advertisement
ESET PROTECT
Guide for Small and Medium-sized
Businesses
Click here to display the online version of this document
Copyright ©2021 by ESET, spol. s r.o.
ESET PROTECT was developed by ESET, spol. s r.o.
For more information visit https://www.eset.com.
All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author.
ESET, spol. s r.o. reserves the right to change any of the described application software without prior notice.
Technical Support: https://support.eset.com
REV. 8/19/2021
.........................................................................................................................................
.......................................................................................................................................
2.1 Manageable ESET endpoint products
............................................................................................
2.2 New features in ESET PROTECT 8.1
...............................................................................................
3 ESET PROTECT components and architecture
...................................................................................
........................................................................................................................
...................................................................................................................................
.......................................................................................................................
....................................................................................................................................
....................................................................................................................................
5 Install the ESET PROTECT server
.......................................................................................................
5.1 All-in-one installation of ESET PROTECT Server
..............................................................................
.....................................................................................................................
7 Deploy ESET Management Agent and ESET endpoint products
......................................................
7.1 Deployment package creation
....................................................................................................
.......................................................................................................
7.4 ESET Remote Deployment Tool
...................................................................................................
...........................................................................................................
.........................................................................................................................
...............................................................................................................................
...............................................................................................................................
....................................................................................................................................
...............................................................................................................................
...................................................................................................................................
......................................................................................................................................
............................................................................................................................
......................................................................................................................
.............................................................................................................................
..............................................................................................................
8.13 Users and permission sets
.......................................................................................................
............................................................................................................................
........................................................................................................
................................................................................................................................
1
Introduction
This guide is intended for a small to medium-sized businesses that manage up to 250 Windows ESET endpoint products using ESET PROTECT 8.
It will explain basic concepts important for deploying and using ESET security products.
ESET PROTECT 8
ESET PROTECT 8 (formerly ESMC) is an application that allows you to manage ESET products on client workstations, servers and mobile devices in a networked environment from one central location. The built-in task management system in ESET PROTECT allows you to install ESET security solutions on remote computers and quickly respond to new problems and detections.
ESET PROTECT does not provide protection against malicious code by itself. Protection of your environment depends on the presence of an ESET security solution such as ESET Endpoint Security on workstations.
Introduction
This guide is intended for a small to medium-sized businesses that manage up to 250 Windows ESET endpoint products using ESET PROTECT 8.
It will explain basic concepts important for deploying and using ESET security products.
ESET PROTECT 8
ESET PROTECT 8 (formerly ESMC) is an application that allows you to manage ESET products on client workstations, servers and mobile devices in a networked environment from one central location. The built-in task management system in ESET PROTECT allows you to install ESET security solutions on remote computers and quickly respond to new problems and detections.
ESET PROTECT does not provide protection against malicious code by itself. Protection of your environment depends on the presence of an ESET security solution such as ESET Endpoint Security on workstations.
Manageable ESET endpoint products
ESET endpoint products are primarily designed for use on workstations in a small business/enterprise environment and can be used with ESET PROTECT.
ESET PROTECT 8 is able to deploy, activate or manage the following ESET endpoint products:
Manageable via ESET PROTECT 8 Product version
ESET Endpoint Security for Windows 6.5+, 7.x, 8.x
ESET Endpoint Antivirus for Windows 6.5+, 7.x, 8.x
ESET Endpoint Security for macOS 6.8+
2
Manageable via ESET PROTECT 8 Product version
ESET Endpoint Antivirus for macOS 6.8+
ESET Endpoint Security for Android 2.x
See also the full list of manageable ESET security products .
New features in ESET PROTECT 8.1
Automatic upgrade of ESET Management Agent
With this version, ESET is enabling the automatic upgrade of all management agents. When a new version of a management agent is released in the future, existing agents in the network will be automatically upgraded to the latest compatible version in a few weeks. Learn More
VDI, cloning and hardware detection
ESET is also enabling the management of workstations and servers delivered just-in-time via VMware instant clone technology. Learn More
Other improvements and usability changes
You can find more details in the changelog .
ESET PROTECT components and architecture
To perform a complete deployment of the ESET security solutions portfolio, the following components must be installed:
• ESET PROTECT Server (controls the communication with client computers)
• ESET PROTECT Web Console (browser-based user interface for the ESET PROTECT Server)
• ESET Management Agent (deployed on client computers, communicates with ESET PROTECT Server)
The following supporting components are optional, we recommend that you install them for best performance of the application on the network:
• Apache HTTP Proxy
• RD Sensor (can detect unmanaged computers on the network)
Note
See also
ESET PROTECT component structure .
Server
The ESET PROTECT Server is the application that processes all data received from clients that connect to the
Server (through the ESET Management Agent).
Agent
The ESET Management Agent is an essential part of ESET PROTECT. Client computers do not communicate with the Server directly, rather the Agent facilitates this communication. The Agent collects information from the client and sends it to the ESET PROTECT Server. If the ESET PROTECT Server sends a task to the client, it is sent to the
Agent which then sends this task to the ESET endpoint product running on the client.
Web Console
ESET PROTECT Web Console is a browser-based user interface that allows you to manage ESET security solutions in your environment. It displays an overview of the status of clients on your network and can be used to deploy
ESET solutions to unmanaged computers remotely. If you choose to make the web server accessible from the internet, you can use ESET PROTECT from virtually any place and device.
Apache HTTP Proxy
Apache HTTP Proxy is a service that can be used in combination with ESET PROTECT 8 to distribute installation packages and updates to client computers. It acts as a transparent proxy, meaning it caches files that have already been downloaded to minimize Internet traffic on your network.
Using Apache HTTP Proxy offers the following benefits:
• Downloads and caches the following: o Detection engine updates o Activation tasks, including communication with activation servers and caching of license requests o ESET PROTECT repository data o Product component updates—Apache proxy caches and distributes updates to endpoint clients on your network.
• Minimized internet traffic on your network.
Rogue Detection Sensor
Rogue Detection Sensor (RD Sensor) searches your network for computers not registered in ESET PROTECT. This component can locate new computers and add them in ESET PROTECT automatically.
Note
Rogue Detection Sensor can take up to 24 hours to locate new computers on your network.
Newly discovered machines are listed in a pre-defined report , making it easy to deploy ESET Management Agent to them, assign them to specific static groups and manage them via
3
4
System requirements
Before you install ESET PROTECT, verify that all hardware ,
network and software prerequisites
are met.
Hardware
ESET PROTECT Server machine should meet the following hardware recommendations in the table below.
Number of clients
Up to 1,000
ESET PROTECT Server + SQL database server
CPU cores CPU clock speed (GHz)
RAM (GB) Disk drive1 Disk IOPS2
4 2.1
4 Single 500
5,000
10,000 3
50,000
100,000
8
8
16
16
2.1
2.1
2.1
2.1
8
16
32
32+
Separate
1,000
2,000
10,000
20,000
The disk drive is the critical factor influencing the ESET PROTECT performance.
The SQL Server instance can share resources with the ESET PROTECT Server to maximize utilization and minimize latency. Run the ESET PROTECT server and the database server on a single machine to increase the ESET PROTECT performance.
Disk drive recommendations
• 1 Single / Separate disk drive - We recommend installing the database on a separate drive for systems with over 10,000 clients.
o The performance of a SQL server is enhanced if you place database and transaction log files on separate drives, preferably separate physical SSD drives.
o Use an enterprise-grade SSD with high IOPS for high-performance systems.
• 2 IOPS (total I/O operations per second) - Minimum required value.
• 3 See the example scenario for 10,000 clients environment.
• We recommend having approximately 0.2 IOPS per connected client, but no less than 500.
• You can check your drive's IOPS using the tool diskspd , use the following command:
Clients number Command
Up to 5,000 clients diskspd.exe -c1000M -b4K -d120 -Sh -r -z -w50 C:\testfile.dat
Over 5,000 clients diskspd.exe -c10000M -b4K -d600 -Sh -r -z -w50 C:\testfile.dat
• Use Solid-state disks (SSD), as they are much faster than the standard HDD.
5
• 100-GB capacity is enough for any number of clients. You may need a higher capacity if you backup the database often.
• Do not use a network drive, as its performance would slow the ESET PROTECT down.
Sizing recommendations for different client counts
Below you can find the performance results for a virtual environment with a set number of clients running for one year.
Note
The database and ESET PROTECT are running on separate virtual machines with identical hardware configurations.
CPU cores CPU clock speed (GHz) RAM (GB)
8
8
4
2
2
2.1
2.1
2.1
2.1
2.1
64
32
32
16
8
10,000 clients
High
Normal
Normal
Low
Performance
20,000 clients
High
Normal
Low
Low
40,000 clients
Normal
Normal
Low
Insufficient
Very low
(not recommended)
Very low
(not recommended)
Insufficient
Operating system
The table below displays the supported Windows operating systems for each ESET PROTECT component. See also a full list of supported operating systems .
