advertisement
ESET Inspect
User guide
Click here to display the online version of this document
Copyright ©2022 by ESET, spol. s r.o.
ESET Inspect was developed by ESET, spol. s r.o.
For more information visit https://www.eset.com.
All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author.
ESET, spol. s r.o. reserves the right to change any of the described application software without prior notice.
Technical Support: https://support.eset.com
REV. 12/22/2022
.....................................................................................................................................
.......................................................................................................................
..............................................................................................................
2.1 Reduction of the database size
........................................................................................................
...............................................................................................................
.....................................................................................................................
.................................................................................................................................
...................................................................................................................................
.....................................................................................................................................
................................................................................................................................
2.2 MySQL Installation on Windows
........................................................................................................
.............................................................................................................
..............................................................................................................
............................................................................................................
2.2 Microsoft SQL Server Installation
2.2 Supported Web Browsers and ESET Products
2.3 The ESET PROTECT Permission Settings
.......................................................................................
......................................................................................
..............................................................................................................
3.1 Get the certificate from ESET PROTECT
.............................................................................................
3.1 Import the server certificate from file
...............................................................................................
3.1 Get the ESET Inspect Web Console certificate from ESET PROTECT
...............................................................
3.1 Import ESET Inspect Web Console certificate from file
.............................................................................
3.1 Web browser HTTPS/SSL certificate list
..............................................................................................
3.1 The type of ESET Inspect user
.............................................................................................................................
........................................................................................................................
3.4 ESET Inspect Server Migration
...................................................................................................
3.4 Clean installation with the same IP address
.........................................................................................
3.4 Clean installation with a different IP address
........................................................................................
3.5 ESET Inspect Database Migration
...............................................................................................
3.5 The migration process for MySQL Server
............................................................................................
3.5 The migration process for MS SQL Server
...........................................................................................
3.6 ESET Inspect Server upgrade through ESET PROTECT
...................................................................
4 ESET Inspect Connector Installation
................................................................................................
4.1 ESET Inspect Cloud All-in-one Installer
............................................................................................... 38
4.1 Windows GUI - Mode Installation
.....................................................................................................
4.1 Installation from a windows command line
..........................................................................................
4.1 Troubleshooting the installation
.....................................................................................................
4.1 Upgrade through ESET PROTECT
4.1 GUI Upgrade from older version
.....................................................................................................
4.1 Command Line Upgrade from older version
.........................................................................................
4.2 macOS GUI - Mode Installation
.......................................................................................................
4.2 Installation from a macOS terminal
..................................................................................................
.......................................................................................................................................
4.3 Linux Terminal Installation
...........................................................................................................
4.4 ESET PROTECT Windows/macOS/Linux Deployment
.......................................................................
4.5 ESET Inspect Connector uninstallation
........................................................................................
........................................................................................................................................
..........................................................................................................
..................................................................................................................................
1
ESET Inspect
ESET Inspect is an essential component to help ensure the highest level of enterprise security. While standard
ESET Endpoint Security provides strong protection, ESET Inspect takes your environment's security to a new dimension. A security tool is needed to help security professionals protect their sensitive data and detect and investigate security incidents, advanced threats, and targeted attacks or breaches on endpoint devices. ESET
Inspect is a tool that offers the peace of mind of continuous protection and security monitoring in a powerful and easy-to-use solution.
ESET Inspect collects data in real time on endpoint devices. The data is matched against a set of rules to detect suspicious activities automatically. Then the aggregated data is processed, and the information is prioritized and correlated in a searchable form. This aggregated data enable a security professional to search for unusual and suspicious activities more efficiently and enables an accurate incident response, management, and reporting.
ESET Inspect is a solution that includes the following three components:
• ESET Inspect Connector is installed on endpoint devices that are monitored by ESET Inspect and collect the data for the ESET Inspect, removes malicious components, and blocks the execution of these components
• ESET Inspect Server continually aggregates and stores the collected data and displays it in the ESET
Inspect Web Console
• ESET Inspect Web Console is the user interface for ESET Inspect built as an HTML5 web application
Key features
ESET Inspect is an essential component to help ensure the highest level of enterprise security. As a critical tool for risk assessment and detection, ESET Inspect is a comprehensive Endpoint Detection and Response (EDR) system that includes the following features:
• Incident detection—Monitor the Detections section to reveal security incidents, Advanced Persistent
Threats (APT), targeted attacks.
• Incident management and response—Use a built-in set of rules or create your own rules to respond to detected incidents. The rules guide is available in the help section of the ESET Inspect Web Console.
• Data collection—Determine when an executable was launched for the first time and by whom, check the dwell time and attacked devices.
• Indicators of Compromise (IOC) detection.
• Anomaly detection—See what is being executed in your company network and reveal unexpected actions.
• Behavior detection—See what actions were carried out by an Executable: modified files, changing registry entries, connections made. Assess if the executed processes are safe or suspicious by looking at markers such as LiveGrid® reputation.
• Policy violations—Block malicious executables from being executed on any computer in your company network.
• Email notifications—Cooperation of ESET Inspect with ESET PROTECT results in beneficial security email notifications.
System Requirements
The system requirements for ESET Inspect are specified for Hardware Requirements and
Hardware Requirements
Hardware requirements depend on the number of events. The event from the ESET Inspect side of view includes File system events (read file, write file, etc.), TCP events, Registry events, HTTP events, DNS events, etc.
There are two ways to get the number of events.
Before installing the ESET Inspect Server:
1. Install the ESET Inspect Connector on at least three endpoints (ESET Inspect Connector is operable without ESET Inspect Server).
2. Activate the product with a valid ESET Inspect license. The activation is done via ESET PROTECT by creating a "Product activation" task. To do this, contact your ESET PROTECT Administrator or create a
Product Activation task.
3. Wait for at least a day.
4. Navigate to the folder where ESET Inspect Connector is installed (by default C:\Program
Files\ESET\Inspect Connector ) and run command EIConnector.exe.exe --stats .
5. From the output, use "Average Events Per Day".
After the ESET Inspect Server is already installed and working:
1. Go to Dashboard->Events load tab and check the highest values of events received per 24h in the
"Events processed and stored per computer" chart.
To calculate the estimated CPU, RAM, and disk space requirements for ESET Inspect Server and MySQL on the same machine, use the following calculator:
MySQL Microsoft SQL Server
Endpoints:
Events per 24h per endpoint:
100000
Estimate
This environment requires Enterprise Inspector Server to be able to write at least events per second (EPS)
Minimum hardware configurations:
Estimated events written per second are shown in the brackets
The estimated number of CPU cores is based on tests using an Intel Xenon 2.7GHz but other server specific x64
CPUs, such as Intel Xeon and AMD Epyc, can be used after scaling the number of cores to compensate for potentially lower clock rates.
2
Estimated database sizes:
The values in the table below are based on the assumption that the endpoint does not have more than a hundred thousand events generated per day, and the default data retention is 31 days. If the number of events in your environment is higher than a hundred thousand, you should proportionally scale the number from the table.
Minimum requirements
MS SQL Server
Number of Endpoints 500 1000
MySQL
5000 500 1000 5000
Memory
Disk space
4 GB 4 GB 12 GB 4 GB 4 GB 12 GB
566 GB 1.24 TB 6.2 TB 566 GB 1.1 TB 5.6 TB
Disk IOPS 1500 1500 3000 1000 2000 3000
Number of CPU cores 2 2 10 2 2 8
The current scalability limit is approximately 30 000 endpoints per ESET Inspect Server when considering the average event rate from global telemetry. The limit can vary based on the exact conditions and environment specifics; therefore, use the configuration calculator for accurate hardware/resource specifications.
The estimated database size does not consider various logs (MySql general query log, MySql binary log, or
SQL Server transaction log). If not needed to store them for your purposes, consider disabling them or clearing the logs regularly to reduce their disk space.
Disk Space Consumption Reduction
We recommend these
steps for disk space consumption reduction.
This can significantly save the disk space used by stored events.
The disk IOPS
To get the information regarding the IOPS that your disk can provide, use the tool described below:
66% of IOPS triggered by ESET Inspect are write-related operations, and the block size is 32KB.
IOPS achieved by the customer’s hardware can be measured using the following command line: diskspd -b32K
-d60 -o4 -t8 -h -r -w65 -L -Z1G -c20G C:\iotest.dat > C:\DiskSpeedResults.txt
.
diskspd is a Microsoft tool that can be downloaded from: https://docs.microsoft.com/en-us/azure-stack/hci/manage/diskspd-overview
The CPU and RAM impact reduction
To reduce the impact on CPU and RAM, you can use two approaches:
1. Navigate to Dashboard->Server Status->Event Packet Queue Length. If the chart shows most of the time 500, then consider upgrading your hardware or lower the load on the server by using the steps
3
If the Windows Server OS's space goes under 10 percent of the partition capacity (C:\), ESET Inspect stops accepting data from endpoints.
described in the
Disk Space Consumption Reduction
.
2. You can change the interval of sending the events from connectors to the server. By default, the interval is every 7 minutes. The user can change this in ESET PROTECT by going into Policies > New Policy
> Connection > Interval of sending events to the server (minutes). The possible interval is 5-1440 minutes.
To support a specific number of endpoints, ensure that the ephemeral port pool size is twice as big as the endpoint's number.
Command to check the current size of the ephemeral port pool: netsh int ipv4 show dynamicport tcp
Command to set ephemeral port pool size: netsh int ipv4 set dynamicport tcp start=<number> num=<size> e.g.: To set the ephemeral port pool to 60k, type the following: netsh int ipv4 set dynamicport tcp start=5536 num=60000
Note: Maximal port number can be 65536. It is recommended not to set starting port lower than 1500.
Reduction of the database size
The ways to reduce disk space usage are:
1. Store the low-level data for the shortest possible time. The database size is proportional to the amount of low-level data stored in the database, so lower the amount by keeping the low-level date as briefly as possible. This can be configured through tabs Admin->Server Settings->Database Retention.
A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc.
These can be seen in the Events view.
2. Store less low-level data. Instead of storing all data, keep only the most important data or data related directly to detections. This will not lower the protection because everything is still being analyzed to detect suspicious activity, even if not everything is stored. The amount of stored data can be changed in the tab
Admin->Server Settings->Data collection. But some ESET Inspect features don’t work or are limited when
not everything is stored. More information about these limitations is here
.
3. Use Event Filters to selectively not store low-level events from some executables or computers.
Dashboard->Events Load helps to find executables and computers that report most low-level events and where filters should be applied.
4. Check database settings that can cause increased disk usage: a.For MySql, check binary log usage. See more information here .
b.For Microsoft SQL Server, check recovery models. See more information here .
These settings are commonly used for backups so if they are needed, make sure that they are configured and used correctly.
Software Requirements
The following sections describe ESET Inspect software requirements like support of Operating Systems
or
Supported Web Browsers and ESET Products .
4
for Administrator and User account settings. For instructions to install ESET PROTECT, see ESET PROTECT
Installation Guide .
The ESET Inspect Server requires a 64-bit version of Visual C++ redistributable to be installed before the server is installed. The redistributable file can be downloaded from this link .
Operating Systems
The following sections describe ESET Inspect support for Windows
,
operating system versions.
Windows
The following table displays the supported Windows operating systems for each ESET Inspect component:
ESET Inspect Server ESET Inspect Connector Operating System
Windows 7 SP1 32-bit / 64-bit
Windows 8.1 32-bit / 64-bit
Windows 10, version 21H1 32-bit / 64-bit
Windows 10, version 21H2 32-bit / 64-bit
Windows 10, version 22H2 32-bit / 64-bit
Windows 11, version 21H2 32-bit / 64-bit
Windows 11, version 22H2 32-bit / 64-bit
Windows Server 2012 64-bit
Windows Server 2012 R2 64-bit
Windows Server 2016 64-bit
Windows Server 2019 64-bit
Windows Server 2022 64-bit
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
macOS
The following table displays the supported macOS operating systems for ESET Inspect Connector component:
Connector Operating system macOS 10.15 (Catalina) macOS 11 (Big Sur) macOS 12 (Monterey) macOS 13 (Ventura)
✔
✔
✔
✔
Linux
The following table displays the supported Linux operating systems for ESET Inspect Connector component:
Endpoint Antivirus for Linux Server Security for Linux Operating system
RedHat Enterprise Linux (RHEL) 7
RedHat Enterprise Linux (RHEL) 8
RedHat Enterprise Linux (RHEL) 9
Centos 7
Ubuntu 18.04
Ubuntu 20.04
Ubuntu 22.04
Debian 10
Debian 11
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
5
✔
✔
✔
✔
Server Security for Linux Operating system
SUSE Linux Enterprise Server (SLES) 12
SUSE Linux Enterprise Server (SLES) 15
SUSE Linux Enterprise Desktop 15
Oracle Linux 8
Amazon Linux 2
Linux Mint 20 ✔
✔
Endpoint Antivirus for Linux
For Ubuntu 22.04 libfuse2 library must be installed first.
