: 127.0.0.1:55320 -> 127.0.0.1:30606, owner: OUTLOOK.EXE
- Listening on *, port 135 (epmap), owner: svchost.exe
+ Listening on *, port 2401, owner: fservice.exe Listening on *, port 445 (microsoft-ds), owner:
System
[...]
, TCP , .
04) UDP endpoints ( UDP)
UDP.
04) UDP endpoints:
- 0.0.0.0, port 123 (ntp)
+ 0.0.0.0, port 3702
- 0.0.0.0, port 4500 (ipsec-msft)
- 0.0.0.0, port 500 (isakmp)
[...]
, UDP .
05) DNS server entries ( DNS-)
DNS-.
122
05) DNS server entries:
+ 204.74.105.85
- 172.16.152.2
[...]
DNS- .
06) Important registry entries ( )
.
06) Important registry entries:
* Category: Standard Autostart (3 items)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HotKeysCmds = C:\Windows\system32\hkcmd.exe
- IgfxTray = C:\Windows\system32\igfxtray.exe
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Google Update = "C:\Users\antoniak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
* Category: Internet Explorer (7 items)
HKLM\Software\Microsoft\Internet Explorer\Main
+ Default_Page_URL = http://thatcrack.com/
[...]
, 0 , . , , .
07) Services ()
, .
07) Services:
- Name: Andrea ADI Filters Service, exe path: c:\windows\system32\aeadisrv.exe, state: Running,
startup: Automatic
- Name: Application Experience Service, exe path: c:\windows\system32\aelupsvc.dll, state: Running,
startup: Automatic
- Name: Application Layer Gateway Service, exe path: c:\windows\system32\alg.exe, state: Stopped,
startup: Manual
[...]
, , .
08) Drivers ()
.
08) Drivers:
- Name: Microsoft ACPI Driver, exe path: c:\windows\system32\drivers\acpi.sys, state: Running,
startup: Boot
- Name: ADI UAA Function Driver for High Definition Audio Service, exe path: c:\windows\system32
\drivers\adihdaud.sys, state: Running, startup: Manual
[...]
. , .
09) Critical files ( )
, .
123
09) Critical files:
* File: win.ini
- [fonts]
- [extensions]
- [files]
- MAPI=1
[...]
* File: system.ini
- [386Enh]
- woafont=dosapp.fon
- EGA80WOA.FON=EGA80WOA.FON
[...]
* File: hosts
- 127.0.0.1 localhost
- ::1 localhost
[...]
, .
3.10.6.4.3
, . ESET SysInspector, "". : "%Scriptname%"? , , , . , .
.
, : . ? , , .
, : . . ? ( , , ). .
3.10.6.5
ESET SysInspector?
ESET SysInspector , , , . " " " ", .
ESET SysInspector ?
ESET SysInspector . , > . XML-. %_%\ \ "SysInpsector-%_%--.XML". .
ESET SysInspector?
, ESET SysInspector, > . , ESET SysInspector. ESET SysInspector,
124
SYSINSPECTOR.EXE ; , . Windows Vista/7 , .
? SDK?
, SDK , . .
ESET SysInspector , ?
ESET SysInspector (, , ), , . : 1 () 9 (). .
"6 ()" , ?
ESET SysInspector , : . ESETSysInspector , , .
ESET SysInspector ?
, ESET SysInspector , , ESET . , , . Microsoft Windows.
Anti-Stealth?
Anti-Stealth .
, , . .
" MS" ""?
, ESET SysInspector , . , . , ESI CAT ( %systemroot%\system32\catroot), . CAT, CAT.
" MS", " " .
3.10.6.6 ESET SysInspector ESET Endpoint Antivirus
ESET SysInspector ESET Endpoint Antivirus, > ESET SysInspector. ESET SysInspector . (, , , ) .
ESET SysInspector : , , , , .
, , , ESET SysInspector. . , .
125
, ....
.
. , . , .
... . . , . . .
/ .
... XML- ( ZIP).
3.10.7
Remote Monitoring and Management (RMM) is the process of supervising and controlling software systems using alocally installed agent that can be accessed by a management service provider. The default ESET Endpoint Antivirus installation contains the file ermm.exe located in the Endpoint application within the directory c:\Program Files\ESET\ESET Security. ermm.exe is a command line utility designed to facilitate the management of endpointproducts and communications with any RMM Plugin. ermm.exe exchanges data with the RMM Plugin, whichcommunicates with the RMM Agent linked to an RMM Server. By default, the ESET RMM tool is disabled. For moreinformation, see .
The default ESET Endpoint Antivirus installation contains file ermm.exe located in the Endpoint applicationdirectory (default path c:\Program Files\ESET\ESET Security ). ermm.exe exchanges data with the RMM Plugin, whichcommunicates with the RMM Agent that is linked to an RMM Server.
ermm.exe command line utility developed by ESET that allows managing of Endpoint products andcommunication with any RMM Plugin.
126
3.10.7.1 RMM
Remote monitoring management is run using the command line interface. The default ESET Endpoint Antivirusinstallation contains the file ermm.exe located in the Endpoint application within the directory c:\Program Files\ESET\ESET Security.
Run the Command Prompt (cmd.exe) as an Administrator and navigate to the mentioned path. (To open CommandPrompt, press Windows button + R on your keyboard, type a cmd.exe into the Run window and press Enter.)
The command syntax is: ermm context command [options]
Also note that the log parameters are case sensitive.
ermm.exe uses three basic contexts: Get, Start and Set. In the table below you can find examples of commandssyntax. Click the link in the Command column to see the further options, parameters, and usage examples. Aftersuccessful execution of command, the output part (result) will be displayed.