Operating System
Windows Server 2008 R2 x64 SP1 with KB4474419 or
KB4490628 installed
Windows Server 2008 R2 CORE x64 with KB4474419 or
KB4490628 installed
Windows Storage Server 2008 R2 x64 with KB4474419 or KB4490628 installed
Windows Server 2012 x64
Windows Server 2012 CORE x64
Windows Server 2012 R2 x64
Windows Server 2012 R2 CORE x64
Windows Storage Server 2012 R2 x64
Windows Server 2016 x64
Windows Storage Server 2016 x64
✔
✔
✔
✔
✔
✔
✔
Server Agent
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
RD Sensor
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
MDM
✔
✔
✔
✔
✔
✔
✔
Windows Server 2019 x64
Microsoft SBS 2011 Standard x64
Microsoft SBS 2011 Essentials x64
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Important
Windows Server 2008 SP2 and Microsoft SBS 2008 SP2 are no longer supported by ESET PROTECT
8.1. For more details, see this article .
Operating System
Windows 7 x86 SP1 with latest Windows updates (at least KB4474419 and KB4490628 )
Windows 7 x64 SP1 with latest Windows updates (at least KB4474419 and KB4490628 )
Windows 8 x86
Windows 8 x64
Windows 8.1 x86
Windows 8.1 x64
Windows 10 x86
Windows 10 x64 (all official releases)
Windows 10 on ARM
Windows 11 x64
Server
✔*
✔*
✔*
Agent
✔
✔
✔
✔
✔
✔
✔
✔
✔
RD Sensor
✔
✔
✔
✔
✔
✔
✔
✔
MDM
✔*
✔*
✔*
✔* ✔ ✔ ✔*
* Installing ESET PROTECT components on a desktop OS might not be in alignment with Microsoft licensing policy.
Check the Microsoft licensing policy or consult your software supplier for details. In SMB / small network environments, we encourage you to consider a Linux ESET PROTECT installation or virtual appliance where applicable.
6
Important
Older MS Windows systems:
• Always have the latest service pack installed, especially on older systems, such as Server 2008 and
Windows 7.
• ESET PROTECT does not support the management of computers running Windows 7 (with no SP),
Widows Vista, and Windows XP.
• Beginning March 24, 2020, ESET will no longer officially support or provide technical support for
ESET PROTECT (Server and MDM) installed on the following Microsoft Windows operating systems:
Windows 7, Windows Server 2008 (all versions).
We do not support illegal or pirated operating systems.
Warning
Starting January 2019, Oracle JAVA SE 8 public updates for business, commercial or production use require a commercial license. If you do not purchase a JAVA SE subscription, you can transition to a no-cost alternative. See the supported versions of JDK .
Note
You can run ESET PROTECT on a non-server OS without the need for ESXi. Install VMware Player on a desktop Operating System and deploy the ESET PROTECT Virtual Appliance .
Network
It is essential that both ESET PROTECT Server and client computers managed by ESET PROTECT have a working
Internet connection so that they can reach the ESET repository and activation servers. If you prefer not to have clients connect directly to the Internet, you can use a proxy server (not the same as Apache HTTP Proxy) to facilitate communication with your network and the Internet.
Computers managed by ESET PROTECT should be connected to the same LAN and/or should be in the same Active
Directory domain as your ESET PROTECT Server. The ESET PROTECT Server must be visible by client computers.
Additionally, client computers must be able to communicate with your ESET PROTECT Server to use remote deployment and the Wake-Up Call feature.
Ports used
If your network uses a firewall, see our list of possible network communication ports used when ESET PROTECT and its components are installed in your infrastructure.
Software
7
The following prerequisites must be met to install the ESET PROTECT Server on Windows:
• You must have a valid license .
• Microsoft .NET Framework 4 must be installed; you can install it using the Add Roles and Features Wizard.
8
• The ESET PROTECT Web Console requires Java/OpenJDK (64-bit).
Warning
Starting January 2019, Oracle JAVA SE 8 public updates for business, commercial or production use require a commercial license. If you do not purchase a JAVA SE subscription, you can transition to a no-cost alternative. See the supported versions of JDK .
• ESET PROTECT supports two types of database servers: MS SQL and MySQL. We recommend that you use
Microsoft SQL Server Express 2019 included with ESET PROTECT All-in-one installer for Windows. If you already have a database server and you want to use it for ESET PROTECT, make sure it meets database requirements .
• The ESET PROTECT Web Console can be run in the following web browsers: o Mozilla Firefox o Microsoft Edge o Google Chrome o Safari o Opera
Note
For the best experience with the ESET PROTECT Web Console we recommend that you keep your web browsers updated.
If you use Internet Explorer, ESET PROTECT Web Console will notify you that you are using an unsupported web browser.
Install the ESET PROTECT server
ESET PROTECT component structure
To manage small to medium-sized networks (1,000 clients or fewer), a single machine with the ESET PROTECT server and all its components (supplied web server, database, and so on) installed on it is usually sufficient. You can think of it as a single server or stand-alone installation. All managed clients are connected directly to the ESET
PROTECT server via the ESET Management Agent. The administrator can connect to the ESET PROTECT Web
Console via a web browser from any computer on the network or run the Web Console directly from the ESET
PROTECT server.
Installation
ESET PROTECT installers are available in different formats to support various installation methods:
• ESET recommends the
for small deployments on Windows.
• ESET recommends deploying a pre-configured ESET PROTECT Virtual Appliance (running on CentOS Linux) if you use a hypervisor. Its deployment is quick and more straightforward than installation on Windows.
Note
If you are upgrading from a previous version of ESET PROTECT, ESMC 7, or ERA 6, follow these instructions.
9
All-in-one installation of ESET PROTECT Server
Note
• Another alternative is to deploy a pre-configured ESET PROTECT Virtual Appliance (if you use a hypervisor).
• If you are upgrading from a previous version of ESET PROTECT, ESMC 7 or ERA 6, follow these instructions.
The ESET PROTECT All-in-one installer is available for Windows operating systems only. The All-in-one installer allows you to install all ESET PROTECT components using the ESET PROTECT installation Wizard.
1. Open the installation package. On the Welcome screen, use the Language drop-down menu to adjust the language settings. Click Next to proceed.
10
2. Select Install and click Next.
3. Deselect the check box next to Participate in product improvement program if you do not agree to send crash reports and telemetry data to ESET. If the check box is left selected, telemetry data and crash reports will be sent to ESET. After accepting the EULA, click Next.
4. Select the components to install and click Next.
• The ESET PROTECT 8.1 All-in-one installer installs Microsoft SQL Server Express 2019 by default. If you use an older Windows edition (Server 2012 or SBS 2011), Microsoft SQL Server Express 2014 will be installed by default. The installer automatically generates a random password for database authentication (stored in
%PROGRAMDATA%\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration\startupconfig uration.ini
).
• If you already have another supported version of Microsoft SQL Server or MySQL installed, or you plan to connect to a different SQL Server, deselect the check box next to Microsoft SQL Server Express.
• Do not install SQL Server on a Domain Controller (for example, Windows SBS / Essentials). We recommend that you install ESET PROTECT on a different server or do not select the SQL Server Express component during installation (this requires you to use your existing SQL or MySQL Server to run the ESET PROTECT database).
11
Add custom HTTPS certificate for Webconsole
• Select this option if you want to use a custom HTTPS certificate for the ESET PROTECT Web Console.
• If you do not select this option, the installer automatically generates a new Tomcat keystore (a self-signed
HTTPS certificate).
Important
The Apache HTTP Proxy option is intended only for smaller or centralized networks without roaming clients. If you select this option, the installer configures clients to tunnel communication with ESET via a proxy installed on the same machine as the ESET PROTECT Server. This connection will not work if there is no direct network visibility between clients and the ESET PROTECT Server.
• Using HTTP Proxy can save much bandwidth on data downloaded from the Internet and improve download speeds for product updates. We recommend selecting the check box next to Apache HTTP Proxy if you manage more than 37 computers from ESET PROTECT. You can also choose to install Apache HTTP Proxy later .
• For more information, see What is Apache HTTP Proxy?
and The differences between Apache HTTP Proxy,
Mirror Tool, and direct connectivity .
• Select Apache HTTP Proxy to install Apache HTTP Proxy, create and apply policies (named HTTP Proxy
Usage, applied on the group All) for the following products: o ESET Endpoint for Windows o ESET Endpoint for macOS (OS X) and Linux o ESET Management Agent o ESET File Security for Windows Server (6+) o ESET Server Security for Windows (8+) o ESET Shared Local Cache
The policy enables HTTP Proxy for affected products. HTTP Proxy host is the ESET PROTECT Server's local IP address and port 3128. Authentication is disabled. You can copy these settings to another policy if you need to set up additional products.
12
13
5. If you have selected Add custom HTTPS certificate for Webconsole, click Browse and select a valid
Certificate (.pfx or .p12 file) and type its Passphrase (or leave the field blank if there is no passphrase). The installer will install the certificate for Web Console access on your Tomcat server. Click Next to continue.
6. If errors are found during the prerequisites check, address them accordingly. Make sure your system meets all prerequisites .
Install .NET Framework
14
No Java found / Java (64-bit) detected
If you have multiple Java versions installed on your system, we recommend that you uninstall older Java versions and keep only the latest supported Java version.
15
Warning
Starting January 2019, Oracle JAVA SE 8 public updates for business, commercial or production use require a commercial license. If you do not purchase a JAVA SE subscription, you can transition to a no-cost alternative. See the supported versions of JDK .
a)To select the already installed Java, click Select a Java installation, select the folder where Java is installed (with a subfolder
bin
, for example,
C:\Program Files\Amazon Corretto\jdk1.8.0_212
) and click
OK. The installer prompts you if you have selected an invalid path.
b)Click Install to continue or change to change the Java installation path.
There is only 32 MB free on a system disk
• The installer may display this notification if your system does not have enough disk space for ESET PROTECT to install.
• You must have at least 4,400 MB of free disk space to install ESET PROTECT and all its components.
ESET Remote Administrator 5.x or older is installed on the machine
The direct upgrade is not supported - see Migration from ERA 5.x
.
7. When the prerequisites check is complete and your environment meets all requirements , the installation will begin. Be aware that installation can take over an hour, depending on your system and network configuration.