Database
ESET Inspect supports two database servers: Microsoft SQL Server and MySQL.
Supported database server
Microsoft SQL Server
MySQL
Supported database versions
2017, 2019, 2022
5.7.40 or newer, 8.0.31 or newer
Supported database connectors
-
ODBC Driver for SQL Server 11, 13, 17
For installation instructions of MySQL Server, see MySQL Installation on Windows or
.
For installation instructions of Microsoft SQL Server,
ESET Inspect supports two database servers: Microsoft SQL Server and MySQL.
Clusters are not supported.
6
MySQL Installation on Windows
Prerequisites
• Download the MySQL server installer for Windows: https://dev.mysql.com/downloads/windows/installer/ .
• Install Microsoft .NET Framework version 4 if required. Depending on the OS version.
Installation and configuration
1. Run the downloaded installer file to start the installation. Select the Server-only version in the Choosing
a Setup Type screen and click Next.
2. In the Type and Networking screen, select Config Type (we recommend using a Dedicated Computer type for the SQL server), type in your preferred Port Number (or use port 3306 by default), and click Next.
3. We recommend using the default (RECOMMENDED) option in the Authentication Method screen.
4. In the Accounts and Roles screen, set the MySQL Root Password and click Add User to create another
MySQL user account secured with a password and with a DBA role assigned.
Remember the username and password you configured for a new user with the DB admin role, as it is used during the
ESET Inspect Server installation .
5. We recommend selecting Configure MySQL Server as Windows Service in the Windows Service screen and Starting the MySQL Server at System Startup. Otherwise, you will have to start the server manually each time (for example, using the net start mysql command from an administrative command prompt).
6. We recommend to use the default option "Yes, grant full access..." in the Server File Permissions screen.
7. In the Apply Configuration screen, click Execute. If the configuration steps are completed successfully, click Finish.
8. In the subsequent screen, click Next, and then Finish.
For editing my.ini file, please make sure it is saved in ANSI, not in UTF-8 format. We recommend using
Notepad++ that will not change the file format after save.
You have to modify the my.ini file located in C:\ProgramData\MySQL\MySQL Server X.X.
Inspect Server installation. Before editing, backup the ini file.
for further ESET
Find the following variables and change their values. If a variable does not exist, add it at the end of my.ini file:
Increase the value of open_files_limit to at least 30000.
Change the value of innodb_flush_log_at_trx_commit to 0.
Set innodb_buffer_pool_size to 80% percent of the RAM. For instance, if the server has 16GB of RAM it should be set in the following way: innodb_buffer_pool_size =12G. The minimum value is 1G.
Set innodb_log_file_size to 50% of the value of setting innodb_buffer_pool_size .
Set event_scheduler =ON. Valid for version 8.
Set local_infile =1. Valid for version 5.
Add disable-log-bin . Valid for version 5.
Set wait_timeout =900.
Set max_connections =300.
Set slow-query-log =0.
After saving these changes, restart the MySQL service.
Since ESET Inspect executes many SQL statements, MySQL's general and MySQL's binary log can be huge.
Consider disabling the general and binary logs if they are not used. Consider also limiting their size or time of logging using MySQL configuration parameters.
Moving the database to separate partition/machine
MySQL is the most crucial part of the ESET Inspect Server and can consume whole disk space. Due to operating
.
When calculating the required disk space, we are tracking three folders:
• Database folder—The folder where MySql or SQL Server stores ESET Inspect database
• Temporary database—The folder where MySql or SQL Server stores temporary tables
• The ESET Inspect Server data folder—C:\ProgramData\ESET\Inspect Server\Server folder
If the database is installed on the same machine as the ESET Inspect Server, then ESET Inspect stops accepting new events when:
• There is less than 3% of free space on the disk with the database folder
• There is less than 3% of free space on the disk with the temporary database folder
• There is less than 5% of free space on the disk with the ESET Inspect Server data folder
If the ESET Inspect Server data folder and temporary database folder are on the same disk, ESET Inspect stops accepting new events if there is less than 10% of free space on this disk
If the database is located on the same machine as ESET Inspect, there must be at least 10% free disk space where
7
markers on the Events processed chart on the Events Load Dashboard’s tab.
MySQL Dedicated Partition
1. Stop MySQL Service.
2. Move or copy the Data folder onto the dedicated partition i.e. D:\.
For editing my.ini file, please make sure it is saved in ANSI, not in UTF-8 format. We recommend using
Notepad++ that will not change the file format after save.
3. Edit my.ini file located by default in C:\ProgramData\MySQL\MySQL Server X.X.
and search for the '#
Path to the database root' string and change the path to the location of the new Data folder, for example, D:\Data . The folder has to be created before altering the my.ini file.
4. The Data folder has to be accessible by the Network Service. To add required permissions, follow these steps: a.Go to Start > Administrative Tools > Computer Management > System Tools > Local Users and
Groups > Groups.
b.Double-click Users. c.Click Add. d.Click Locations, select your computer node and click OK. e.Type 'Network Service' into the 'Enter the object names' or click Advanced, then Find Now and select it from the Search Results.
5. Edit my.ini file located by default in C:\ProgramData\MySQL\MySQL Server X.X
. Under [mysqld] search for "tmpdir". If missing, add the following line tmpdir = D:/mysqltemp where the "mysqltemp" is a custom folder. The folder has to be created before altering the my.ini file.
6. Start MySQL Service.
MySQL 5 on Linux System
Open the Terminal and run the following commands: sudo apt-get update sudo apt-get upgrade sudo apt-get install mysql-server-5.7
To install MySQL Workbench (optional), which is the GUI for the database: sudo apt install mysql-workbench
Database setup
You need to set the database user not only for localhost but also for the external connections and push the following SQL commands or via the cmd line.
cmd line (not Workbench):
8
sudo mysql -u root -p create user 'root'@'%' IDENTIFIED BY 'root';
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'admin.1';
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'admin.1'; grant all privileges on *.* to 'root'@'%' with grant option;
From the mysql.user menu select host %, and user root.
After the user is added and defined, you can set up the MySQL database.
mysql_secure_installation
Validate password component [Y/n] n
Change the root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
We recommend changing the password, as "admin.1" is the default one. This password is required during ESET
Inspect Server Installation. Through terminal, follow this tutorial .
Through the Workbench, click:
• Database > Connect to Database… select database > OK
• Then Server > Users and Privileges >Select root%—set the password and confirm it
Open the Terminal and execute the following command to copy mysql.service file: sudo cp /lib/systemd/system/mysql.service /etc/systemd/system/
Open the /etc/systemd/system/mysql.service
in texteditor (or nano, pico, vi ...) and add following lines: sudo nano /etc/systemd/system/mysql.service
LimitNOFILE=30000
LimitMEMLOCK=30000
Save the file and reload the system configuration by the following command:
9
sudo systemctl daemon-reload
Now you need to modify /etc/mysql/mysql.conf.d/ mysqld.cnf file (where are the db params).
Open file in texteditor or nano, pico, vi ... and add following lines under section [mysqld]: sudo /etc/mysql/mysql.conf.d/mysqld.cnf
lower_case_table_names = 1 bind-address = IP_OF_THIS_MACHINE, BUT NO 127.0.0.1
thread_stack = 256K
*bind-address – default value is 127.0.0.1. You have to set this address to IP of the machine where MySQL is running. In case of incorrect IP, ESET Inspect Installation cannot connect to MySQL.
Insert following parameters to the part InnoDB innodb_buffer_pool_size=4G innodb_flush_log_at_trx_commit=0 innodb_log_file_size=2G
*innodb_buffer_pool_size—set to 80% of the RAM size of MySQL machine
*innodb_log_file_size —set to 40% - 60% of the innodb_buffer_pool_size value
Add to the end these lines event_scheduler = ON wait_timeout=900 max_connections=300
Restart MySQL to load the new parameters: sudo service mysql restart
Debugging Database parameters
To verify the database parameters, run MySQL via Terminal and execute the query for specific parameter value: mysql -u root -p show variables like '%lower_case_table_names%';
10
Verify the status of the MySQL Service
Open the terminal, and type in the command.
systemctl status mysql.service
MySQL Service runs when the reported state is: active (running).
Sources
MySQL Installation https://www.cyberciti.biz/faq/howto-install-mysql-on-ubuntu-linux-16-04/
Warning: Worldwritable config file
'/etc/mysql/my.cnf' is ignored https://stackoverflow.com/questions/32133353/unable-to-connect-to-mysql-database-in-ubuntu
Open_files_limit
MySQL command line commands https://support.plesk.com/hc/en-us/articles/213393029-MySQL-values-open-files-limit-and-max-connections-are-not-applied https://dev.mysql.com/doc/refman/5.5/en/getting-information.html
MySQL 8 on Linux System
Open the Terminal and run the following commands: sudo apt-get update sudo apt-get upgrade sudo apt-get install mysql-server
To install MySQL Workbench (optional), which is the GUI for the database: sudo apt install mysql-workbench
Database setup
You need to set the database user not only for localhost but also for the external connections and push the following SQL commands or via the cmd line.
cmd line (not Workbench): sudo mysql -u root -p create user 'root'@'%' IDENTIFIED BY 'root';
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'admin.1';
11
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'admin.1'; grant all privileges on *.* to 'root'@'%' with grant option;
From the mysql.user menu select host %, and user root.
After the user is added and defined, you can set up the MySQL database.
mysql_secure_installation
Validate password component [Y/n] n
Change the root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
We recommend changing the password, as "admin.1" is the default one. This password is required during ESET
Inspect Server Installation. Through terminal, follow this tutorial .
Through the Workbench, click:
• Database > Connect to Database… select database > OK
• Then Server > Users and Privileges >Select root%—set the password and confirm it
Open the Terminal and execute the following command to copy mysql.service file: sudo cp /lib/systemd/system/mysql.service /etc/systemd/system/
Open the /etc/systemd/system/mysql.service
in texteditor (or nano, pico, vi ...) and add following lines: sudo nano /etc/systemd/system/mysql.service
LimitNOFILE=30000
LimitMEMLOCK=30000
Save the file, reload the system configuration by the following command: sudo systemctl daemon-reload
Now you need to modify /etc/mysql/mysql.conf.d/mysqld.cnf
file (where are the db params).
12
Open the mysqld.cnf file in texteditor or nano, pico, vi ... and add following lines under section [mysqld]: sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
bind-address = xxx.xxx.xxx.xxx
innodb_flush_log_at_trx_commit=0 innodb_buffer_pool_size=2G innodb_log_file_size=1G thread_stack=256K lower_case_table_names = 1 disable-log-bin local_infile = 1 wait_timeout=900 max_connections=300
*bind-address—default value is 127.0.0.1. Set this address to the machine's IP where MySQL is running. If the incorrect IP address is used, ESET Inspect Installation cannot connect to MySQL.
*innodb_buffer_pool_size—set to 80% of the RAM size of MySQL machine
*innodb_log_file_size —set to 40% - 60% of the innodb_buffer_pool_size value
Restart MySQL to load the new parameters: sudo service mysql restart
Verify the status of the MySQL Service
Open the terminal, and type in the command.
systemctl status mysql.service
MySQL Service is running when the reported state is: active (running).
Sources
MySQL Installation https://www.cyberciti.biz/faq/howto-install-mysql-on-ubuntu-linux-16-04/
Warning: Worldwritable config file
'/etc/mysql/my.cnf' is ignored https://stackoverflow.com/questions/32133353/unable-to-connect-to-mysql-database-in-ubuntu
Open_files_limit https://support.plesk.com/hc/en-us/articles/213393029-MySQL-values-open-files-limit-and-max-connections-are-not-applied
13
MySQL Installation https://www.cyberciti.biz/faq/howto-install-mysql-on-ubuntu-linux-16-04/
MySQL command line commands https://dev.mysql.com/doc/refman/5.5/en/getting-information.html
Microsoft SQL Server Installation
We recommend using the Microsoft SQL Server Enterprise/Standard edition, but keep in mind that it requires a license. Microsoft SQL Server Express version is not supported by ESET Inspect.
Follow these steps (MSSQL 2017):
1. After starting the MSSQL installer choose the Custom installation process.
2. You can keep the default installation path or choose a different one. Click Install.
3. After downloading the installation files, the SQL Server Installation Center appears. If not, start it up.
4. Choose the Installation menu from the left-side panel.
5. Choose a New SQL Server stand-alone installation or add features to an existing installation to start the installation process.
