It wasn't until 1992 when Miroslav Trnka and Peter Paško, together with Rudolf Hrubý, established ESET as a privately owned limited liability company in the former Czechoslovakia.

[10] In December 2018, ESET partnered with No More Ransom,[11] a global initiative that provides victims of ransomware decryption keys, thus removing the pressure to pay attackers.

[citation needed] ESET's first product was NOD, an antivirus program for computers running the MS-DOS operating system.

In 2019, ESET released an Advanced Machine Learning detection layer that can analyze samples locally on endpoints even when offline.

[41] At the time of the NotPetya outbreak, ESET and Cisco tracked down the point from which the global ransomware attack had started to companies afflicted with a TeleBots backdoor, resulting from the compromise of M.E.Doc, a popular financial software in Ukraine.

[citation needed] In addition, ESET found that multiple threat actors had access to the details of the vulnerabilities even before the release of the patches.

Except for DLTMiner, which is linked to a known cryptomining campaign, all of these threat actors are APT groups interested in espionage: Tick, LuckyMouse, Calypso, Websiic, Winnti Group, Tonto Team, ShadowPad activity, The "Opera" Cobalt Strike, IIS backdoors, Mikroceen, DLTMiner,[43] and FamousSparrow.

[46] Then ESET discovered another KrØØk related vulnerability (CVE-2020-3702) in chips by Qualcomm and MediaTek, as well as in the Microsoft Azure Sphere development kit, with the main difference being that the traffic is not encrypted at all.

[47] Other notable research includes the discovery of LoJax, the first UEFI rootkit found in the wild, which was used in a campaign by the Sednit (aka Fancy Bear) APT group.

LoJax is written to a system's SPI flash memory from where it is able to survive an OS reinstall and a hard disk replacement.

[48] In 2021, ESET discovered another UEFI malware called ESPecter,[49] which is the second real-world bootkit after FinSpy[50] known to persist on the EFI System Partition in the form of a patched Windows Boot Manager.

In 2021, ESET released the white paper Anatomy of native IIS malware,[51] which analyzed over 80 unique samples of malicious native extensions for Internet Information Services (IIS) web server software used in the wild and categorized these into 14 malware families — 10 of which were previously undocumented.

Among these families, IIS malware demonstrated five main modes of operation: ESET also works alongside experts from competitors and police organizations all over the world to investigate attacks.

[55] Then in 2020, ESET partnered with Microsoft, Lumen's Black Lotus Labs, and NTT Ltd. in an attempt to disrupt Trickbot, another botnet.