Note
When the installation is in progress, the ESET PROTECT installation Wizard is unresponsive.
16
17
8. If you chose to install Microsoft SQL Server Express in step 4, the installer will perform a database connection check. If you have an existing database server, the installer will prompt you to enter your database connection details:
Configure the connection to SQL/MySQL Server
Enter your Database name, Hostname, Port number (you can find this information in Microsoft SQL Server
Configuration Manager), and Database account details (Username and Password) into the appropriate fields and then click Next. The installer will verify the database connection. If you have an existing database from a previous
ERA/ESMC/ESET PROTECT installation on your database server, it will be detected. You can choose to Use the
existing database and apply upgrade or Remove existing database and install a new version.
Use Named Instance - If you are using an MS SQL database, you can select the Use Named Instance check box to use a custom database instance. You can set it in the Hostname field in the form
HOSTNAME\DB_INSTANCE
(for example,
192.168.0.10\ESMC7SQL
). For clustered database, use only the cluster name. If this option is selected, you cannot change the database connection port - the system will use default ports determined by Microsoft. To connect the ESET PROTECT Server to the MS SQL database installed in a Failover Cluster, enter the cluster name in the Hostname field.
Note
There are two options when entering Database account information. You can use a dedicated
database user account with access to the ESET PROTECT database only, or you can use an SA
account (MS SQL) or root account (MySQL). If you decide to use a dedicated user account, you need to create an account with specific privileges. For details, see the Dedicated database user account . If you do not intend to use a dedicated user account, enter your administrator account (SA or root).
If you entered the SA account or root account in the previous window, click Yes to continue using the SA/root account as the ESET PROTECT database user.
18
If you click No, you must select Create new user (if you have not already created one) or Use existing user (if you have a dedicated database user account ).
19
9. The installer will prompt you to enter a password for the Web Console Administrator account. This password is important – you will use it to log into the ESET PROTECT Web Console . Click Next.
10. Leave the fields as they are or type in your corporate information to appear in the details of the ESET
Management Agent and the ESET PROTECT Server certificates. If you choose to enter a password in the
Authority password field, be sure to remember it. Click Next.
20
11. Enter the valid License Key (included in the new purchase email you received from ESET) and click Next. If you use legacy license credentials (Username and Password), convert the credentials to a License Key.
Alternatively, you can choose to Activate later (see the Activation chapter for additional instructions).
12. You will see the installation progress.
21
13. If you selected to install the Rogue Detection Sensor, you will see the installation windows for the
WinPcap driver. Make sure to select the check box Automatically start the WinPcap driver at boot time.
14. When the installation is complete, "ESET PROTECT components were installed successfully" will be displayed in addition to your ESET PROTECT Web Console URL address. Click the URL to open the Web
Console , or click Finish.
If the installation is not successful:
• Review the installation log files in the All-in-one installation package. The logs directory is the same as the directory for the All-in-one installer, for example:
C:\Users\Administrator\Downloads\x64\logs\
• See Troubleshooting for additional steps to resolve your issue.
Post-installation steps
After you install ESET PROTECT, you can start the configuration.
First steps after ESET PROTECT server deployment
1.Connect to the
22
2.Read the
instructions.
3.Add your license(s) .
Deploy the ESET Management Agent and ESET endpoint products
to computers in your network.
Note
can help you with the initial configuration of ESET PROTECT.
With the ESET PROTECT server installed on your server and ESET endpoint solutions installed on clients, you can start managing your network. Refer to the Administrator Guide for more information on how you can manage
ESET Endpoint products.
Additional recommended steps
•
to monitor the status of client computers in your environment, for example, if you want to receive a notification about certain events or view or download a report.
• Configure an
connection. This configuration is optional if you want to receive
or
• Create a new ESET PROTECT Web Console user .
Deploy ESET Management Agent and ESET endpoint products
After the successful installation of ESET PROTECT, it is necessary to deploy the ESET Management Agent and ESET endpoint products to computers in your network.
Deployment consists of the following steps:
1.
2.
Install the deployment package
See also other deployment options . For larger networks, we recommend that you use
23
Deployment package creation
The procedure of creating an All-in-one installer (including ESET Management Agent and an ESET security
product) package is similar to a Startup Wizard .
Click Other Deployment Options in the Quick Links section of the menu bar. In the Deploy Agent window, click
Create installer under Create All-in-one installer (Windows only). The Create All-in-one installer window will open.
Important
The installer package is an .exe
file and is valid for Microsoft Windows operating systems only.
Basic
Deselect the check box Participate in product improvement program if you do not agree to send crash reports and telemetry data to ESET. If the check box is left selected, telemetry data and crash reports will be sent to ESET.
Package contents - Select the check box(es) from the following options:
• Management Agent - If you do not select other items in the Package contents, the installer will include only the ESET Management Agent. Select this option if you want to install the ESET security product on the client computer later, or if the client computer already has an ESET security product installed.
• Security Product - Include the ESET security product with the ESET Management Agent. Select this option if the client computer does not have any ESET security product installed and you want to install it with the
ESET Management Agent.
• Full Disk Encryption - Encryption option is visible only with active ESET Full Disk Encryption license.
• Enterprise Inspector Agent - Include ESET Enterprise Inspector Agent in the installer.
Security Product
1. License (Optional) - you can add a license using one of the methods described in License Management . If you already have existing licenses in
License Management , simply choose the license that will be used to
activate the ESET security product during the installation. If you do not choose a license, you can create an installer without it and activate the product later . Addition/removal of a license is only allowed to be done by the Administrator whose home group is set to All and who has Write permission on licenses in that group.
2. Product - Select an ESET security product that will be installed together with ESET Management Agent.
Note
If you do not see any product installation files, make sure you have the repository set to
AUTOSELECT. For more information, see the Advanced settings section of Server settings .
24
3. Language - Select the language version of the ESET security product installer.
4. Optionally, you can select a Policy that will be applied on the ESET security product during its installation.
5. Protection settings - select the check box next to the setting to enable it for the installer: oEnable The ESET LiveGrid® feedback system (recommended)
oEnable detection of potentially unwanted applications - Read more in our Knowledgebase article .
Select the check box next to Do not define Protection settings right now (not recommended) if you do not want to define the protection settings for the installer and you want to set them via policy later.
6. Select the check box I accept the terms of the application End User License Agreement and acknowledge
the Privacy Policy. See End User License Agreement (EULA), Terms of Use and Privacy Policy for ESET products for more information.
Enterprise Inspector Agent
ESET Enterprise Inspector Agent requirements:
• You must have a ESET Enterprise Inspector license to activate ESET Enterprise Inspector Agent.
• A compatible ESET security product installed on the managed computer.
1. License (optional) - ESET recommends that you select the ESET Enterprise Inspector license to activate ESET
Enterprise Inspector Agent during the installation. If you create the installer without the license, you can activate ESET Enterprise Inspector Agent later.
2. Product/Version - Select the version of ESET Enterprise Inspector Agent. The latest available version is preselected.
3. Configuration Policy (optional) - Select an existing ESET Enterprise Inspector Agent policy to apply policy settings during the ESET Enterprise Inspector Agent installation.
4. Select the check box I accept the terms of the application End User License Agreement and acknowledge
the Privacy Policy. See End User License Agreement (EULA), Terms of Use and Privacy Policy for ESET products for more information.
5. Type the ESET Enterprise Inspector Server hostname and the connection port specified during the ESET
Enterprise Inspector server installation (the default port is 8093).
6. Select the Certification Authority for connection to the ESET Enterprise Inspector server.
Certificate
A Peer Certificate and ESET PROTECT Certification Authority are chosen automatically based on the available certificates. To use a different certificate than the one automatically selected, click ESET PROTECT Certificate to see a list of available certificates and then select the one you want to use. To use your own Custom certificate , click the radio button and upload a .pfx
certificate file.
Enter your Certificate passphrase if needed. For example, if you have specified the passphrase during the installation of ESET PROTECT, or if you are using a Custom certificate with a passphrase. Otherwise, leave the
Certificate passphrase field blank.
25
Warning
The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.
Important
Be aware that it is possible to extract the Certificate passphrase because it is embedded in the
.exe
file.
Advanced
In this section, you can customize the All-in-one installer package:
1. Optionally, you can change the Name and enter a Description for the package installer.
2. Click Select tags to assign tags .
3. Parent group (optional) - Select the Parent group where the computer will be placed after installation. You can select an existing static group or create a new static group to which the device will be assigned after the installer is deployed.
4. ESET AV Remover - Select the check box to uninstall or completely remove other antivirus programs on the target device.
5. Initial installer configuration (Optional) - Use this option to apply configuration policy to ESET Management
Agent. Click Select under Agent configuration (optional) and choose from the list of available policies. If none of the pre-defined policies are suitable, you can create a new policy or customize the existing ones.
6. Server hostname (optional) - Type the ESET PROTECT Server hostname or IP address. If necessary, you can specify the Port number (default is 2222).
7. If you use an HTTP Proxy, select the check box Enable HTTP Proxy settings and specify the Proxy settings
(Host, Port, Username and Password) to set ESET Management Agent connection to Proxy to enable communication forwarding between ESET Management Agent and ESET PROTECT Server. The Host field is the address of the machine where the HTTP Proxy is running. HTTP Proxy uses the port 3128 by default. You can set a different port if needed. Make sure to set the same port also in the HTTP Proxy configuration.
Important
The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT
Server that requires authentication will not work.
If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.
Enable Use direct connection if HTTP proxy is not available if you want to allow this fallback option.