6. Accept the License terms and click Next.
7. Select the check box to Use Microsoft Update to check for updates. Click Next.
8. In the Install Rules window, click Next.
9. Select the Database engine Services and SQL Client connectivity SDK check box in the Feature
Selection window. Click Next.
10. You can keep the default value in the Instance Configuration window and click Next.
11. In the Server Configuration window, change the Startup Type for SQL Server Agent to Automatic and click Next.
12. In the Database Engine Configuration window, select the Mixed Mode option.
13. Type in and confirm the password for the default "sa" user (SQL Server system administrator). You can use this user during the ESET Inspect Server installation process or create a custom user with sufficient privileges.
14. Click Add Current User button.
15. Click Next.
16. Click Install.
Turn off/create firewall exception and enable TCP/IP communication for MSSQL to fully function ESET Inspect with MSSQL. Otherwise, the ESET Inspect Server installation ends up with an error.
1. Open SQL Server Configuration Manager.
2. Click SQL Server Network Configuration in the left-side menu.
3. Click Protocols for MSSQLSERVER.
4. Ensure that the TCP/IP protocol is in status Enabled (it should be by default).
5. Click SQL Server Services from the left-side menu.
6. In the right-side menu, right-click the SQL Server (MSSQLSERVER) service, and from the context menu, choose Restart.
7. In the right-side menu, right-click the SQL Server Agent (MSSQLSERVER) service, and from the context menu, choose Restart.
8. Check the Windows Services that the SQL Server service is running. Otherwise, the ESET Inspect Server will not work.
Now is, the MSSQL Server ready for the ESET Inspect Server to be installed.
14
For safety purposes, we recommend using a different user with the necessary privileges:
1. Download MSSQL Server Management Studio and install it on the MSSQL Server machine.
2. Log into the server.
3. Server type: Database Engine. Select the server name used on that server, Authentication: Windows
Authentication.
4. Click Connect.
5. Right-click the Security folder on the left-side menu. Choose New from the context menu > Login.
6. Type in the Login name. Choose SQL Server Authentication. Fill in the Password and confirm it.
7. Deselect Enforce password expiration.
8. In the left-side menu of the same window, click the User Mapping. From the list of users mapped to this login, choose a master, and in the Database role membership list keep checked public role.
9. In the left-side menu of the same window, click the Securables. Click the Search button and select the third option The server.... Scroll down the Permission for... list and check the Grant box for View Server
State.
10. In the left-side menu, click the Server Roles. From the server roles list, choose the dbcreator and leave the public checked.
11. Click OK.
Now you can proceed with the ESET Inspect Server installation with this new custom SQL user.
Required user privileges have changed since the 1.7 version. In case of upgrading ESET Inspect to version
1.8, set the user rights as described above and then upgrade ESET Inspect Server.
Moving the database to separate partition/machine
MSSQL is the most crucial part of the ESET Inspect Server and can consume whole disk space. Due to operating system stability, we recommend moving the MSSQL data and a temporary folder to the dedicated partition or a
.
Follow these steps:
1. Run SQL Server Management Center.
2. In Object Explorer, right-click the name of the server.
3. In the context menu, click properties.
4. Select Database Settings from the left side menu.
5. In the Database Default Location, change the Data path.
When calculating the required disk space, we are tracking three folders:
• Database folder—The folder where MySql or SQL Server stores ESET Inspect database
• Temporary database—The folder where MySql or SQL Server stores temporary tables
• The ESET Inspect Server data folder— C:\ProgramData\ESET\Inspect Server\Server folder
If the database is installed on the same machine as the ESET Inspect Server, then ESET Inspect stops accepting new events when:
• There is less than 3% of free space on the disk with the database folder
• There is less than 3% of free space on the disk with the temporary database folder
• There is less than 5% of free space on the disk with the ESET Inspect Server data folder
If the ESET Inspect Server data folder and temporary database folder are on the same disk, ESET Inspect stops
15
accepting new events if there is less than 10% of free space on this disk
If the database is located on the same machine as ESET Inspect, there must be at least 10% free disk space where
markers on the Events processed chart on the Events Load Dashboard’s tab.
Supported Web Browsers and ESET Products
• Google Chrome
• Mozilla Firefox
• Safari
• Edge (based on Chromium)
Use the latest version of browsers.
ESET Inspect Web Console
ESET Inspect Web Console is a single-page application that communicates with the ESET Inspect Server via REST calls.
The minimum screen resolution supported by the Web Console is 1280x768.
Supported ESET Products
ESET Inspect is at the moment compatible with ESET PROTECT on-premises, not ESET PROTECT Cloud.
• ESET Endpoint Security 10.0.2034.0 or newer.
• ESET Endpoint Antivirus 10.0.2034.0 or newer.
• ESET Endpoint Security for macOS 6.11.606.0 or newer
• ESET Endpoint Antivirus for macOS 6.11.606.0 or 7.2.1600.0 or newer
• ESET Endpoint Antivirus for Linux 9.1.4.0 or newer
• ESET Mail Security for Microsoft Exchange Server 9.0.10009.0 or newer
• ESET Mail Security for IBM Lotus Domino 9.0.14005.0 or newer
• ESET Server Security for Microsoft Windows Server 9.0.12013.0 or newer
• ESET Server Security for Linux 9.1.89.0 or newer
• ESET Security for Microsoft Sharepoint Server 9.0.15003.0 or newer
• ESET PROTECT 10.0.14.0 or newer
Because the ESET Inspect can show some malware/scripts, ESET Endpoint Security / ESET Endpoint Antivirus can sometimes show ESET Inspect as a threat. Follow these steps to prevent ESET Endpoint Security / ESET Endpoint
Antivirus from blocking ESET Inspect:
• In ESET Endpoint Security and ESET Endpoint Antivirus settings go to Web and Email->Web access
protection->Url address management->Address List->List of addresses excluded from content scan->Edit
• If not present, add the Hostname/IP Address of the ESET Inspect Server and add /* at the end of the string. You can use the ESET PROTECT policy to deploy such a setting to multiple ESET Endpoint Security /
ESET Endpoint Antivirus.
16
Earlier versions of ESET products have limited functionalities.
LiveGrid®
Enable LiveGrid® in ESET Endpoint Security to evaluate detection rules in ESET Inspect Connector since version 1.8 (mandatory for the Cloud environment. If rules evaluation is on the ESET Inspect Server side, then this needs to have communication to LiveGrid® allowed). Some rules depend on information from
LiveGrid®, and without the information, these rules are not functional.
HIPS
HIPS monitors events inside the operating system and provides information needed for ESET Inspect and following rules evaluation.
The ESET PROTECT Permission Settings
In the ESET PROTECT, it is necessary to create a Static Group , where security engineers have access and full permission rights.
We recommend using pre-defined permission sets in the ESET PROTECT. You can create custom permission sets
(see the Permission Sets Online Help topic).
To create an ESET PROTECT Native User, follow .
For the EI_SERVER_INSTALLER Web Console access user, the permission set should be:
The user with this permission set is recommended to be used during the ESET Inspect Server installation process. If there is an error, logs with diagnostics data are created too, which will help solve the problem better.
For the EI_ADMIN Web Console access user, the permission set should be:
For the EI_READ_ONLY Web Console access user, the permission set should be:
17
ESET Inspect Server Installation
There are several possible ways to install the ESET Inspect Server:
• Using
Graphical User Interface provided by the installer. A recommended way of installation.
• Using
Keep in mind that upgrade will need additional free space depending on number of endpoints. It will never need more space than the database size. Exact space requirements are checked by installer.
When the ESET Inspect Server service starts, the following process function executes:
Purge - Clean old data from the database. By default, it executes at midnight, checks all the data older than
30 days, and deletes them (events, processes, computers that do not send any data for 30 days). You can change the interval of the purge in the Server settings tab.
When you lower the time frame set for purge, it takes several days to clean up old data before the new setting takes effect.
GUI - Mode Installation
Prerequisites:
Make sure that you fulfilled the requirements
before proceeding with the ESET Inspect Server installation.
We recommend that you do not install the ESET PROTECT Server and ESET Inspect Server on the same machine.
For installation purposes, use only the user that is created without the Two Factor Authentication option enabled.
Applies for users upgrading from version 1.5 of ESET Enterprise Inspector.
Since version 1.6 of ESET Enterprise Inspector there is a feature, "Optional Rules". We have a separate group of rules that are not enabled by default, yet they are still installed by the installer but in a disabled state. Users can decide on these rules if they suit their environment and enable them manually.
Having this feature, we have decided to move some of the existing rules to the "Optional" category. It means some of the existing rules enabled in your environment may, after the installation, become disabled because they are updated with the new version of the rule, which is optional now. Please check disabled rules after the upgrade from previous versions whether some of the rules you want to have enabled were not disabled by this mechanism.
• ESET Inspect Server has a built-in HTTP/S server and is listening to ports 80(HTTP) or 443(HTTPS). You can change the port settings during the installation process.
• The server needs to have a connection to LiveGrid® .
• Ensure that you have a proper host, port number, login, and password to the MySQL database. The user must be able to create a new database and tables.
ESET Inspect Server installation using GUI (only on the server machine)
Follow the steps below to configure and start your ESET Inspect Server:
1. Execute the downloaded installer file ei_server_nt64_ENU.msi.
2. Read the End User License Agreement, select the check box to accept the License Agreement terms
18
(without it, it is not possible to continue with the installation process), or read the Privacy Policy at the left lower corner of the window. Click Next to proceed with the installation.
3. Choose whether you want to participate in ESET Customer Improvement Program by selecting the
check box, click Next to proceed with the installation. ( Telemetry information )
4. Choose the destination directory where you want ESET Inspect Server to be installed and click Next to proceed with the installation. You can change the path directly by typing the destination in the command path or by clicking the Change button and navigating to the desired folder.
5. Type in the Web Console HTTPS port number (by default, it is 443).
6. Type in the Web Console HTTP port number (by default, it is 80).
7. Type in the Connectors port number (by default, it is 8093, bear in mind that if a different port number is used, you have to change it also during the connector installation process or by ESET PROTECT policy ).
8. Click Next.
19
9. Select the type of the Database that you will use for the ESET Inspect Server: a.In the case of MySQL, type in the Database name (by default enterpriseinspectordb), Hostname (by default localhost, or use the hostname or the IP Address if the database is seated on a different machine than the ESET Inspect Server), Port of the database (filled during the database installation process, by default 3306 for MySQL). Fill in the Username and Password of the database account with sufficient
b.If the database type you selected at the top is MS SQL Server, type in the Database name (by default enterpriseinspectordb), Hostname (by default localhost, or use the hostname or the IP Address if the database is seated on a different machine than the ESET Inspect Server), Port of the database (filled during the database installation process, by default 1433 for MSSQL). Then choose whether you want to use Use Named Instance or not by checking the check-box or unchecking it. This will allow you to use a custom database instance, and you can set it in the Hostname field in the form
HOSTNAME\DB_INSTANCE, for example, 192.168.0.10\EISQL. For the clustered database, use only the clustername. If this option is selected, you cannot change which port will be used, and the system will use default ports determined by Microsoft. Select the ODBC driver that is actually installed on the
Server machine where the ESET Inspect Server is going to be installed (if not present, install it following the ODBC installation process ). Fill in the Username and Password of the database account with sufficient
20
10. The installer will check the database parameters. If some parameters are missing, follow the instructions displayed on the screen. The installer will check the connection to the database. It may take a few seconds to complete. A dialog box explaining the error appears (it may appear behind other windows). If no problems occur, the next screen is displayed. If the database was already created, you are asked to check whether you want to Keep the data and upgrade the database to the newest format or to Delete the data and create new database from scratch. Click Next.
For editing my.ini file, please make sure it is saved in ANSI, not in UTF-8 format. We recommend using
Notepad++ that will not change the file format after save.
11. If you have selected the Delete option or installed the ESET Inspect Server on a fresh MySQL database, the window with requirements for my.ini file shows up. Make changes as requested, click
Check. Click Next.
12. Select the type of ESET Inspect user . Click Next.
13. The default
Detection Rules Set is selected based on the type of ESET Inspect . This can also be
changed now or after the first log in to the Web Console in a pop-up that appears or by the filtering rules mentioned at the end of this
14. The default
Data Collection option is selected based on the ESET Inspect user selected type. Click
Next.
15. Select the period for detection storage and low-level data storage (
). Click Next.
A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc.
These can be seen in the Events view.
For installation purposes, use only the user that is created without the Two Factor Authentication option enabled.
