How ESET Protects Your Microsoft SharePoint Server — Features & Best Practices

How ESET Protects Your Microsoft SharePoint Server — Features & Best Practices

Key protection features

• Real-time file system scanning: Blocks known malware and suspicious files as they are uploaded or created on the SharePoint server.
• On-access and on-demand scanning: Integrates with SharePoint file operations (uploads, downloads, check-in/check-out) and supports scheduled/full manual scans.
• Heuristic and machine-learning detection: Identifies previously unknown threats using behavioral and ML models alongside signature-based detection.
• Exploit and script protection: Detects and blocks malicious scripts and exploit attempts targeting server-side components or integrated services.
• Centralized management: Policy rollouts, alerts, and reporting via ESET Protect (management console) for consistent configuration across servers.
• Low system impact / performance tuning: Resource-aware scanning to minimize latency for user operations and preserve SharePoint responsiveness.
• Integration with backups and file stores: Safe-scan settings to avoid interfering with backup jobs and third-party storage connectors.
• Logging and forensic data: Detailed logs and quarantine for incident investigation and rollback of infected files.

Recommended configuration best practices

1. Deploy ESET Protect management console: Centralize policies, updates, endpoint groups, and alerts for all SharePoint servers.
2. Use on-access scanning with SharePoint-aware settings: Enable scanning on upload and before file check-in; exclude known safe system folders used by SharePoint to avoid conflicts.
3. Schedule regular full scans during low-usage windows: Nightly or weekly full-content scans to catch anything missed by on-access protection.
4. Enable advanced heuristics and script protection: Turn on exploit and script modules to reduce zero-day risk for web-facing server components.
5. Tune performance settings: Configure scanning priority, CPU usage limits, and RAM thresholds so scans do not degrade user experience.
6. Whitelist trusted integrations carefully: Create targeted exclusions for backup software, anti-malware scanning of backups, and search/indexing temp files—avoid broad exclusions that reduce protection.
7. Maintain up-to-date signatures and engine updates: Use automatic update policies in ESET Protect with staged rollouts if needed.
8. Harden server OS and SharePoint configuration: Combine ESET with least-privilege service accounts, latest OS/SharePoint patches, and network segmentation.
9. Enable detailed logging and alerts: Configure real-time alerting for quarantines, detections of high-severity threats, and repeated failed scans.
10. Test upgrade and recovery procedures: Periodically validate restore-from-quarantine, policy deployment, and ESET agent upgrades in a staging environment.

Incident response and operational tips

• Quarantine workflow: Set quarantine retention and automatic notification to admins; review quarantined files before permanent deletion.
• Forensics: Export logs of detections (file hashes, paths, timestamps) for correlation with SIEM and endpoint telemetry.
• Rollback and recovery: Keep clean backups isolated; after remediation, scan restored content before reintroducing to production.
• User education: Inform content authors about safe upload practices and automated scanning behavior to reduce false positives.
• Regular audits: Review exclusions, policy deviations, and detection trends monthly to adjust protections.

Troubleshooting common issues

• Slow uploads: Lower scan priority during peak hours or exclude specific SharePoint temp/indexing folders.
• False positives on custom file types: Create targeted file-type or path-based exclusions and submit samples to ESET for analysis.
• Scan conflicts with backup jobs: Schedule scans and backups at different times or exclude backup archive locations.
• Management console connectivity problems: Verify firewall rules, certificates, and agent versions; use staged agent updates.

Quick checklist for deployment

• Deploy ESET agents and ESET Protect console.
• Enable on-access scanning for SharePoint file operations.
• Configure exclusions for known safe system paths only.
• Schedule full scans off-hours.
• Activate exploit/script protection modules.
• Set up alerting and log forwarding to SIEM.
• Test quarantine, restore, and upgrade procedures.