8. Click Finish.
9. Download the generated All-in-one installation package. Select the version you want to deploy:
26
o Download 32-bit version (for example,
PROTECT_Installer_x86_en_US.exe
) o Download 64-bit version (for example,
PROTECT_Installer_x64_en_US.exe
) o Download ARM64 version (for example,
PROTECT_Installer_arm64.exe
) - You cannot install the x86 or x64 version of ESET Management Agent or ESET security product on Windows ARM64.
Important
All data downloaded from the repository (ESET repository or a custom repository mirror) is digitally signed by ESET and ESET PROTECT Server verifies file hashes and PGP signatures. ESET PROTECT
Server generates the All-in-one installer locally. Therefore, the All-in-one installer is not digitally signed, which might generate a web browser warning during the installer download or generate an operating system alert and prevent the installation on systems where unsigned installers are blocked.
Note
The ESET Endpoint Antivirus/Security installer created in ESET PROTECT 8.1 and later supports
Windows 10 Enterprise for Virtual Desktops and Windows 10 multi-session mode.
10. Run the installation package file on a client computer. It will install the ESET Management Agent and the
ESET security product on the device and connect the device to ESET PROTECT. For step-by-step instructions,
see the deployment package installation . You can
run the installation package in silent mode to hide the setup wizard window.
Deployment package installation
You can create this installer package in ESET PROTECT .
• The installer package comes via
.exe
file and is only valid for Windows operating system.
• If you run the installer on a client machine where ESET security product or ESET Management Agent is already installed, the installer will upgrade it to the version in the installer.
• You must execute the installer using the built-in Administrator account or a domain Administrator account (if the built-in Administrator account is disabled). Any other user, even a member of the
Administrators group, will not have sufficient access rights. Therefore, you need to use the built-in
Administrator account. You cannot complete the installation under any other user account than the local or domain Administrator.
• All data downloaded from the repository (ESET repository or a custom repository mirror) is digitally signed by ESET and ESET PROTECT Server verifies file hashes and PGP signatures. ESET PROTECT Server generates the All-in-one installer locally. Therefore, the All-in-one installer is not digitally signed, which might generate a web browser warning during the installer download or generate an operating system alert and prevent the installation on systems where unsigned installers are blocked.
Installation process
• If you want to run the installer without displaying a dialog, follow the silent installation instructions .
• If an error has occurred during installation, see the troubleshooting section for the most common installation errors.
1. Run the installer package.
27
Make sure to uninstall any third-party security product from your computer before installing the ESET security product.
• If you selected to include ESET AV Remover when creating the installation package, ESET AV Remover will help you uninstall or completely remove third-party security software: a)Select the I want to uninstall incompatible security products check box to remove/uninstall thirdparty security software running or installed on your computer. Check the list of supported software .
b)Click Continue.
c)After scanning installed applications, select the check box next to the application(s) you want to remove and click Remove. See our Knowledgebase article about ESET AV Remover for details.
d)Once ESET AV Remover uninstalls third-party security software, or if you have not removed any application, click Continue to installation.
• If you do not use any third-party security product on your local computer, click Continue.
28
2. Protection settings - select the check box next to the setting to enable it for the installer: oEnable The ESET LiveGrid® feedback system (recommended)
oEnable detection of potentially unwanted applications - Read more in our Knowledgebase article .
3. After the installation is complete, click Done. The ESET security product will open automatically. You can check the status log
(
C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html
this location is hidden by default) on the client machine to make sure the ESET Management Agent is working properly. If there are problems with the installed ESET Management Agent (for example, it is not connecting to the ESET
PROTECT Server), see Agent connection troubleshooting .
Troubleshooting
If an error has occurred during installation, see the troubleshooting section for the most common installation errors.
Other deployment methods
You can deploy the ESET Management Agent and ESET endpoint products separately and in multiple ways.
Deploy the ESET Management Agent
Local deployment:
•
- The package contains the ESET Management Agent and an ESET security product.
• Agent Live Installer
• Download the Agent from the ESET website and use server-assisted installation or offline installation.
Remote deployment (recommended for larger networks):
29
• ESET Remote Deployment Tool - Deploy the
installer remotely.
• Group Policy Object (GPO)
• Agent Deployment Server task
Deploy ESET endpoint products
After the ESET Management Agent is deployed, you can install an ESET endpoint product directly from ESET
PROTECT in two ways:
• Using the Software install task
• Locally, using the standard ESET product installation
ESET Remote Deployment Tool
The ESET Remote Deployment Tool is a convenient way to distribute the
created by ESET
PROTECT to deploy ESET Management Agent and ESET security products remotely on computers over a network.
The ESET Remote Deployment Tool is available for free on the ESET website as a standalone ESET PROTECT
Component. The deployment tool is meant mainly for deployment on small to medium networks and is executed under admin privileges.
Note
The ESET Remote Deployment Tool is dedicated to deploy ESET Management Agent to client computers with supported Microsoft Windows operating systems only.
ESET Remote Deployment Tool prerequisites
Important
For remote deployments, verify all client computers have an internet connection.
The following prerequisites must be met to use ESET Remote Deployment Tool on Windows:
• ESET PROTECT Server and the ESET PROTECT Web Console must be installed (on a Server computer).
• Appropriate ports must be opened. See ports used for remote deployment of ESET Management Agent to a target computer with Windows OS .
• The names of installation packages must include string "x86" or "x64". Otherwise the deployment will not work.
• A bundle (All-in-one) installer package must be created and downloaded to your local drive.
• It is necessary to have permissions to create All-in-one installer .
30
Note
The deployment may fail due to a number of reasons. In case of any problems with deployment, read the Troubleshooting chapter or verified example scenarios of ESET Management Agent deployment .
To deploy ESET Management Agents on client computers follow these steps:
1. Download the ESET Remote Deployment Tool from the ESET website.
2. Make sure all prerequisites
are met.
3. Run the ESET Remote Deployment Tool on the client computer.
4. Select Add computers manually. You will need to manually enter the list of hostnames or IP addresses.
5. Enter the hostnames or IP addresses and click Next. Each IP address or hostname must be on a new line.
Important
Make sure that all selected computers have the same platform (64-bit or 32-bit operating systems).
6. Selected computers for remote deployment will be displayed. Make sure all computers are added and then click Next.
7. Click Browse and select the bundle installer package you created in ESET PROTECT or ESET PROTECT Cloud
Web Console. You can also select Use ESET offline install package (.dat file) created from the ESET PROTECT
Live Installer. If you do not have any additional security applications installed on your local computer, deselect the check box next to Use ESET AV Remover. ESET AV Remover can remove certain applications .
8. Enter login credentials for the target computers. If computers are members of a domain, enter domain
administrator credentials. If you log in with local administration credentials, it is necessary to disable remote
UAC on the target computers . Optionally, you can select the check box next to Use current user credentials and login credentials will be automatically completed.
9. Deployment method is used to execute programs on remote machines. Built-in method is a default setting which supports Windows error messages. PsExec is a third-party tool and it is an alternative to the built-in method. Select one of these options and click Next.
31
Important
If you have selected PsExec, the deployment will fail, because the tool is unable to accept the
PsExec EULA. For a successful deployment, open the command line and run the PsExec command manually.
10. When the installation is started, "Success" will be displayed. Click Finish to complete the deployment. If deployment fails, you can export a list of failed computers. Click Browse next the Export failed computers field, select a .txt
file to which you want to save the list and then click Export failed computer.
You can check the status log (
C:\ProgramData\ESET\RemoteAdministrator\Agent\Logs\status.html
) on the client machine to make sure ESET Management Agent is working properly.
Other methods how to deploy ESET Management Agents by ESET Remote
Deployment Tool
• Active Directory - Provide Active Directory credentials. This option includes an export of Active Directory structure for subsequent import to ESET PROTECT.
32
• Scan Network - Provide IP ranges to scan computers in the network.
• Import list - Provide list of hostnames or IP addresses.
Troubleshooting
Note
The deployment may fail due to a number of reasons. In case of any problems with deployment, read the Troubleshooting chapter or verified example scenarios of ESET Management Agent deployment .
ESET PROTECT Web Console
Log in to the ESET PROTECT Web Console
• On your local Windows server (the machine hosting your Web Console):
Click Start > All Programs > ESET > ESET PROTECT Web Console.
• From any place with internet access to your web server, type the URL in the following format (Replace
"yourservername" with the actual name or IP address of your web server): https://yourservername/era/
A log-in screen opens in your default web browser. If an SSL certificate warning is displayed, add the certificate exception to your web browser.
Important
Use a supported web browser to connect to the ESET PROTECT Web Console.
When you log into the Web Console for the first time, a
Startup Wizard for ESET PROTECT is displayed, and you
can use the wizard to deploy ESET Management agents to computers in your network.
ESET PROTECT Web Console user interface
The ESET PROTECT Web Console user interface consists of several parts:
• You can use the Search tool at the top of the ESET PROTECT Web Console.
• Click Quick Links to perform some of the most commonly used Web Console actions.
• If you need help when working with ESET PROTECT, click the Help in the top right corner and click
<Current topic> - Help. The respective help window for the current page is displayed.
• The upper right corner displays the current
with the user session timeout countdown. You can click
Logout to log out at any time. When a session times out (because of user inactivity), you must log in again.
33
• The main menu on the left side of Web Console contains tools that administrators can use to manage client security solutions and ESET PROTECT server settings. You can use the tools under More to configure
your network environment and minimize maintenance needs. You can also configure notifications and
dashboards to stay aware of the network status.
The topics below describe the main menu items:
More >
More >
More >
More >
More >
34
Startup Wizard
When you log into the Web Console for the first time, a Startup Wizard for ESET PROTECT will appear and you can use it to deploy ESET Management Agents to computers in your network. The wizard will give you a basic explanation of important ESET PROTECT Web Console sections.