16. In the next window, fill in the ESET PROTECT hostname or IP address, ESET PROTECT port for the data connection (by default 2223), ESET PROTECT user, and ESET PROTECT password (we recommend
using EI_SERVER user, which permission settings you will find in ESET PROTECT Permission Settings) .
Choose the protocol you want to use for communication (we recommend HTTPS as a secure option) and
ESET PROTECT port of web console communication (by default 443). Click Next. If you entered the wrong credentials or IP address, the error message window appears. Repair invalid data entry and continue.
17. Accept the Certification Authority file.
18. Continue with one of the available options:
Get the certificate from ESET PROTECT
b.
Import the certificate from a file
Get the certificate from ESET PROTECT
1. The list of the ESET Inspect Server certificates displays, where you can select the one desired, enter the
Certificate password if applied and click Next. Continue with step
.
21
2. No certificates are displayed here if no ESET Inspect Server certificate is available in ESET PROTECT.
Generate a new certificate by clicking Create new certificate.
3. Select a Certificate authority, enter the corresponding password if required, click Next.
22
4. Fill in the required details. The value of Description is used when displaying the list of available server certificates. Parameters like Host, Valid from, Valid to are pre-filled automatically. Click Next, and Next.
You can also create the certificates in the ESET PROTECT itself. Learn how to create a Certificate Authority .
Learn how to create a Peer Certificate .
5. Continue with one of the available options for implementing the essential certificate for HTTPS/SSL connection between the ESET Inspect Web Console and web browser:
Get the ESET Inspect Web Console certificate from ESET PROTECT
b.
Import the certificate from a file
c.Use the same certificate as for Connector/Server communication. After choosing this option, click the Install button to start the installation process.
The HTTPS/SSL certificate has to be signed using the SHA-2 algorithm, or if created in ESET PROTECT, the
Advanced security has to be enabled (In ESET PROTECT navigate More -> Server Settings -> Connection).
The Certification Authority used to sign the certificate must be present in the
Web Browser HTTPS/SSL certification list
.
If these requirements are not met, a web browser will display a warning when connecting to the ESET
Inspect Web Console.
6. If there is a problem with the installation, follow the instructions in the dialog box that appears. Click
Finish to complete the installation.
7. Open https://localhost in a web browser to log into ESET Inspect. If you want to access ESET Inspect from a different device, write the IP Address or hostname of the ESET Inspect Server in a browser.
8. Type in the username and password of the ESET PROTECT user that has the correct
Permission Settings . An Administrator and User account with the following ESET PROTECT Account
are needed. For ESET PROTECT account creation instructions, see the Admin Access Rights topic.
Import the server certificate from file
Fill in the path to the ESET Inspect Server Certificate (.PFX file) that was created in ESET PROTECT Server or use the Change button to manually navigate to the file location, fill in the certificate password if applicable. Fill in the path to Certification Authority or use the Change button to navigate to the file location manually. Click Next.
23
Continue with one of the available options for implementing the essential certificate for HTTPS/SSL connection between the ESET Inspect Web Console and web browser:
1.
Get the ESET Inspect Web Console certificate from ESET PROTECT
2.
Import the certificate from a file
3. Use the same certificate as for Connector/Server communication. After choosing this option, click the
Install button to start the installation process.
4. If there is a problem with the installation, follow the instructions in the dialog box that appears. Click
Finish to complete the installation.
5. Open https://localhost in a web browser to log into ESET Inspect. If you want to access ESET Inspect from a different device, write the IP Address or hostname of the ESET Inspect Server in a browser.
6. Type in the username and password of the ESET PROTECT user that has the correct
Permission Settings . An Administrator and User account with the following ESET PROTECT Account
are needed. For ESET PROTECT account creation instructions, see the Admin Access Rights topic.
24
By default, certificates created by the ESET PROTECT use * (an asterisk) as a hostname (wildcard certificate). ESET Inspect does not support such certificates. The user has to use the real hostname of the
ESET Inspect Server.
The certificates have to be provided in PKCS #12 format.
PKCS #12 is a file format, used for storing many cryptography objects as a single file - like certificates or certification authorities. Usually files which use PKCS #12 have extension ".pfx" or ".p12".
certificates cannot have only "*" (one asterisk, nothing more) in place for a host, in the following places:
• CN (common name)
• alternative names (from extension {{Subject Alternative Name from }}RFC5280)
• CN in additional certificates (PKCS #12 can hold additional certificates)
• alternative names in additional certificates for example:
"*" is not allowed.
"*.yourcompany.com" is allowed
"yourcompany.*.hq.com" is allowed.
Another file format, frequently used in cryptography, is X509. Files using those format usually have extension ".der" or ".pem".
In ESET Inspect certificates are kept in ".pfx" files, and certification authorities are kept in ".der" files.
Mandatory parameters for creating Peer Certificate are:
• Product: "ESET Inspect Server"
• Host: Use a real IP Address of the ESET Inspect Server
In case you want to connect ESET Inspect Connector from another network, add another IP or hostname by separating it with space, comma, or semicolon. For example: HOST 192.168.20.22;10.1.183.88
Do not use the semicolon symbol ; in the file name or the folder name in the path of the certificate. It is used to separate multiple certificates if applicable.
Get the ESET Inspect Web Console certificate from ESET
PROTECT
1. The list of ESET Inspect Web Console certificates displays, where you can select the one desired, type in the Certificate password if applied and click Next.
2. If you do not have the ESET Inspect Web Console certificate created yet in ESET PROTECT, through the installer, you can generate the certificate by clicking the Create new certificate button in the upper right corner.
3. Here you see the Certificate Authorities available on the ESET PROTECT Server.
4. Select desired Certificate authority, fill in the password if applied, and click Next.
5. Fill in the Description (you will see this string in the list of ESET Inspect Web Console certificates shown in the previous step) and password if desired. Other parameters can be changed if needed but are predefined and filled with, for example, the server's IP address where you are installing the ESET Inspect
Server. Click Next, and Next. After choosing this option, click the Install button to start the installation process. You can also create the certificates in the ESET PROTECT itself. Learn how to create a Certificate
Authority . Learn how to create a Peer Certificate .
6. If there is a problem with the installation, follow the instructions in the dialog box. Click Finish to finish the installation.
7. Open https://localhost in a web browser to log into ESET Inspect. If you want to access ESET Inspect from a different device, write the IP Address or hostname of the ESET Inspect Server in a browser.
8. Type in the username and password of the ESET PROTECT user that has the correct
Permission Settings . An Administrator and User account with the following ESET PROTECT Account
are needed. See the Admin Access Rights topic for ESET PROTECT account creation instructions.
25
Import ESET Inspect Web Console certificate from file
1. Fill in the path to the ESET Inspect Web Console certificate (.PFX file) that was created in ESET PROTECT
Server or use the Change button to navigate to the file location manually. Fill in the password (if applicable). Click Next. Click the Install button to start the installation process.
2. If there is a problem with the installation, follow the instructions in the dialog box. Click Finish to complete the installation.
3. Open https://localhost in a web browser to log into ESET Inspect. If you want to access ESET Inspect from a different device, write the IP Address or hostname of the ESET Inspect Server in a browser.
4. Type in the username and password of the ESET PROTECT user with the correct ESET PROTECT
Permission Settings . An Administrator and User account with the following ESET PROTECT Account
are needed. See the Admin Access Rights topic for ESET PROTECT account creation instructions.
Web browser HTTPS/SSL certificate list
Download the Authority Public key (.DER file) to the PC/Server, from which you are going to access the ESET
Inspect Web Console.
The following procedure will suit the most used web browsers. For Mozilla Firefox, use the second one below:
1. Double-click the DER file.
2. Click Install Certificate -> Local Machine -> Place all certificates in the following store -> Trusted Root
Certification Authorities.
3. To verify that the certificate was installed successfully, open Microsoft Management Console by pressing Win + R and type in "MMC".
4. In MMC go File -> Add/Remove Snap-in... -> Certificates -> Add -> My user account -> Finish, do the same for the Computer Account and click OK.
26
5. The certificate installed in the first step should be visible in sections: a.Certificates - Current User -> Trusted Root Certificates -> Certificates b.Certificates (Local computer) -> Trusted Root Certificates -> Certificates
Procedure for Mozilla Firefox
This procedure should work for the most recent Mozilla Firefox version.
1. Click icon.
2. Go Options -> Privacy & Security -> Certificates -> View Certificates -> Authorities -> Import. Select desired Authority Public key -> Open -> Trust this CA to identify websites -> OK.
The type of ESET Inspect user
There are three types of ESET Inspect users that we think of:
• Security Operations Center (SOC)—is recommended to the center with its staff, usually at least five to ten people, consisting of Security Engineers or Analysts. They can work with large amounts of data and analyze it continuously daily. They want to have maximum visibility and do not mind spending additional effort. They also have the skills to effectively and efficiently analyze detections and other data on the network. We’re configuring the product to provide as much information as possible.
• Security-focused IT—usually have several IT Administrators, of which some can focus on IT Security.
Typically found in Enterprises before the organization establishes its own SOC. They can dedicate time or even people to security but not as much as an entire SOC. We’re limiting information not directly related to threats to prevent an overload of information.
• IT Administrators—work alone or with only a few others and have generalist roles, without time to dedicate to security. They deal with IT Security as one of many topics and may not have time for it during a given week. We limit the amount of information to the most severe issues to prevent an overload of information.
Rules Sets
This dialog controls which new detection rules are enabled after the installation.
New means added with the new install pack and in the Web Console in the Admin > Detection Rules tab can be found after filtering by Tag New.
When updating the ESET Inspect Server, if ESET updated the default rule, it is marked with a tag Updated.
• Enable detection rules with Threat, Warning, and Information severity—ideal for advanced users who want complete visibility and are already familiar with ESET Inspect, which prefer to customize everything manually.
• Enable detection rules with Threat and Warning severity—ideal for skilled users who want to do Threat
Hunting and evaluate malicious and potentially malicious events.
• Enable only detection rules with Threat severity—ideal for new users who know cyber attacks but want to evaluate only confirmed threats.
27
• Disable all detection rules—ideal for new users with no previous experience with EDR solutions and start with an analysis of confirmed malware and attacks detected and blocked by the ESET Endpoint product.
The more severities are enabled, the more sensitive the product reacts to threats and generates more detections.
Rules can be enabled or disabled at any time in the Admin > Detection rules tab of the product:
• The first option can be achieved by filtering the view by severity, enabling all three Threat, Warning, and
Info.
• The second option can be achieved by filtering the view by severity, enabling Warning, Info.
• The third option can be achieved by filtering the view by severity, enabling Info.
After selecting the filter of your choice, choose all rules by clicking the check box on the left side of the first row
(Rule Name (count)). Click the Enable/Disable button.
Data Collection
Data collection settings impact how data is stored in the database.
Regardless of the option the user selects, all low-level raw events are being collected on the endpoints, sent to the server and processed by the rule engine, which generates detections when appropriate.
When detection is generated for a specific event, this specific event is also stored in the database regardless of the selected data collection option. For the events processed by the rule-engine without triggering detection, data collection settings apply as follows:
Store all available data
All collected low-level raw events are stored in the database. This option creates a vast database but allows detailed investigation of possible incidents because the analyst can see everything that happened on the system, regardless of whether it was previously flagged as suspicious by the product or not.
This option allows using all the product's features, such as retroactive search, execution of Threat Hunting queries or a re-run of existing or custom rules on the data.
Store most important data
Stores all the data related to the processes (for instance, you will see all processes executed on the endpoints along with their properties, such as command line, etc.). It also limits the storage of low-level events generated by the processes only to those generating the detection. It means the analyst will see a complete process tree during the investigation (be aware that also data retention setting applies here). Still, for the actions of the processes
(such as writing to the disk, writing to the registry, network connection etc.), the analyst will see only those which were explicitly caught by the rule.
This may turn into a situation where you will see a network connection (detected by the rule) but will not see that the downloaded file was written to the disk (unless another rule does not detect a specific file write). Similarly, you will not be able to retroactively search for IOCs that are not connected to the process/file and were not detected by the rule previously. For example, you will find a file hash or command line fragment, but not the registry write anymore.
28
Suppose you are missing some important events using this option. In that case, you can still customize this setting by creating custom rules (typically with low severity, which you will ignore during the monitoring) that will detect events of your interest solely to save these low-level events to the database.
Store only data directly related to detections
This option stores only those low-level event data explicitly caught by the rule, so the smallest database in this mode is created. It applies to the actions (such as writing to the disk, writing to the registry, network connection etc.) and to the processes themselves (process execution, command line, etc.). However, when detection is triggered for the process, process-related data for the process itself, and with the process-related data about all the processes upwards, the process tree and direct child processes will be stored. (Storing process-related data for these additional processes will not store any other data such as "action-related" events.) The database will not store information about all the other processes.