The last step of the Startup Wizard called Deployment helps you create an All-in-one installer package (containing
without using the wizard by clicking Other Deployment Options in the Quick Links section.
35
Note
You can view the Startup Wizard again by clicking Help > Startup Wizard.
Dashboard
Dashboard is the default screen that displays after the user logs into the ESET PROTECT Web Console. It displays pre-defined reports about your network. You can switch between dashboards using the tabs on the top menu bar.
Each dashboard consists of several reports.
36
You can customize your dashboards (except the Status Overview and Security Overview) by adding
modifying existing reports, resizing, moving and re-arranging reports. This flexibility allows you to create a
comprehensive overview of ESET PROTECT and its objects ( computers
,
, etc.).
The following dashboards come pre-configured in ESET PROTECT:
• Status Overview - Basic dashboard window with the key information about your ESET PROTECT network.
This dashboard cannot be modified.
• Security Overview - This dashboard provides an overview of unresolved detections reported in the last 7 days, including their severity, detection method, resolution status and top 10 computers/users with detections. This dashboard cannot be modified.
• Computers - This dashboard gives you an overview of client machines - their protection status, operating systems, update status, etc.
• Server Performance Status - This dashboard lets you view information about the ESET PROTECT server itself - server load, clients with problems, CPU load, database connections, etc.
• Antivirus detections - Here you can see reports from the anti-virus module of the client security products active detections, detections in the last 7/30 days and so on.
• Firewall detections - Firewall events of the connected clients - according to their severity, time of reporting, etc.
• ESET applications - This dashboard lets you view information about installed ESET applications.
• Dynamic Threat Defense - If you are using the ESET Dynamic Threat Defense , you can find here an overview of useful ESET Dynamic Threat Defense and ESET LiveGrid® reports.
37
Computers
All client computers that are reachable by ESET PROTECT are displayed in Computers and organized by
Clicking a group from the list (left pane) displays the members (clients) of this group in the right pane. You can drag-and-drop clients to move them between groups.
Manage computers
Click a device to open a new menu with actions available for that device. You can also select the check box next to a device and click Actions on the bottom bar. The Actions menu displays different options depending on the type of device.
Filter computers
Note
If you cannot find a specific computer in the list and know it is in your ESET PROTECT infrastructure, make sure to disable all filters.
You can filter the clients (computers) using the filters at the top of the page:
• Select the Show Subgroups check box to show subgroups of the currently selected group.
• Clicking Add Filter shows the available filtering criteria. A few predefined filters are also available and quickly accessible.
• You can click Add Filter > Product Category and select from the available categories:
38
o All Devices - Display all client computers without filtering. You can use a combination of all the above filtering options when narrowing down the view.
o ESET Protected - Display clients protected by an ESET product.
o ESET PROTECT - Display individual ESET PROTECT components such as Agent, RD Sensor, and Proxy.
o Other - Display only client computers running the selected product (Shared Local Cache, Virtual Security
Appliance, or Enterprise Inspector).
• You can use the status icons to filter clients by the severity of issues detected ( red for errors, yellow for warnings, green for notices, and gray for unmanaged computers). The status icon represents the current status of a specific client computer and the ESET solution installed on it. You can hide or show the status icons of different severity to evaluate clients on your network by status. For example, to see only the computers with warnings, activate only the yellow icon (the rest of the icons must be inactive). To see both warnings and errors, activate the red and yellow status icons. Unmanaged computers (clients on the network that do not have the ESET Management Agent or an ESET security product installed) usually appear in the Lost & found static group.
• You can also click the header of a column to sort computers by that attribute.
Last Connected displays the date and time of last connection of the managed device. The Last Connected information gets highlighted to indicate that the computer is not connecting: o Yellow (error) - computer is not connecting for 2-14 days.
o Red (warning) - computer is not connecting for more than 14 days.
Groups
You can manage groups from Computers
. Groups enable you to organize endpoints on your network so that
to them systematically. The setting applies to all the group members. Computers that are members of a group are listed on the right pane. Click the gear icon next to a group name to see the available group actions and group details.
39
There are two types of groups: static groups and dynamic groups.
Static Groups
• Static groups are groups of selected client computers and other objects.
• All mobile and computer devices are located in a static group.
• You can manually select which endpoints belong to any static group.
• An object can only be present in one static group.
• Static groups play an important role in the
.
Dynamic Groups
• You can understand dynamic groups as custom filters where one can set rules to filter computers accordingly.
• Dynamic groups are template-based and automatically include endpoints that meet the criteria established in your template.
• If a client device does not meet the criteria, it is automatically removed from the dynamic group.
• A computer can be in various dynamic groups at the same time or in none at all.
Knowledgebase articles are available to help you add computers to static groups , create new dynamic group templates , and assign a policy to a group .
You can find additional information on groups in Groups .
40
Detections
To access detection reports, click Detections in the Web Console menu on the left. The Detections panel gives you an overview of all detections found on computers in your network.
You can browse groups and view detections on members of a given group. You can filter the view; all detection types from the last seven days are visible by default. Detections can be Marked as resolved in the Detections section or under details for a specific client.
Detections are aggregated by time and other criteria to simplify their resolution. Detections older than 24 hours are aggregated automatically every midnight. You can identify aggregated detections by the X/Y (resolved items/total items) value in the Resolved column. You can see the list of aggregated detections in the Occurrences tab in detection details.
You can find the quarantined detections in More > Quarantine
.
Exclusions
You can exclude selected item(s) in Detections from being detected in the future. Click a detection and select
Create Exclusion. You can exclude only Antivirus detections and Firewall detections - IDS rules . You can create an exclusion and apply it to more computers and groups.
Warning
Use exclusions with caution. They may result in an infected computer.
The More > Exclusions section contains all created exclusions, increases their visibility, and simplifies their management.
41
Detections in archives
If one or more detections are found in an archive, the archive and each detection inside the archive are reported in Detections.
Warning
Excluding an archive file that contains a detection does not exclude the detection. You must exclude the individual detections inside the archive.
The excluded detections will not be detected anymore, even if they occur in another archive or are unarchived.
Ransomware Shield
ESET business products (version 7 and later) include Ransomware Shield. This new security feature is a part of
HIPS and protects computers from ransomware. When ransomware is detected on a client computer, you can view the detection details in the ESET PROTECT Web Console under Detections. To filter only ransomware detections, click Add Filter > Scanner > Anti-Ransomware scanner. For more information about Ransomware
Shield, see the ESET Glossary .
You can remotely configure Ransomware Shield from the ESET PROTECT Web Console using the Policy settings for your ESET business product:
• Enable Ransomware Shield - The ESET business product automatically blocks all the suspicious applications that behave like ransomware.
• Enable Audit Mode - When you enable the Audit Mode, detections identified by the Ransomware Shield are reported in the ESET PROTECT Web Console, but the ESET security product does not block them. The administrator can decide to block the reported detection or exclude it by selecting Create Exclusion . This
Policy setting is available only via ESET PROTECT Web Console.
Important
By default, Ransomware Shield blocks all applications with potential ransomware behavior, including legitimate applications. We recommend that you Enable Audit Mode for a short period on a new managed computer, so that you can exclude legitimate applications that are detected as ransomware based on their behavior (false positives). We do not recommend that you use the Audit
Mode permanently, because ransomware on the managed computers is not automatically blocked when Audit Mode is enabled.
Reports
Reports allow you to access and filter data from the database in a convenient way. Reports have categories, and each category includes a short description.
To access reports, click Reports in the Web Console menu on the left, select the desired report template (a tile with a description and action) for which you want to view the report, and click the (gear icon) > Generate
Now.
42
Note
By default, all report templates are only accessible to the administrator. Other
cannot see or use these templates unless assigned sufficient permission (or unless templates are in another location).
To receive reports via email, you must configure an
SMTP server connection properly.
See the ESET Knowledgebase article for step-by-step instructions to configure automated reports in ESET
PROTECT.
Tasks
You can use tasks to manage the ESET PROTECT server, client computers, and ESET products. Tasks can automate routine jobs. Task targets can be individual
Tasks enable you to assign specific procedures to individual clients or groups of clients.
In addition to the Tasks window, you can create tasks from context menus in Computers
. To see the status of executed tasks, click Tasks, and observe whether tasks have finished successfully.
43
The Tasks section of the ESET PROTECT Administrator Guide contains information about how to create, assign, and schedule new tasks.
The ESET Knowledgebase has examples of procedures to configure specific tasks, such as:
• Send a wake-up call to client computers to execute a task immediately in ESET PROTECT .
• Change the agent connection interval for client computers in ESET PROTECT .
• Use a Software Install client task to deploy or upgrade ESET endpoint products .
• Synchronize ESET PROTECT with Active Directory .
Policies
You can use policies to manage client computers. Policies are sets of configuration rules you can apply to ESET products running on client computers so that you can avoid configuring each client's ESET product manually. You
can apply a policy directly to individual computers
and
groups . You can also assign multiple policies to a
computer or a group.
44
Follow the steps from the ESET Knowledgebase article to create a new policy and assign it to a group.
Policies are applied in the order that static groups are arranged. This rule is not valid for dynamic groups, where child dynamic groups are traversed first so that you can apply policies with greater impact at the top of the group tree and apply more specific policies for subgroups.
Note
ESET recommends that you assign more generic policies (for example, the update server) to groups that are higher within the group tree. You should assign more specific policies (for example, device control settings) farther down in the group tree.
Refer to the Policies section of the ESET PROTECT Administrator Guide to learn more about managing and applying policies and about policy removal rules.
Notifications
You can configure automatic notifications based on specific events such as reported detections, out-of-date endpoints, and more. See the Notifications section of the ESET PROTECT Administrator guide or our
Knowledgebase article for more information about how to configure and manage notifications.
45
To receive notifications via email, you need to configure an SMTP server connection properly.
ESET PROTECT can automatically send email reports and notifications. Enable Use SMTP server, click More >
Server Settings > Advanced Settings > SMTP Server and specify the following:
• Host - Hostname or an IP address of your SMTP server
• Port - SMTP uses port 25 by default, but you can change it if your SMTP server uses a different port.
• Username - If your SMTP server requires authentication, specify the SMTP user account name (do not include the domain as this will not work).
• Password - The password associated with the SMTP user account
• Connection security type - Specify the connection type, the default is Not secured, but if your SMTP server allows for secure connections, choose TLS or STARTTLS. If you want to make your connection more secure, use a STARTTLS or a SSL/TLS extension, because they use a separate port for encrypted communication.
• Authentication type - The default is set to No authentication. However, you can select the appropriate
Authentication type from the drop-down list (for example, Login, CRAM-MD5, CRAM-SHA1, SCRAM-SHA1,
NTLM, or Automatic)
• Sender address - Specify the sender address that will be displayed in the header of notification emails
(From:)
• Test SMTP server - This is to make sure the SMTP settings are correct. Click Send test email to open a pop-up window. Type the recipient's email address, and the test email message will be sent via the SMTP server to this address. Check the recipient's mailbox to verify that the test email was delivered.
46
Example
You can use Gmail as the SMTP server if you have a Gmail account. Use the settings below:
Setting Value
Use SMTP server
Host
Port
Username
True
smtp.gmail.com
465 ( TLS ) or 587 ( STARTTLS )
your Gmail address
Password
your Gmail password
Connection security type TLS or STARTTLS
Authentication type Automatic
Sender address
your Gmail address
If sending of emails fails, you may need to allow less secure apps in your Gmail account or unlock your Gmail account.
Status overview
The ESET PROTECT server performs periodic diagnostics checkups.
1.Click Status Overview to see detailed status information about ESET PROTECT. Use the Status
Overview to see usage statistics and the general status of your ESET PROTECT. It can also help you with the initial configuration of ESET PROTECT.
2.Click a section tile to display a taskbar on the right with actions.
47
Quarantine
The Quarantine section is in the Web Console under More > Quarantine. This section shows all files quarantined on client devices.
You should quarantine files if you cannot clean them, if it is not safe or advisable to delete them, or an ESET product falsely detects them.
Note
Not all detections found on client devices are moved to quarantine. Detections that are not quarantined include:
• Detections that cannot be deleted
• Detections that are suspicious based on their behavior, but are not identified as malware, for example, PUAs
See also the ESET Knowledgebase article about quarantine management.
License management
Select More > License Management to manage your licenses.
48
To add a new license to ESET PROTECT:
1.Click More > License Management and click Actions > Add Licenses.
2.Select the method you want to use to add your new license(s): a.ESET Business Account or ESET MSP Administrator - Synchronize the licenses from your ESET
Business Account or ESET MSP Administrator account with the ESET PROTECT Web Console. You can import the complete structure of your ESET Business Account, including the distribution of license seats among the sites .
b.License Key - Type or copy/paste the license key you received when you purchased your ESET security solution in the License Key field.
c.Offline License File.
3.Click Add licenses.
49
Note
ESET PROTECT supports the management of subscription licenses. You can add a license using ESET
Business Account, ESET MSP Administrator, or a license key. You can verify your subscription's validity under License Management in the Validity column or by clicking Computers > Show
Details .
Users and permission sets
ESET PROTECT security model
These are key terms used in the security model:
Term Explanation
Home group The home group is where all objects (devices, tasks, templates, and so on) a user creates are automatically stored. Each user must only have one home group.
50
Object Each object (computer, task, policy, report, or notification) is in a
. Access to objects is by groups, not users (providing access by group makes it easy to accommodate multiple users, for example, if one user is on holiday).
Access group An access group is a static group that enables users to filter the object location based on access rights.
Administrator An administrator is a user with the home group All and a full permission set over the group.
Access right The right to access an object or to execute a task is assigned with a permission set.
Permission set A permission set represents the permissions for users who access the ESET PROTECT Web
Console. A permission set defines what a user can see or do in the ESET PROTECT Web Console.
A user can be assigned multiple permission sets. Permission sets are applied only to objects in defined static groups.
Functionality Functionality is one type of object or action. Typically, functionality gets these values: Read,
Write, or Use. The combination of functionality applied to an access group is called a permission set.
For more detailed information, see Access Rights in the ESET PROTECT Administration Guide.
Create a new ESET PROTECT Web Console user
everything) as the only user.
Important
ESET does not recommend using the default administrator user account. You should create another administrator account . You can also create additional users with narrower access rights based on your desired competencies.
Certificates
Certificates
Certificates are an essential part of ESET PROTECT. They serve for secure communication between ESET PROTECT components and the ESET PROTECT server and to establish a secure connection of the ESET PROTECT Web
Console. You can manage ESET PROTECT certificates in More > Peer Certificates.
Note
You can use certificates that are automatically generated during ESET PROTECT installation
.
Certification authorities
A certification authority legitimizes certificates distributed from your network. In an enterprise setting, a public key serves for an automatic association of client software with the ESET PROTECT server to enable the remote installation of ESET products. You can manage ESET PROTECT certification authorities in More > Certification
Authorities.
51
Important
All peer certifications must be valid and signed by the same certification authority to ensure that all components can communicate correctly.
For more information about certificates and the certification authority, read the ESET Knowledgebase article or
Online Help .
Help and support
ESET is constantly working to update and improve ESET PROTECT and ESET endpoint products.
o The ESET Knowledgebase is a searchable repository of support articles designed to help you resolve issues and answer questions.
o The ESET user Forum is monitored by ESET staff and allows ESET users to share issues they are having and find solutions.
o The ESET Knowledgebase video channel contains video walkthroughs of common procedures for ESET products.
o Visit ESET Support News and Customer Advisories for the latest announcements about ESET product features and upgrades.
o You can open a case with ESET Customer Care at any time if you are not able to resolve an issue or find the answer to your question.
You can also refer to the ESET PROTECT Installation guide (including upgrade, migration and troubleshooting),
Administration guide (ESET PROTECT management with ESET PROTECT Web Console) and Virtual Appliance guide
(ESET PROTECT in a hypervisor) for more detailed information.
End User License Agreement
IMPORTANT: Please read the terms and conditions of product application set out below carefully prior to download, installation, copy or use. THROUGH DOWNLOADING, INSTALLING, COPYING OR USING THE
SOFTWARE YOU ARE EXPRESSING YOUR CONSENT TO THESE TERMS AND CONDITIONS AND YOU
.
End User License Agreement
Under the terms of this End User License Agreement (hereinafter referred to as "the Agreement") executed by and between ESET, spol. s r. o., having its registered office at Einsteinova 24, 85101 Bratislava, Slovak Republic, registered in the Commercial Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B,
Business Registration Number: 31333532 (hereinafter referred to as "ESET" or "the Provider") and you, a physical person or legal entity (hereinafter referred to as "You" or "the End User"), You are entitled to use the Software defined in Article 1 of this Agreement. The Software defined in Article 1 of this Agreement can be stored on a data carrier, sent via electronic mail, downloaded from the Internet, downloaded from the Provider's servers or obtained from other sources, subject to the terms and conditions specified below.
52
THIS IS AN AGREEMENT ON END USER RIGHTS AND NOT AN AGREEMENT FOR SALE. The Provider continues to own the copy of the Software and the physical media contained in the sales package and any other copies that the End User is authorized to make pursuant to this Agreement.
By clicking on "I Accept" or "I Accept…" while installing, downloading, copying or using the Software, You agree to the terms and conditions of this Agreement. If You do not agree to all of the terms and conditions of this
Agreement, immediately click on the canceling option, cancel the installation or download, or destroy or return the Software, installation media, accompanying documentation and sales receipt to the Provider or the outlet from which You acquired the Software.
YOU AGREE THAT YOUR USE OF THE SOFTWARE ACKNOWLEDGES THAT YOU HAVE READ THIS AGREEMENT,
UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.
1. Software. As used in this Agreement the term "Software" means: (i) computer program accompanied by this
Agreement and all components thereof; (ii) all the contents of the disks, CD-ROMs, DVDs, e-mails and any attachments, or other media with which this Agreement is provided, including the object code form of the
Software supplied on a data carrier, via electronic mail or downloaded via the Internet; (iii) any related explanatory written materials and any other possible documentation related to the Software, above all any description of the Software, its specifications, any description of the Software properties or operation, any description of the operating environment in which the Software is used, instructions for use or installation of the
Software or any description of how to use the Software (hereinafter referred to as " Documentation "); (iv) copies of the Software, patches for possible errors in the Software, additions to the Software, extensions to the
Software, modified versions of the Software and updates of Software components, if any, licensed to You by the
Provider pursuant to Article 3 of this Agreement. The Software shall be provided exclusively in the form of executable object code.
2. Installation, Computer and a License key. Software supplied on a data carrier, sent via electronic mail, downloaded from the Internet, downloaded from the Provider's servers or obtained from other sources requires installation. You must install the Software on a correctly configured Computer, complying at least with requirements set out in the Documentation. The installation methodology is described in the Documentation. No computer programs or hardware which could have an adverse effect on the Software may be installed on the
Computer on which You install the Software. Computer means hardware, including but not limited to personal computers, laptops, workstations, palmtop computers, smart phones, hand-held electronic devices, or other electronic devices for which the Software is designed, on which it will be installed and/or used. License key means the unique sequence of symbols, letters, numbers or special signs provided to the End User in order to allow the legal use of the Software, its specific version or extension of the term of the License in compliance with this
Agreement.