That means that similarly to the option "Store most important data" you may not see some actions and, in this case, also processes that were not explicitly caught by the rule (and are not in that stored part of the process tree mentioned above) with the corresponding consequences. The process tree will not show processes for stored data.
The ability to retroactively search for IOCs would be minimal since you will see neither IOCs related to actions nor
IOCs related to process properties (command line, etc.) unless they were detected by the rule previously.
As mentioned in the previous option, you can also customize this setting by creating custom rules (typically with low severity, which you will ignore during the monitoring) that will detect events of your interest (including process execution) to save these low-level events to the database.
As mentioned previously, the storage of low-level event data is significantly affected by which events are being detected. It means that lowering the number of enabled rules will, in turn, also decrease the amount of stored data (available for investigation and retroactive search). This should be considered when lowering the Data Collection settings and disabling some rules simultaneously.
For example, selecting "Store only data directly related to detections" and disabling all the rules will lead to storing no data at all and thus causing the product to be dysfunctional.
Store most important data/Store only data directly related to detections, some features are limited:
• Events view
• Aggregated events view
• Background tasks
• Scripts view
• Search
The goal is to control the database size. The user is making a trade-off between database size and some advanced options.
Store only data directly related to detections option is recommended for IT Administrators.
To change what data is stored in the database, go to Admin->Server Settings in the Database Collection section.
Data Retention
Select how long should be the data in the database stored. The longer the period, the more extensive database
will become before old data is purged .
29
Choose how long you want the data in the database to be stored. By default, it is three months.
Choose how long you want the low-level data in the database to be stored. By default, it is one month. Low-level data accounts for most of the database size and should be kept as brief as possible. It only limits detailed investigations of data not identified as suspicious by the product when it is removed.
This setting can be changed in Admin->Server Settings in the Database cleanup section.
EIConnector collects information about
• the start and termination of a process running on a workstation (including metadata of such executables)
• dynamically loading libraries and dynamically loading drivers (including metadata of such libraries and drivers)
• events when executable files are being saved to the disk
• file modification (including all files present on the disk)
• events when a file (that are important from a security point of view) is being open or accessed by a user or process (for example, files containing password information used by popular web browsers)
• a modification to registry entries
• network connections
• any code injections to any running processes
• the creation of named pipes
• the creation of users and groups
• users' logins
• WMI executions and queries
ESET PROTECT Deployment
Make sure that you fulfilled the requirements
before proceeding with the ESET Inspect Server installation.
We recommend that you do not install the ESET PROTECT Server and ESET Inspect Server on the same
machine. We do not recommend using this process. Instead, use the GUI installation process.
For installation purposes, use only the user that is created without the Two Factor Authentication option enabled.
1. Log in to the ESET PROTECT with proper rights (ESET PROTECT Admin rights or ask ESET PROTECT Admin to create and deploy connectors for you if you don't have sufficient rights).
2. Make sure that the computer for installing ESET Inspect Server has an ESET Management Agent installed .
3. Click the desired computer and choose New Task...
4. Fill in the desired Name, Description, in Task Category, you can keep All Tasks, in Task select Software
Install. Click Settings in the left menu or the Continue button at the bottom of the window.
30
5. Choose whether you want to install ESET Inspect Server from the repository or specify the URL path to the installer.
6. Fill in the Installation parameters field. Use the parameters from the table
, or you can leave it blank (if it is an upgrade from the existing installation). Click Finish.
7. If the task is already created, you can rerun it on another computer or group of computers. See Client
Tasks executions .
ESET Inspect Communication Scheme
SIEM is an acronym for Security Information and Event Management.
Required
APPDIR
P_DATABASEHOST
P_DATABASEPORT
P_DATABASEUSER
P_DATABASEPASSWORD
Attribute
P_PORTFORSECUREWEB
P_PORTFORWEB
P_PORTFORAGENTS
P_DATABASENAME
P_ERAHOST
P_ERAPORT
P_ERAUSER
P_ERAPASSWORD
P_PATH_OF_CERT_FOR_AGENT
31
Description
Used to set directory under which application should be installed.
-
Set the hostname of Database Server.
Set the port number Database Server operates on.
The user that should be used to modify the database.
Password to be used to connect to the database. Even if the database allows users not to use a password, the ESET Inspect installer does not allow users without passwords due to security reasons.
The port is used for a secure connection to the ESET Inspect
Server frontend.
The port is used for standard connection to the ESET Inspect
Server frontend.
The port on which the ESET Inspect Server is supposed to listen for events reported by Agents.
Name of the database which is created for the ESET Inspect
Server by the installer.
Hostname of ESET PROTECT.
The port on which ESET PROTECT is configured to listen.
Name of the user used to connect to ESET PROTECT.
The password of the user used to connect to ESET PROTECT
An absolute path, on target PC, as for now, we don't support
URLs. Mounted remote drives like \\store03 should work
-
-
-
-
-
yes
-
-
-
yes yes
-
Default value
By default, the path is "C:\Program Files (x86)\ESET\ESET Inspect
Server\" for 32-bit OS and "C:\Program Files\ESET\ESET Inspect
Server" for 64-bit
"localhost"
"3306"
"root"
"443"
"80"
"8093"
"enterpriseinspectordb"
"localhost
"2223"
-
-
"Administrator"
-
-
-
-
"0"
-
-
"1"
93
7
MySQL
39
0
Default value Attribute
P_PATH_OF_CERT_FOR_WEB
P_PATH_OF_CERT_AUTH
P_PASSWORD_OF_CERT_FOR_AGENT
P_PASSWORD_OF_CERT_FOR_WEB
P_DELETE_EXISTING_DB
P_ISTELEMETRYACCEPTED
P_IS_SERVER_ASSISTED_ERA_CERT_AUTH
P_PATH_OF_ERA_CERT_AUTH
P_DATABASETYPE
P_ENABLE_RULES_WITH_SEVERITY_ABOVE
P_DETECTIONS_STORAGE_DAYS
P_EVENT_STORAGE_DAYS
P_DATA_COLLECTION_LEVEL
Description
An absolute path, on target PC, as for now, we don't support
URLs. Mounted remote drives like \\store03 should work
An absolute path, on target PC, as for now, we don't support
URLs. Mounted remote drives like \\store03 should work for the user connected to ESET PROTECT. It's required to install a
Connector with Server assisted certification installation.
The certificate's password, if it was entered during the creation process.
The certificate's password, if it was entered during the creation process.
In the case of installation: If set to "1", and the database of a provided name already exists, then this database is deleted and recreated.
In the case of uninstalling: If set to "1", deletes existing application database after removing all files. It does not require providing the database name.
Do not use with reinstall and update.
It is used to enable ESET Inspect to send systems telemetry to
ESET. It is enabled if different than 0.
It causes the installer to download the ESET PROTECT certificate from ERA Server. It is enabled if different than 0.
An absolute path, on target PC, as for now, we don't support
URLs. Mounted remote drives works. The server-assisted option can be used when ESET PROTECT certificate authority cannot be downloaded from ESET PROTECT
Choose what type of SQL database you want to use. MySQL or
MSSQL
Built-in rules will be marked as disabled if their severity score is not at least given value.
Number of days after which detections will be removed from a database
Number of days after which events will be removed from a database
Level of data collection allows set type of data stored in a database.
0(Detections only): This mode saves only detections. events and processes not related with detection are discard
1(Most data): This mode saves detections and all processes.
2(All data): This mode saves detections, events, and processes.
-
-
-
-
-
-
-
-
-
-
-
yes
Troubleshooting the installation
Required
ESET Inspect Server and ESET Inspect Connector write error logs to C:\ProgramData\ESET\Inspect
Server\Logs\ respectively C:\ProgramData\ESET\Inspect Connector\Logs\ .
If you are using Windows Firewall as your default firewall, the installation creates necessary Windows
Firewall rules for communication between components of ESET Inspect. If the Firewall is disabled or you are using a third-party firewall, ensure that ports "80,443,8093,2223" are allowed.
To gather the data on the installation process (both successful or failed installation), it is required to execute the installer package from an administrative command line along with some additional parameters: /L*Vx temp_log.txt
Below is a sample command to install the ESET Inspect Server in silent mode and save logs to temp_log.txt:
To run GUI - Mode installation and collect logs, use: msiexec /i "ei_server_nt32_ENU.msi" /L*Vx temp_log.txt" msiexec /i "ei_server_nt32_ENU.msi" /q /L*Vx temp_log.txt P.DATABASEPASSWORD="yourDatabasePasswordHere"
The following is a sample command to install ESET Inspect Connector along with GUI mode, and providing one optional parameter: msiexec /i "ei_connector_nt32_ENU.msi" /L*Vx temp_log.txt /q P_HOSTNAME="localhost"
ESET Inspect Server Migration
There are four ways to migrate ESET Inspect Server from one server to another:
•
Clean installation with the same IP address —the new installation uses the original IP address.
32
•
Clean installation with a different IP address
—the new installation uses the new IP address.
Clean installation with the same IP address
This procedure aims to install an entirely new instance of ESET Inspect Server that will have the same IP address as your previous server but will not use the database from the old ESET Inspect Server.
1. Stop ESET Inspect Service on an old ESET Inspect Server machine.
2. Turn off the old ESET Inspect Server machine.
Ensure that the new ESET Inspect Server machine has the same IP address as the old one.
3. Run the ESET Inspect Server installer on a new server machine and proceed like a typical
process.
4. Connect to ESET Inspect Servers Web Console.
5. If the connection works, you can now dismantle/disband/uninstall the old ESET Inspect Server.
Clean installation with a different IP address
This procedure aims to install an entirely new instance of ESET Inspect Server that does not use the same IP address as your previous server of the old ESET Inspect Server.
1. Stop ESET Inspect Service on an old ESET Inspect Server machine.
2. Turn off the old ESET Inspect Server machine.
3. Run the ESET Inspect Server installer on a new server machine and proceed like a typical
process.
4. To make ESET Inspect Connectors connect to the new ESET Inspect Server, create a new policy in ESET
PROTECT for ESET Inspect Connectors.
5. Connect to ESET Inspect Servers Web Console.
6. If the connection works, you can now dismantle/disband/uninstall the old ESET Inspect Server.
ESET Inspect Database Migration
Click the appropriate link below for instructions to migrate the ESET Inspect Server database between different
SQL Server instances (this also applies when relocating to a different SQL Server version or when migrating to a
SQL Server hosted on a different machine):
•
The migration process for MS SQL Server
•
The migration process for MySQL Server
The migration process for MySQL Server
Prerequisites
• Source and target SQL Server instances must be installed.
• The target SQL Server instance must have at least the same version as the source instance. A downgrade
33
is not supported!
Using command prompt
In the commands, configuration files, or SQL statements below, always replace:
• SRCHOST with the address of the source database server
• SRCROOTLOGIN with the source MySQL server root user login
• SRCEEIDBNAME with the name of the source ESET Inspect Server database to back up
• TARGETHOST with the address of the target database server
• TARGETROOTLOGIN with the target MySQL server root user login
It is unnecessary to execute the SQL statements below via the command line. If a graphical user interface tool is available, you can use an application you already know.
You can run the commands from the Source or Target machine if those machines are in the same network and the ping between those machines is working. If they are not in the same network, you must manually move the backup file to the target machine.
1. Stop the ESET Inspect Server service.
2. Navigate to C:\Program Files\MySQL\MySQL Server 5.7\bin or C:\Program Files\MySQL\MySQL Server
8\bin based on the MySQL version you have installed.
3. Create a full database backup of the source ESET Inspect Server database (the database you plan to migrate): mysqldump --host SRCHOST --user=SRCROOTLOGIN --password --events --opt -routines --triggers --databases SRCEEIDBNAME --default-character-set=utf8mb4 -result-file="C:\USERS\public\BACKUPFILE.sql"
4. Enter root login password. You can also add it directly after --password parameter ( --password=ABCD ).
.
6. Restore the database on the target MySQL server.
mysql --host TARGETHOST --user=TARGETROOTLOGIN --password <
"C:\USERS\public\BACKUPFILE.sql"
7. Enter root login password. You can do it as well by adding it directly after -p parameter ( -pABCD ).
8. Run the ESET Inspect Server service if the target MySQL Server machine keeps the same IP address and name of the database as the Source one.
9. When you migrate the database to another server (MySQL IP or port are changed) or change the database name (MySQL IP and port are the same, but database name changed), you have to re-setup the
ESET Inspect Server by using the "Repair/Change" option in the Installer. Leave all the settings as they are, but change the database settings like MySQL IP, port, or database name.
The migration process for MS SQL Server
Prerequisites
• Source and target SQL Server instances must be installed.