3. License. Subject to the condition that You have agreed to the terms of this Agreement and You comply with all the terms and conditions stipulated herein, the Provider shall grant You the following rights (hereinafter referred to as "License"): a) Installation and use. You shall have the non-exclusive, non-transferable right to install the Software on the hard disk of a Computer or other permanent medium for data storage, installation and storage of the Software in the memory of a computer system and to implement, store and display the Software.
b) Stipulation of the number of licenses. The right to use the Software shall be bound by the number of End
Users. One End User shall be taken to refer to the following: (i) installation of the Software on one computer system; or (ii) if the extent of a license is bound to the number of mail boxes, then one End User shall be taken to refer to a computer user who accepts electronic mail via a Mail User Agent (hereinafter referred to as "MUA"). If
MUA accepts electronic mail and subsequently distributes it automatically to several users, then the number of
End Users shall be determined according to the actual number of users for whom the electronic mail is
53
distributed. If a mail server performs the function of a mail gate, the number of End Users shall equal the number of mail server users for which the said gate provides services. If an unspecified number of electronic mail addresses are directed to and accepted by one user (e.g., through aliases) and messages are not automatically distributed by the client to a larger number of users, a License for one computer shall be required. You must not use the same License at the same time on more than one Computer. The End User is entitled to enter the License key to the Software only to the extent in which has the right to use the Software in accordance the limitation arising from the number of Licenses granted by Provider. The License key is deemed confidential, You must not share the License with third parties or allow third parties to use the License key unless permitted by this
Agreement or Provider. If your License key is compromised, notify Provider immediately.
c) Business Edition. A Business Edition version of the Software must be obtained to use the Software on mail servers, mail relays, mail gateways or Internet gateways.
d) Term of the License. Your right to use the Software shall be time-limited.
e) OEM Software. OEM Software shall be limited to the Computer You obtained it with. It cannot be transferred to a different Computer.
f) NFR, TRIAL Software. Software classified as "Not-for-resale", NFR or TRIAL cannot be assigned for payment and must only be used for demonstration or testing the Software's features.
g) Termination of the License. The License shall terminate automatically at the end of the period for which granted. If You fail to comply with any of the provisions of this Agreement, the Provider shall be entitled to withdraw from the Agreement, without prejudice to any entitlement or legal remedy open to the Provider in such eventualities. In the event of cancellation of the License, You must immediately delete, destroy or return at your own cost, the Software and all backup copies to ESET or to the outlet from which You obtained the Software.
Upon termination of the License, the Provider shall be also entitled to cancel the End User's entitlement to use the functions of the Software, which require connection to the Provider's servers or third-party servers.
4. Functions with data collection and internet connection requirements. To operate correctly the Software requires connection to the Internet and must connect at regular intervals to the Provider's servers or third-party servers and applicable data collection in compliance with Privacy Policy. Connection to the Internet and applicable data collection is necessary for the following functions of the Software: a) Updates to the Software. The Provider shall be entitled from time to issue updates to the Software
("Updates"), but shall not be obliged to provide Updates. This function is enabled under the Software's standard settings and Updates are therefore installed automatically, unless the End User has disabled automatic installation of Updates. For the purpose of provisioning of Updates, License authenticity verification is required including information about Computer and/or the platform on which the Software is installed in compliance with
Privacy Policy.
b) Forwarding of Information to the Provider. The Software contains functions which collect data about the installation process, the Computer and/or the platform on which the Software is installed, information about the operations and functionality of the Software and information about managed devices (hereinafter referred to as
"Information") and then send them to the Provider. The Information may contain data (including randomly or accidentally obtained personal data) concerning managed devices. By activating this function of the Software,
Information may be collected and processed by the Provider as specified in Privacy Policy and in compliance with relevant legal regulations.
The Software requires a component installed on managed computer, which enables transfer of information between managed computer and remote management software. Information, which are subject to transfer contains management data such as hardware and software information of managed computer and managing instructions from the remote management software. Other content of data transferred from managed computer
54
shall be determined by the settings of software installed on managed computer. The content of instructions from management software shall be determined by settings of remote management software.
For the purpose of this Agreement, it is necessary to collect, process and store data enabling the Provider to identify You in compliance with Privacy Policy. You hereby acknowledge that the Provider checks using its own means whether You are using the Software in accordance with the provisions of this Agreement. You hereby acknowledge that for the purpose of this Agreement it is necessary for your data to be transferred, during communication between the Software and the Provider's computer systems or those of its business partners as part of Provider’s distribution and support network to ensure functionality of Software and authorization to use the Software and to protection of the Provider’s rights.
Following conclusion of this Agreement, the Provider or any of its business partners as part of Provider’s distribution and support network shall be entitled to transfer, process and store essential data identifying You for billing purposes, performance of this Agreement and transmitting notifications on your Computer. You hereby agree to receive notification and messages including but not limited to marketing information.
Details about privacy, personal data protection and Your rights as a data subject can be found in Privacy Policy which is available on Provider’s website and accessible directly from the installation process. You can also visit it from Software’s help section.
5. Exercising End User rights. You must exercise End User rights in person or via your employees. You are only entitled to use the Software to safeguard your operations and protect those Computers or computers systems for which You have obtained a License.
6. Restrictions to rights. You may not copy, distribute, extract components or make derivative works of the
Software. When using the Software, You are required to comply with the following restrictions: a) You may make one copy of the Software on a permanent storage medium as an archival back-up copy, provided your archival back-up copy is not installed or used on any Computer. Any other copies You make of the
Software shall constitute breach of this Agreement.
b) You may not use, modify, translate or reproduce the Software or transfer rights to use the Software or copies of the Software in any manner other than as provided for in this Agreement.
c) You may not sell, sub-license, lease or rent or borrow the Software or use the Software for the provision of commercial services.
d) You may not reverse engineer, reverse compile or disassemble the Software or otherwise attempt to discover the source code of the Software, except to the extent that this restriction is expressly prohibited by law.
e) You agree that You will only use the Software in a manner that complies with all applicable laws in the jurisdiction in which You use the Software, including, but not limited to, applicable restrictions concerning copyright and other intellectual property rights.
f) You agree that You will only use the Software and its functions in a way which does not limit the possibilities of other End Users to access these services. The Provider reserves the right to limit the scope of services provided to individual End Users, to enable use of the services by the highest possible number of End Users. Limiting the scope of services shall also mean complete termination of the possibility to use any of the functions of the
Software and deletion of Data and information on the Provider's servers or third-party servers relating to a specific function of the Software.
g) You agree not exercise any activities involving use the License key, contrary to the terms of this Agreement or leading to provide License key to any person who is not entitled to use the Software, such as the transfer of used
55
or unused License key in any form, as well as the unauthorized reproduction, or distribution of duplicated or generated License keys or using the Software as a result of the use of a License key obtained from the source other than the Provider.
7. Copyright. The Software and all rights, without limitation including proprietary rights and intellectual property rights thereto are owned by ESET and/or its licensors. They are protected by international treaty provisions and by all other applicable national laws of the country in which the Software is being used. The structure, organization and code of the Software are the valuable trade secrets and confidential information of ESET and/or its licensors. You must not copy the Software, except as set forth in Article 6(a). Any copies which You are permitted to make pursuant to this Agreement must contain the same copyright and other proprietary notices that appear on the Software. If You reverse engineer, reverse compile, disassemble or otherwise attempt to discover the source code of the Software, in breach of the provisions of this Agreement, You hereby agree that any information thereby obtained shall automatically and irrevocably be deemed to be transferred to and owned by the Provider in full, from the moment such information comes into being, notwithstanding the Provider's rights in relation to breach of this Agreement.
8. Reservation of rights. The Provider hereby reserves all rights to the Software, with the exception of rights expressly granted under the terms of this Agreement to You as the End User of the Software.
9. Multiple language versions, dual media software, multiple copies. In the event that the Software supports multiple platforms or languages, or if You receive multiple copies of the Software, You may only use the Software for the number of computer systems and for the versions for which You obtained a License. You may not sell, rent, lease, sub-license, lend or transfer versions or copies of the Software which You do not use.
10. Commencement and termination of the Agreement. This Agreement shall be effective from the date You agree to the terms of this Agreement. You may terminate this Agreement at any time by permanently uninstalling, destroying and returning, at your own cost, the Software, all back-up copies and all related materials provided by the Provider or its business partners. Irrespective of the manner of termination of this Agreement, the provisions of Articles 7, 8, 11, 13, 19 and 21 shall continue to apply for an unlimited time.
11. END USER DECLARATIONS. AS THE END USER YOU ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED "AS
IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW. NEITHER THE PROVIDER, ITS LICENSORS OR AFFILIATES, NOR THE COPYRIGHT HOLDERS MAKE
ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SOFTWARE WILL
NOT INFRINGE ANY THIRD-PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THERE IS NO
WARRANTY BY THE PROVIDER OR BY ANY OTHER PARTY THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE
WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR
ERROR-FREE. YOU ASSUME ALL RESPONSIBILITY AND RISK FOR THE SELECTION OF THE SOFTWARE TO ACHIEVE
YOUR INTENDED RESULTS AND FOR THE INSTALLATION, USE AND RESULTS OBTAINED FROM IT.