• The target SQL Server instance must have at least the same version as the source instance. A downgrade
34
is not supported!
Using command prompt
1. Stop the ESET Inspect Server service.
2. Run the Command Prompt application and use this command:
SQLCMD -U sa -S localhost -Q "BACKUP DATABASE enterpriseinspectordb TO DISK =
N'C:\USERS\public\BACKUPFILE.bak'"
3. Copy created backup file to the designated MSSQL machine and run this command to restore the backup of the database on the designated machine:
SQLCMD -U sa -S localhost -Q "RESTORE DATABASE enterpriseinspectordb FROM DISK =
N'C:\USERS\public\BACKUPFILE.bak'"
4.
TCP/IP on the target machine.
5. Make sure that the Firewall on the source machine is set up to allow incoming and outgoing communication at port (by default 1433, or changed by the user during
ESET Inspect Server installation process )
6. Run the ESET Inspect Server service in case the target MSSQL Server machine keeps the same IP address as the Source one.
7. When you migrate the database to another server (MS SQL IP or port will be changed), you have to resetup the ESET Inspect Server by using the "Repair/Change" option in the Installer. Leave all the settings as they are, but change the database settings like MS SQL IP port.
For attribute meaning, please visit https://docs.microsoft.com/en-us/sql/tools/sqlcmd-utility?view=sql-server-2017 .
The enterpriseinspectordb in the example is the default DB name created during the ESET Inspect Server
process. If you used a different name for the DB, replace the one used in the example above.
Server upgrade through ESET PROTECT
We do not recommend upgrading the ESET Inspect Server via the ESET PROTECT task because the server upgrade can take a long time due to the database upgrade, and the user cannot check the progress of the
upgrade operation. We recommend installing/upgrading the ESET Inspect Server manually
where also a progress bar is visible, displaying the current status.
Update ESET Products button in ESET PROTECT
1. In the ESET PROTECT, navigate to the ESET Inspect Server computer overview.
2. In the Products & Licenses tile, you see if the version of ESET Products is outdated.
3. Click the tile, and you are redirected to the sub-tab Products & Licenses.
4. Click the UPDATE ESET PRODUCTS button, and the window with available latest versions for ESET
Products will appear.
5. Check the check box on the line with ESET Inspect Server and click the OK button.
35
ESET Inspect Connector Installation
ESET Inspect Connector is installed on endpoint devices that are monitored by ESET Inspect / ESET Inspect Cloud and collect the data for the ESET Inspect, removes malicious components, and blocks execution of these components.
ESET Inspect Connector can be installed/deployed on
Linux systems using their GUI if
available, from the command line or by deploying through ESET PROTECT.
For the uninstallation process of ESET Inspect Connector follow .
Before installing the ESET Inspect Connector, make sure you are using the latest ESET Endpoint Product update.
Remember that if the ESET Inspect Connector lost the connection with the ESET Inspect Server, it caches the data locally, and the limit is 1GB. You can change this in the ESET Inspect Connector.ini file located on target machines by adding the parameter the MaxOfflineStorageSize, which controls the limit. The value is in Bytes, so the actual set value is 1073741824.
After installing or upgrading ESET Inspect Connector, there is approximately a 7-minute delay until the connector starts to communicate with ESET Inspect Server. Because of that, you see the warning message in ESET PROTECT that the computer cannot connect to ESET Inspect Server. The ESET Inspect Connector will be immediately visible as active at ESET Inspect Web Console if connected correctly.
ESET Inspect Communication Scheme
36
SIEM is an acronym for Security Information and Event Management.
Windows
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
.
The installer with all needed components is created and ready to deploy at the endpoint.
A canary file
P_INSTALL_CANARY_FILES.
Installation of the ESET Inspect Connector for ESET Inspect Cloud
There are several possible ways to install the ESET Inspect Connector for ESET Inspect on-premises version:
37
• Using
Graphical User Interface provided by the installer
• Using
• Using
• Using an All-in-one installer from ESET PROTECT. A recommended way as the installer with all needed components is created and ready to deploy at the endpoint
ESET Inspect Cloud All-in-one Installer
A recommended way to install ESET Inspect Connector for ESET Inspect Cloud endpoints is to use an All-in-one installer .
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct setting of policy. In a few minutes, you should be able to view the first events sent by connectors.
ESET Inspect Connector write error logs into folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
If you experience any other issues, follow the instructions on gathering debug data as detailed in
Troubleshooting the installation topic.
Windows GUI - Mode Installation
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
Installation process
1. Execute the downloaded installer file ei_connector_nt32_ENU.msi or ei_connector_nt64_ENU.msi, depending on the system.
2. Accept the license agreement and click Next.
3. Choose the destination directory where you want ESET Inspect Connector to be installed and then click
Next.
4. If you need to change the default connection settings to ESET Inspect Connector: a.Type the proper values into the following fields: ESET Inspect Server host, ESET Inspect Server port.
b.Choose whether you want to use Server assisted installation or Offline installation.
5. Click Next.
38
The ESET Inspect Connector needs the same certificate authority used to sign a certificate for ESET Inspect
Server. You can provide it in one of the methods below:
• Server assisted installation
• Certificate authority on local disk
• Certificate authority installed in Windows Certificate Store
6. In the case of Server assisted installation, the dialog box with certification details appears. Click Yes to accept the Certification Authority for ESET Inspect Connector.
7. In the Offline installation, fill the path to the Certification Authority or click the Change button and navigate to it. Click Next.
8. Click Install. A progress bar appears, displaying the current status.
9. Click Finish.
10. If there was a problem with the installation, follow the instructions in the dialog box that appears.
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
Assign policy
It is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud):
1. In the Settings window, select the product "ESET Inspect Connector"
2. Fill in the Server Address with the ESET Inspect Server IP address.
3. Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Chose the certificate that was used during ESET Inspect Server installation. Click Save.
4. Click Continue.
5. Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct setting of policy. In a few minutes, you should be able to view the first events sent by connectors.
ESET Inspect Connector write error logs into folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
If you experience any other issues, follow the instructions on gathering debug data as detailed in
Troubleshooting the installation topic.
Installation from a windows command line
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
39
For the command line installation, follow these steps:
1. Download the installer file ei_connector_nt32_ENU.msi or ei_connector_nt64_ENU.msi, depending on the system.
2. Open the command line and navigate to the downloaded file.
3. You can use the example from below with altered attributes or run with specified in the table of attributes.
You may use several attributes with the installer using the silent mode during installation. The hostname is required:
APPDIR
P_HOSTNAME
P_PORT
APPDATADIR
P_PATH_TO_CERT_AUTH
Attribute
P_IS_SERVER_ASSISTED
P_INSTALL_CANARY_FILES
Description
Used to set directory under which application will be installed -
Used to set host, on which ESET Inspect Server is installed
Used to set the number of the port on which ESET Inspect Server is listening for data from ESET Inspect Connectors
The directory used to store logs and additional output files
The absolute path to the Certificate Authority file on the target
PC. Currently, URLs are not supported. Mounted remote drives like \\store03 should work. Multiple files can be separated by char ';'
If you do not have the Certificate Authority present, set this parameter to 1 (P_IS_SERVER_ASSISTED=1) for server-assisted installation. If this parameter is used user does not need to use
P_PATH_TO_CERT_AUTH
If enabled, the installer will generate a canary file and place it in a hidden directory. Setting this value to "0" skips file generation.
-
-
-
-
yes
Required
-
Default value
C:\Program Files(x86)\ESET\ESET Inspect Connector\ for 32-bit
OS and C:\Program Files\ESET\ESET Inspect Connector\ for 64-bit
"localhost"
8093
-
"C:\ProgramData\ESET\Inspect Server\"
1 msiexec /i ei_connector_nt32_ENU.msi P_HOSTNAME="192.168.5.21" P_PORT="8093"
P_PATH_TO_CERT_AUTH="C:\repo\Component\Products\Inspect
Server\Src\test\http_server\certs\ca_store\ca.cert.der"
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
Assign policy
It is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud):
1. In the Settings window, select the product "ESET Inspect Connector"
2. Fill in the Server Address with the ESET Inspect Server IP address.
3. Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Chose the certificate that was used during ESET Inspect Server installation. Click Save.
4. Click Continue.
5. Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct setting of policy. In a few minutes, you should be able to view the first events sent by connectors.
ESET Inspect Connector write error logs into folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
If you experience any other issues, follow the instructions on gathering debug data as detailed in
Troubleshooting the installation topic.
40
Troubleshooting the installation
ESET Inspect Server and ESET Inspect Connector write error logs to C:\ProgramData\ESET\Inspect
Server\Logs\ respectively C:\ProgramData\ESET\Inspect Connector\Logs\ .
If you are using Windows Firewall as your default firewall, the installation creates necessary Windows
Firewall rules for communication between components of ESET Inspect. If the Firewall is disabled or you are using a third-party firewall, ensure that ports "80,443,8093,2223" are allowed.
To gather data on the installation process (both successful or failed installation), it is required to execute the installer package from an administrative command line along with some additional parameters: /L*Vx temp_log.txt
Below is a sample command to install ESET Inspect Server in silent mode and save logs to temp_log.txt:
To run GUI - Mode installation and collect logs, use: msiexec /i "ei_server_nt32_ENU.msi" /L*Vx temp_log.txt" msiexec /i "ei_server_nt32_ENU.msi" /q /L*Vx temp_log.txt P.DATABASEPASSWORD="yourDatabasePasswordHere"
The following is a sample command to install ESET Inspect Connector along with GUI mode, and providing one optional parameter: msiexec /i "ei_connector_nt32_ENU.msi" /L*Vx temp_log.txt /q P_HOSTNAME="localhost"
GUI Repair/Change
ESET Inspect Connector reinstallation using GUI
1. Use the "Modify" option from Apps & Features (or Programs and Features at Control Pannel for older systems) or execute the downloaded installer file ei_connector_nt32_ENU.msi or
ei_connector_nt64_ENU.msi, depending on the system.
2. Click Repair/Change.
3. Change the ESET Inspect Server host address and port or keep those from the previous installation.
4. Choose one of the following options: a.Do not change current CA settings—This will keep the certification authority from the previous installation.
b.Server assisted installation—If certificates on the server side change and you don't want to add them manually.
c.Offline installation—If you have exported certificates from the server, you can install them manually.
5. In the case of a Server assisted installation, the dialog box with certification details appears. Click Yes to accept the Certification Authority for ESET Inspect Connector.
6. In the Offline installation, fill the path to the Certification Authority or click the Change button and navigate to it. Click Next.
7. Click Repair. A progress bar appears, displaying the current status.
41
8. If no problems occur, the next screen shows up. Click Finish, and your application is ready to use.
9. If there was a problem with the installation, follow the instructions in the dialog box that appears.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct setting of policy. In a few minutes, you should be able to view the first events sent by connectors.
ESET Inspect Connector write error logs into folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
If you experience any other issues, follow the instructions on gathering debug data as detailed in
Troubleshooting the installation topic.
Upgrade through ESET PROTECT
For upgrade through the ESET PROTECT, you can follow the same procedure described in the
topic.
GUI Upgrade from older version
In the second installation screen:
Fill in the proper ESET Inspect Server IP address (if unchanged, no action is needed)
Fill in the proper ESET Inspect Server port (if unchanged, no action is necessary)
Choose how you want to work with the Certification Authority:
• Do not change current CA settings—use this option if you are using the same CA.
• Server assisted installation—if the ESET Inspect Server IP address changed or you want to use a different CA that is currently used by your ESET Inspect Server, you can use this option to help you with the proper setting. Click Next. The dialog box with certification details appears. Click Yes to accept the
Certification Authority for ESET Inspect Connector.
• Offline installation—in the next screen, fill the path to the Certification Authority or click the Change button and navigate to it. Click Next.
Click Install. A progress bar will appear, displaying the current status.
If no problems occur, the next screen displays. Click Finish, and your application is ready to use.
If there was a problem with the installation, follow the instructions in the dialog box that appears.
Command Line Upgrade from older version
topic.
42
macOS
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
ESET Inspect Connector installation on macOS
There are several possible ways to install the ESET Inspect Connector for ESET Inspect / ESET Inspect Cloud version:
• Using
Graphical User Interface provided by the installer
• Using
• Using
macOS GUI - Mode Installation
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
ESET Inspect Connector installation on macOS
1. Download the ESET Inspect Connector installation file .
2. Copy the installation file to the desired computer.
3. Run ESET_Enterprise_Inspect.pkg file.
4. On the introduction screen, click the Continue button.
5. On the read me screen, you can Print or Save the System requirements or Go Back. Click Continue.
6. You can change the installation folder on the installation type screen by clicking the Change Installation
Location button. Click Install.