12. No other obligations. This Agreement creates no obligations on the part of the Provider and its licensors other than as specifically set forth herein.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL
THE PROVIDER, ITS EMPLOYEES OR LICENSORS BE LIABLE FOR ANY LOST PROFITS, REVENUE, SALES, DATA OR
COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, PROPERTY DAMAGE, PERSONAL INJURY,
INTERRUPTION OF BUSINESS, LOSS OF BUSINESS INFORMATION OR FOR ANY SPECIAL, DIRECT, INDIRECT,
INCIDENTAL, ECONOMIC, COVER, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND
WHETHER ARISING UNDER CONTRACT, TORT, NEGLIGENCE OR OTHER THEORY OF LIABILITY, ARISING OUT OF THE
USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF THE PROVIDER OR ITS LICENSORS OR AFFILIATES ARE
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME COUNTRIES AND JURISDICTIONS DO NOT
56
ALLOW THE EXCLUSION OF LIABILITY, BUT MAY ALLOW LIABILITY TO BE LIMITED, IN SUCH CASES, THE LIABILITY
OF THE PROVIDER, ITS EMPLOYEES OR LICENSORS OR AFFILIATES SHALL BE LIMITED TO THE SUM THAT YOU PAID
FOR THE LICENSE.
14. Nothing contained in this Agreement shall prejudice the statutory rights of any party dealing as a consumer if running contrary thereto.
15. Technical support. ESET or third parties commissioned by ESET shall provide technical support at their own discretion, without any guarantees or declarations. The End User shall be required to back up all existing data, software and program facilities prior to the provision of technical support. ESET and/or third parties commissioned by ESET cannot accept liability for damage or loss of data, property, software or hardware or loss of profits due to the provision of technical support. ESET and/or third parties commissioned by ESET reserve the right to decide that resolving the problem is beyond the scope of technical support. ESET reserves the right to refuse, suspend or terminate the provision of technical support at its own discretion. License information,
Information and other data in compliance with Privacy Policy may be required for the purpose of technical support provision.
16. Transfer of the License. The Software can be transferred from one Computer to another, unless contrary to the terms of the Agreement. If not contrary to the terms of the Agreement, the End User shall only be entitled to permanently transfer the License and all rights ensuing from this Agreement to another End User with the
Provider's consent, subject to the condition that (i) the original End User does not retain any copies of the
Software; (ii) the transfer of rights must be direct, i.e. from the original End User to the new End User; (iii) the new End User must assume all the rights and obligations incumbent on the original End User under the terms of this Agreement; (iv) the original End User has to provide the new End User with documentation enabling verification of the genuineness of the Software as specified under Article 17.
17. Verification of the genuineness of the Software. The End User may demonstrate entitlement to use the
Software in one of the following ways: (i) through a license certificate issued by the Provider or a third party appointed by the Provider; (ii) through a written license agreement, if such an agreement was concluded; (iii) through the submission of an e-mail sent by the Provider containing licensing details (user name and password).
License information and End User identification data in compliance with Privacy Policy may be required for the purpose of Software genuineness verification.
18. Licensing for public authorities and the US Government. The Software shall be provided to public authorities, including the United States Government, with the license rights and restrictions described in this Agreement.
19. Trade control compliance.
a) You will not, directly or indirectly, export, re-export, transfer or otherwise make available the Software to any person, or use it in any manner, or be involved in any act, that could result in ESET or its holding companies, its subsidiaries, and the subsidiaries of any of its holding companies, as well as entities controlled by its holding companies ("Affiliates") being in violation of, or being subject to, negative consequences under trade control laws which include: i. any laws that control, restrict, or impose licensing requirements on export, re-export or transfer of goods, software, technology, or services, issued or adopted by any government, state or regulatory authority of the
United States of America, Singapore, the United Kingdom, the European Union or any of its Member States, or any country in which obligations under the Agreement are to be performed, or in which ESET or any of its
Affiliates are incorporated or operate, and ii. any economic, financial, trade or other, sanction, restriction, embargo, import or export ban, prohibition on transfer of funds or assets or on performing services, or equivalent measure imposed by any government, state or regulatory authority of the United States of America, Singapore, the United Kingdom, the European Union or any
57
of its Member States, or any country in which obligations under the Agreement are to be performed, or in which
ESET or any of its Affiliates are incorporated or operate.
(legal acts referred to in points i, and ii. above together as "Trade Control Laws").
b) ESET shall have the right to suspend its obligations under, or terminate, these Terms with immediate effect in the event that: i. ESET determines that, in its reasonable opinion, the User has breached or is likely to breach provision of Article
19 a) of the Agreement; or ii. the End User and/or the Software become subject to Trade Control Laws and, as a result, ESET determines that, in its reasonable opinion, the continued performance of its obligations under the Agreement could result in ESET or its Affiliates being in violation of, or being subject to negative consequences under, Trade Control Laws.
c) Nothing in the Agreement is intended, and nothing should be interpreted or construed, to induce or require either party to act or refrain from acting (or to agree to act or refrain from acting) in any manner which is inconsistent with, penalized, or prohibited under any applicable Trade Control Laws.
20. Notices. All notices and return of the Software and Documentation must be delivered to: ESET, spol. s r. o.,
Einsteinova 24, 85101 Bratislava, Slovak Republic.
21. Applicable law. This Agreement shall be governed by and construed in accordance with the laws of the Slovak
Republic. The End User and the Provider hereby agree that the principles of the conflict of laws and the United
Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that any disputes or claims ensuing from this Agreement with respect to the Provider or any disputes or claims relating to use of the Software shall be settled by Bratislava I District Court and You expressly agree to the said court exercising jurisdiction.
22. General provisions. Should any of the provisions of this Agreement be invalid or unenforceable, this shall not affect the validity of the other provisions of the Agreement, which shall remain valid and enforceable under the conditions stipulated therein. In case of a discrepancy between language versions of this Agreement, the English version shall prevail. This Agreement may only be modified in written form, signed by an authorized representative of the Provider, or a person expressly authorized to act in this capacity under the terms of a power of attorney.
This is the entire Agreement between the Provider and You relating to the Software and it supersedes any prior representations, discussions, undertakings, communications or advertising relating to the Software.
EULA ID: BUS-ESMC-20-01
Privacy policy
ESET, spol. s r. o., having its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B, Business
Registration Number: 31333532 as a Data Controller ("ESET" or "We") would like to be transparent when it comes to processing of personal data and privacy of our customers. To achieve this goal, We are publishing this Privacy
Policy with the sole purpose of informing our customer ("End User" or "You") about following topics:
• Processing of Personal Data,
• Data Confidentiality,
58
• Data Subject's Rights.
Processing of Personal Data
Services provided by ESET implemented in our product are provided under the terms of End User License
Agreement ("EULA"), but some of them might require specific attention. We would like to provide You with more details on data collection connected with the provision of our services. We render various services described in the EULA and product documentation such as update/upgrade service, ESET LiveGrid®, protection against misuse of data, support, etc. To make it all work, We need to collect the following information:
• Management of ESET security products requires and locally stores information such as seat ID and name, product name, license information, activation and expiration information, hardware and software information concerning managed computer with ESET security product installed. Logs concerning activities of managed ESET security products and devices are collected and available in order to facilitate managing and supervising features and services without automated submission to ESET.
• Information concerning installation process, including platform on which our product is installed and information about the operations and functionality of our products such as hardware fingerprint, installation
IDs, crash dumps, license IDs, IP address, MAC address, configuration settings of product which may also include managed devices.
• Licensing information such as license ID and personal data such as name, surname, address, email address is required for billing purposes, license genuineness verification and provision of our services.
• Contact information and data contained in your support requests may be required for service of support.
Based on the channel You choose to contact us, We may collect your email address, phone number, license information, product details and description of your support case. You may be asked to provide us with other information to facilitate service of support such as generated log files.
• Data concerning usage of our service are completely anonymous by the end of session. No personally identifiable information is stored after the session ends.
Data Confidentiality
ESET is a company operating worldwide via affiliated entities or partners as part of our distribution, service and support network. Information processed by ESET may be transferred to and from affiliated entities or partners for performance of the EULA such as provision of services or support or billing. Based on your location and service
You choose to use, We might be required to transfer your data to a country with absence of adequacy decision by the European Commission. Even in this case, every transfer of information is subject to regulation of data protection legislation and takes place only if required. Standard Contractual Clauses, Binding Corporate Rules or another appropriate safeguard must be established without any exception.
We are doing our best to prevent data from being stored longer than necessary while providing services under the EULA. Our retention period might be longer than the validity of your license just to give You time for easy and comfortable renewal. Minimized and pseudonymized statistics and other data from ESET LiveGrid® may be further processed for statistical purposes.
ESET implements appropriate technical and organizational measures to ensure a level of security which is appropriate to potential risks. We are doing our best to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and Services. However, in case of data breach resulting in a risk to your rights and freedoms, We are ready to notify supervisory authority as well as data subjects. As a data subject, You have a right to lodge a complaint with a supervisory authority.
59
Data Subject’s Rights
ESET is subject to regulation of Slovak laws and We are bound by data protection legislation as part of European
Union. Subject to conditions laid down by applicable data protection laws, You are entitled to following rights as a data subject:
• right to request access to your personal data from ESET,
• right to rectification of your personal data if inaccurate (You also have the right to have the incomplete personal data completed),
• right to request erasure of your personal data,
• right to request restriction of processing your personal data,
• right to object to processing,
• right to lodge a complaint as well as,
• right to data portability.
If You would like to exercise your right as a data subject or You have a question or concern, send us a message at:
ESET, spol. s r.o.
Data Protection Officer
Einsteinova 24
85101 Bratislava
Slovak Republic [email protected]
60
advertisement
Related manuals
advertisement