7. Type your administrator credential to allow the installer to continue. Click Install Software.
8. In the summary window, click the
System preferences/Security & Privacy/Privacy/Full disk access
to grant ESET Inspect Connector full disk access.
9. Click Close.
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
43
Assign policy
It is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud):
1. In the Settings window, select the product "ESET Inspect Connector"
2. Fill in the Server Address with the ESET Inspect Server IP address.
3. Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Chose the certificate that was used during ESET Inspect Server installation. Click Save.
4. Click Continue.
5. Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
From version macOS 10.14 onwards, you will receive the notification, "Your computer is partially protected from
ESET Endpoint Security for macOS. To access all ESET Endpoint Security for macOS functions, you need to allow
Full disk access to ESET Endpoint Security for macOS".
For a fully functional ESET Inspect Connector, grant full disk access:
1. Open Preferences > Security & Privacy > Privacy.
2. Unlock settings in the lower-left corner
3. Scroll the left side menu and click full disk access.
4. In the right side menu mark the ESET Endpoint Security/ESET Endpoint Antivirus, ESET Managemegent
Agent, ESET Inspect Connector and also ESET Real-time system protection.
5. Lock your settings.
Using MDM
To allow Full disk access remotely:
1. Download the .
plist configuration file.
2. Generate two UUIDs with a UUID generator of your choice and use a text editor to replace strings with the text insert your UUID 1 here and insert your UUID 2 here in the downloaded configuration profile.
3. Deploy the .plist configuration profile file using the MDM server.
Your computer needs to be enrolled in the MDM server to be able to deploy configuration profiles to those computers.
Installation from a macOS terminal
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
44
ESET Inspect Connector installation on macOS
1. Download the ESET Inspect Connector installation file .
2. Copy the installation file to the desired computer.
3. Open the Terminal.
4. Execute this command " sudo installer -pkg
" /PATH_TO_INSTALLER/ ESET_Inspect_Connector.pkg" -target LocalSystem ".
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
Assign policy
It is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud):
1. In the Settings window, select the product "ESET Inspect Connector"
2. Fill in the Server Address with the ESET Inspect Server IP address.
3. Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Chose the certificate that was used during ESET Inspect Server installation. Click Save.
4. Click Continue.
5. Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
From version macOS 10.14 onwards, you will receive the notification, "Your computer is partially protected from
ESET Endpoint Security for macOS. To access all ESET Endpoint Security for macOS functions, you need to allow
Full disk access to ESET Endpoint Security for macOS".
For a fully functional ESET Inspect Connector, grant full disk access:
1. Open Preferences > Security & Privacy > Privacy.
2. Unlock settings in the lower-left corner
3. Scroll the left side menu and click full disk access.
4. In the right side menu mark the ESET Endpoint Security/ESET Endpoint Antivirus, ESET Managemegent
Agent, ESET Inspect Connector and also ESET Real-time system protection.
5. Lock your settings.
Using MDM
To allow Full disk access remotely:
1. Download the .
plist configuration file.
2. Generate two UUIDs with a UUID generator of your choice and use a text editor to replace strings with the text insert your UUID 1 here and insert your UUID 2 here in the downloaded configuration profile.
3. Deploy the .plist configuration profile file using the MDM server.
Your computer needs to be enrolled in the MDM server to be able to deploy configuration profiles to those computers.
45
Linux
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
ESET Inspect Connector installation on Linux
There are several possible ways to install the ESET Inspect Connector for ESET Inspect / ESET Inspect Cloud version:
• Using
• Using
Linux Terminal Installation
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
ESET Inspect Connector installation on Linux
1. Download the ESET Inspect Connector installation file .
2. Copy the installation file to the desired computer.
3. Open the Terminal in the folder where the file was copied to.
4. Execute command " sudo chmod 777 * " to get full access to the installation file.
5. Execute command " sudo ./ei_connector_linux.sh
".
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
Assign policy
It is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud):
1. In the Settings window, select the product "ESET Inspect Connector"
46
2. Fill in the Server Address with the ESET Inspect Server IP address.
3. Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Chose the certificate that was used during ESET Inspect Server installation. Click Save.
4. Click Continue.
5. Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct setting of policy. In a few minutes, you should be able to view the first events sent by connectors.
ESET Inspect Connector write error logs into folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
If you experience any other issues, follow the instructions on gathering debug data as detailed in
Troubleshooting the installation topic.
ESET PROTECT Windows/macOS/Linux Deployment
Prerequisites
Ensure that you have met the
needed to install the ESET Inspect Connector successfully.
To install ESET Inspect Connector for ESET Inspect Cloud, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . For the ESET Inspect Connector installation for ESET Inspect on-premises version, you need first deploy the ESET Managemegent Agent and install ESET Endpoint Product . Otherwise, the
ESET Inspect Connector will display information that ESET Endpoint Product is required, and your installation will fail if they are not installed.
ESET PROTECT Windows/macOS/Linux deployment
1. Log in to the ESET PROTECT with proper rights (ESET PROTECT Admin rights or ask ESET PROTECT
Admin to create and deploy connectors for you if you do not have sufficient privileges).
2. Click COMPUTERS in the left side menu.
3. You can deploy the connector in two ways:
• On one computer.
• On a group of computers.
4. Click the desired computer and choose New Task.
5. Fill in the desired Name and Description.
6. In Task Category, you can keep All Tasks.
7. In Task, select Software Install.
8. Click Settings in the left menu or the Continue button at the bottom of the window.
9. Choose a proper license. You need to activate ESET Inspect Connector with an "ESET PROTECT
Enterprise" license. Click here to manage the license for ESET Inspect.
10. Choose whether you want to install ESET Inspect Connector from the repository or specify the URL path to the installer (32-bits or 64-bits, depending on the operating system).
11. In case of Linux or macOS, skip to step 9. Fill in the Installation parameters field. You can use the same parameters as in
Installation from a command line , or you can leave it blank (it will install without
Certificate Authority, and ESET Inspect Server address will be "localhost". You can change this by creating a Policy with ESET Inspect Server address and Certificate Authority. For a Policy in the ESET
47
PROTECT, click here or ask ESET PROTECT Administrator to create a policy for you). Click Finish.
12. If the task is already created, you can rerun it on another computer or group of computers. See
Client Tasks executions .
13. For Linux and macOS (if you left parameters blank for the Windows part, then for it as well), it is necessary to create a Policy to make ESET Inspect Connector communicate with ESET Inspect Server (this is not necessary for ESET Inspect Cloud): a.In the Settings window, select the product "ESET Inspect Connector" b.Fill in the Server Address with the ESET Inspect Server IP address.
c.Edit the Certificate Authority by clicking Edit > Add > Open Certificate Authority. Choose the certificate that was used during ESET Inspect Server installation. Click Save.
d.Click Continue.
e.Select the Assign button and select the computer/computers you want the policy to be applied on in the Assign window. Click Finish.
Example:
The easiest way to install the connector (Windows only) through a deployment is to use these parameters:
P_HOSTNAME="IP_OR_HOSTNAME_OF_EI_SERVER" P_IS_SERVER_ASSISTED=1
ESET PROTECT macOS Deployment
From version macOS 10.14 onwards, you will receive the notification, "Your computer is partially protected from
ESET Endpoint Security for macOS. To access all ESET Endpoint Security for macOS functions, you need to allow
Full disk access to ESET Endpoint Security for macOS".
For a fully functional ESET Inspect Connector, grant full disk access:
1. Open Preferences > Security & Privacy > Privacy.
2. Unlock settings in the lower-left corner
3. Scroll the left side menu and click full disk access.
4. In the right side menu mark the ESET Endpoint Security/ESET Endpoint Antivirus, ESET Managemegent
Agent, ESET Inspect Connector and also ESET Real-time system protection.
5. Lock your settings.
Using MDM
To allow Full disk access remotely:
1. Download the .
plist configuration file.
2. Generate two UUIDs with a UUID generator of your choice and use a text editor to replace strings with the text insert your UUID 1 here and insert your UUID 2 here in the downloaded configuration profile.
3. Deploy the .plist configuration profile file using the MDM server.
Your computer needs to be enrolled in the MDM server to be able to deploy configuration profiles to those computers.
You need to activate ESET Inspect Connector with an "ESET Inspect" license. To do this, contact your ESET
PROTECT Administrator or create a Product Activation task.
The ESET Inspect Connector will be visible in ESET Inspect Web Console immediately after activation and correct
48
setting of policy. In a few minutes, you should be able to view the first events sent by connectors. ESET Inspect
Connector write error logs into the folder:
• Windows C:\ProgramData\ESET\Inspect Connector\logs
• macOS /Library/Application Support/ESET/eset_eia/logs
• Linux /var/log/eset/eei/
ESET Inspect Connector uninstallation
Through ESET PROTECT / ESET PROTECT Cloud
To uninstall ESET Inspect Connector for ESET Inspect Cloud, use the Software Uninstall Task in the ESET PROTECT
Cloud instance.
To uninstall ESET Inspect Connector for ESET Inspect, use the Software Uninstall Task in the ESET PROTECT instance.
1. Navigate to Tasks > New.
2. In the Task creation wizard in the Basic section, fill in the Name and Description and select Software
uninstall from the Task drop-down menu.
3. Select the application to uninstall from the Uninstall drop-down menu in the Settings section. Under
Package name, click Select package to uninstall, select the ESET Inspect Connector you want to uninstall and click OK.
4. Under Package version, click Uninstall all versions of package to prevent problems when uninstalling different versions of ESET Inspect Connector on client computers in your network.
5. Select the check box next to Automatic reboot when needed to ensure that the uninstallation process is finished.
6. Click Finish to create the task.
7. Click Create trigger to select a Target for the task.
8. Click Add Groups and select the All group as the target.
9. Select the appropriate trigger and click Finish to execute.
Manual uninstallation
Windows
Standard windows application uninstallation processes can be used.
macOS
In the Terminal run the command: sudo "/Library/Application Support/ESET/ESET Inspect
Connector.app/Contents/Scripts/Uninstall.command"
Linux
In the Terminal run the command: sudo "/opt/eset/eei/uninstall.sh"
49
Telemetry
ESET Inspect Telemetry services collect usage information based on user behavior within the ESET Inspect Web
Console to improve user experience and overall system performance.
Data collected
• Number of computers with the ESET Inspect Connector installed
• Information about the machine where the ESET Inspect Server is installed:
• OS name and version
• CPU model and speed
• RAM size
• MySQL database version and size
• Information about the machine where the ESET Inspect Connector is installed:
• Agent version
• OS name and version
• RAM size
• CPU model and speed
• Number of computers managed by ESET PROTECT
• Number of events received by the ESET Inspect Server, the processing time
• Web browser name and version in which the ESET Inspect Web Console is viewed
• Commands executed by the user in the ESET Inspect Web Console
• Report how long it takes to run purge for one partition
• Report if the purge was completed successfully or failed
• How many detections were generated from which rule
• How many detections were generated each day (week)
Due to the nature of telemetry, the IP address of the ESET Inspect Server from which the information is sent is also collected.
End User License Agreement
Effective as of October 19, 2021.
IMPORTANT: Please read the terms and conditions of product application set out below carefully prior to download, installation, copy or use. THROUGH DOWNLOADING, INSTALLING, COPYING OR USING THE
SOFTWARE YOU ARE EXPRESSING YOUR CONSENT TO THESE TERMS AND CONDITIONS AND YOU
ACKNOWLEDGE PRIVACY POLICY .
End User License Agreement
Under the terms of this End User License Agreement ("Agreement") executed by and between ESET, spol. s r. o., having its registered office at Einsteinova 24, 85101 Bratislava, Slovak Republic, registered in the Commercial
50
Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number:
31333532 ("ESET" or "Provider") and you, a physical person or legal entity ("You" or "End User"), You are entitled to use the Software defined in Article 1 of this Agreement. The Software defined in Article 1 of this Agreement can be stored on a data carrier, sent via electronic mail, downloaded from the Internet, downloaded from the
Provider's servers or obtained from other sources, subject to the terms and conditions specified below.
THIS IS AN AGREEMENT ON END USER RIGHTS AND NOT AN AGREEMENT FOR SALE. The Provider continues to own the copy of the Software and the physical media contained in the sales package and any other copies that the End User is authorized to make pursuant to this Agreement.
By clicking on "I Accept" or "I Accept…" while installing, downloading, copying or using the Software, You agree to the terms and conditions of this Agreement and acknowledge the Privacy Policy. If You do not agree to all of the terms and conditions of this Agreement and/or Privacy Policy, immediately click on the canceling option, cancel the installation or download, or destroy or return the Software, installation media, accompanying documentation and sales receipt to the Provider or the outlet from which You acquired the Software.
YOU AGREE THAT YOUR USE OF THE SOFTWARE ACKNOWLEDGES THAT YOU HAVE READ THIS AGREEMENT,
UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.
1. Software. As used in this Agreement the term "Software" means: (i) computer program accompanied by this
Agreement and all components thereof; (ii) all the contents of the disks, CD-ROMs, DVDs, e-mails and any attachments, or other media with which this Agreement is provided, including the object code form of the
Software supplied on a data carrier, via electronic mail or downloaded via the Internet; (iii) any related explanatory written materials and any other possible documentation related to the Software, above all any description of the Software, its specifications, any description of the Software properties or operation, any description of the operating environment in which the Software is used, instructions for use or installation of the
Software or any description of how to use the Software ("Documentation"); (iv) copies of the Software, patches for possible errors in the Software, additions to the Software, extensions to the Software, modified versions of the Software and updates of Software components, if any, licensed to You by the Provider pursuant to Article 3 of this Agreement. The Software shall be provided exclusively in the form of executable object code.
2. Installation, Computer and a License key. Software supplied on a data carrier, sent via electronic mail, downloaded from the Internet, downloaded from the Provider's servers or obtained from other sources requires installation. You must install the Software on a correctly configured Computer, complying at least with requirements set out in the Documentation. The installation methodology is described in the Documentation. No computer programs or hardware which could have an adverse effect on the Software may be installed on the
Computer on which You install the Software. Computer means hardware, including but not limited to personal computers, laptops, workstations, palmtop computers, smartphones, hand-held electronic devices, or other electronic devices for which the Software is designed, on which it will be installed and/or used. License key means the unique sequence of symbols, letters, numbers or special signs provided to the End User in order to allow the legal use of the Software, its specific version or extension of the term of the License in compliance with this
Agreement.
3. License. Subject to the condition that You have agreed to the terms of this Agreement and You comply with all the terms and conditions stipulated herein, the Provider shall grant You the following rights ("License"): a) Installation and use. You shall have the non-exclusive, non-transferable right to install the Software on the hard disk of a Computer or other permanent medium for data storage, installation and storage of the Software in the memory of a computer system and to implement, store and display the Software.
b) Stipulation of the number of licenses. The right to use the Software shall be bound by the number of End
Users. One End User shall be taken to refer to the following: (i) installation of the Software on one Computer; or
(ii) if the extent of a license is bound to the number of mailboxes, then one End User shall be taken to refer to a
51
Computer user who accepts electronic mail via a Mail User Agent ("MUA"). If MUA accepts electronic mail and subsequently distributes it automatically to several users, then the number of End Users shall be determined according to the actual number of users for whom the electronic mail is distributed. If a mail server performs the function of a mail gate, the number of End Users shall equal the number of mail server users for which the said gate provides services. If an unspecified number of electronic mail addresses are directed to and accepted by one user (e.g., through aliases) and messages are not automatically distributed by the client to a larger number of users, a License for one computer shall be required. You must not use the same License at the same time on more than one Computer. The End User is entitled to enter the License key to the Software only to the extent to which the End User has the right to use the Software in accordance with the limitation arising from the number of
Licenses granted by Provider. The License key is deemed confidential, You must not share the License with third parties or allow third parties to use the License key unless permitted by this Agreement or Provider. If your
License key is compromised, notify Provider immediately.
c) Home/Business Edition. A Home Edition version of the Software shall be used exclusively in private and/or non-commercial environments for home and family use only. A Business Edition version of the Software must be obtained for use in a commercial environment as well as to use the Software on mail servers, mail relays, mail gateways, or Internet gateways.
d) Term of the License. Your right to use the Software shall be time-limited.
e) OEM Software. Software classified as "OEM" shall be limited to the Computer You obtained it with. It cannot be transferred to a different Computer.
f) NFR, TRIAL Software. Software classified as "Not-for-resale", NFR or TRIAL cannot be assigned for payment and must only be used for demonstration or testing the Software's features.
g) Termination of the License. The License shall terminate automatically at the end of the period for which granted. If You fail to comply with any of the provisions of this Agreement, the Provider shall be entitled to withdraw from the Agreement, without prejudice to any entitlement or legal remedy open to the Provider in such eventualities. In the event of cancellation of the License, You must immediately delete, destroy or return at your own cost, the Software and all backup copies to ESET or to the outlet from which You obtained the Software.
Upon termination of the License, the Provider shall also be entitled to cancel the End User's entitlement to use the functions of the Software, which require connection to the Provider's servers or third-party servers.
4. Functions with data collection and internet connection requirements. To operate correctly, the Software requires connection to the Internet and must connect at regular intervals to the Provider's servers or third-party servers and applicable data collection in compliance with Privacy Policy. Connection to the Internet and applicable data collection is necessary for functioning of the Software and for updating and upgrading the Software. The
Provider shall be entitled to issue updates or upgrades to the Software ("Updates"), but shall not be obliged to provide Updates. This function is enabled under the Software's standard settings and Updates are therefore installed automatically, unless the End User has disabled the automatic installation of Updates. For provisioning of
Updates, License authenticity verification is required, including information about Computer and/or the platform on which the Software is installed in compliance with Privacy Policy.
Provision of any Updates may be subject to End of Life Policy ("EOL Policy"), which is available on https://go.eset.com/eol_business . No Updates will be provided after the Software or any of its features reaches the End of Life date as defined in the EOL Policy.
For the purpose of this Agreement, it is necessary to collect, process and store data enabling the Provider to identify You in compliance with Privacy Policy. You hereby acknowledge that the Provider checks using its own means whether You are using the Software in accordance with the provisions of this Agreement. You hereby acknowledge that for the purpose of this Agreement it is necessary for your data to be transferred, during communication between the Software and the Provider's computer systems or those of its business partners as
52
part of Provider’s distribution and support network to ensure functionality of Software and authorization to use the Software and to protection of the Provider’s rights.
Following conclusion of this Agreement, the Provider or any of its business partners as part of Provider’s distribution and support network shall be entitled to transfer, process and store essential data identifying You for billing purposes, performance of this Agreement and transmitting notifications on your Computer.
Details about privacy, personal data protection and Your rights as a data subject can be found in Privacy Policy which is available on Provider’s website and accessible directly from the installation process. You can also visit it from Software’s help section.
5. Exercising End User rights. You must exercise End User rights in person or via your employees. You are only entitled to use the Software to safeguard your operations and protect those Computers or computers systems for which You have obtained a License.
6. Restrictions to rights. You may not copy, distribute, extract components or make derivative works of the
Software. When using the Software, You are required to comply with the following restrictions: a) You may make one copy of the Software on a permanent storage medium as an archival backup copy, provided your archival back-up copy is not installed or used on any Computer. Any other copies You make of the Software shall constitute a breach of this Agreement.
b) You may not use, modify, translate or reproduce the Software or transfer rights to use the Software or copies of the Software in any manner other than as provided for in this Agreement.
c) You may not sell, sub-license, lease or rent or borrow the Software or use the Software for the provision of commercial services.
d) You may not reverse engineer, reverse compile or disassemble the Software or otherwise attempt to discover the source code of the Software, except to the extent that this restriction is expressly prohibited by law.
e) You agree that You will only use the Software in a manner that complies with all applicable laws in the jurisdiction in which You use the Software, including, but not limited to, applicable restrictions concerning copyright and other intellectual property rights.
f) You agree that You will only use the Software and its functions in a way which does not limit the possibilities of other End Users to access these services. The Provider reserves the right to limit the scope of services provided to individual End Users, to enable use of the services by the highest possible number of End Users. Limiting the scope of services shall also mean complete termination of the possibility to use any of the functions of the
Software and deletion of Data and information on the Provider's servers or third-party servers relating to a specific function of the Software.
g) You agree not to exercise any activities involving use the License key, contrary to the terms of this Agreement or leading to provide License key to any person who is not entitled to use the Software, such as the transfer of used or unused License key in any form, as well as the unauthorized reproduction, or distribution of duplicated or generated License keys or using the Software as a result of the use of a License key obtained from the source other than the Provider.
7. Copyright. The Software and all rights, without limitation including proprietary rights and intellectual property rights thereto are owned by ESET and/or its licensors. They are protected by international treaty provisions and by all other applicable national laws of the country in which the Software is being used. The structure, organization and code of the Software are the valuable trade secrets and confidential information of ESET and/or its licensors. You must not copy the Software, except as set forth in Article 6(a). Any copies which You are
53
permitted to make pursuant to this Agreement must contain the same copyright and other proprietary notices that appear on the Software. If You reverse engineer, reverse compile, disassemble or otherwise attempt to discover the source code of the Software, in breach of the provisions of this Agreement, You hereby agree that any information thereby obtained shall automatically and irrevocably be deemed to be transferred to and owned by the Provider in full, from the moment such information comes into being, notwithstanding the Provider's rights in relation to breach of this Agreement.
8. Reservation of rights. The Provider hereby reserves all rights to the Software, with the exception of rights expressly granted under the terms of this Agreement to You as the End User of the Software.
9. Multiple language versions, dual media software, multiple copies. In the event that the Software supports multiple platforms or languages, or if You receive multiple copies of the Software, You may only use the Software for the number of computer systems and for the versions for which You obtained a License. You may not sell, rent, lease, sub-license, lend or transfer versions or copies of the Software which You do not use.
10. Commencement and termination of the Agreement. This Agreement shall be effective from the date You agree to the terms of this Agreement. You may terminate this Agreement at any time by permanently uninstalling, destroying and returning, at your own cost, the Software, all backup copies and all related materials provided by the Provider or its business partners. Your right to use Software and any of its features may be subject to EOL Policy. After the Software or any of its features reaches the End of Life date defined in the EOL
Policy, your right to use the Software will terminate. Irrespective of the manner of termination of this Agreement, the provisions of Articles 7, 8, 11, 13, 19 and 21 shall continue to apply for an unlimited time.
11. END USER DECLARATIONS. AS THE END USER YOU ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED "AS
IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND TO THE MAXIMUM EXTENT PERMITTED BY
APPLICABLE LAW. NEITHER THE PROVIDER, ITS LICENSORS OR AFFILIATES, NOR THE COPYRIGHT HOLDERS MAKE
ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SOFTWARE WILL
NOT INFRINGE ANY THIRD-PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THERE IS NO
WARRANTY BY THE PROVIDER OR BY ANY OTHER PARTY THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE
WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR
ERROR-FREE. YOU ASSUME ALL RESPONSIBILITY AND RISK FOR THE SELECTION OF THE SOFTWARE TO ACHIEVE
YOUR INTENDED RESULTS AND FOR THE INSTALLATION, USE AND RESULTS OBTAINED FROM IT.
12. No other obligations. This Agreement creates no obligations on the part of the Provider and its licensors other than as specifically set forth herein.
13. LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL
THE PROVIDER, ITS EMPLOYEES OR LICENSORS BE LIABLE FOR ANY LOST PROFITS, REVENUE, SALES, DATA OR
COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, PROPERTY DAMAGE, PERSONAL INJURY,
INTERRUPTION OF BUSINESS, LOSS OF BUSINESS INFORMATION OR FOR ANY SPECIAL, DIRECT, INDIRECT,
INCIDENTAL, ECONOMIC, COVER, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND
WHETHER ARISING UNDER CONTRACT, TORT, NEGLIGENCE OR OTHER THEORY OF LIABILITY, ARISING OUT OF THE
INSTALLATION, THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF THE PROVIDER OR ITS LICENSORS OR
AFFILIATES ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME COUNTRIES AND
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF LIABILITY, BUT MAY ALLOW LIABILITY TO BE LIMITED, IN SUCH
CASES, THE LIABILITY OF THE PROVIDER, ITS EMPLOYEES OR LICENSORS OR AFFILIATES SHALL BE LIMITED TO THE
SUM THAT YOU PAID FOR THE LICENSE.
14. Nothing contained in this Agreement shall prejudice the statutory rights of any party dealing as a consumer if running contrary thereto.
54
15. Technical support. ESET or third parties commissioned by ESET shall provide technical support at their own discretion, without any guarantees or declarations. No technical support will be provided after the Software or any of its features reaches the End of Life date defined in the EOL Policy. The End User shall be required to back up all existing data, software and program facilities prior to the provision of technical support. ESET and/or third parties commissioned by ESET cannot accept liability for damage or loss of data, property, software or hardware or loss of profits due to the provision of technical support. ESET and/or third parties commissioned by ESET reserve the right to decide that resolving the problem is beyond the scope of technical support. ESET reserves the right to refuse, suspend or terminate the provision of technical support at its own discretion. License information,
Information and other data in compliance with Privacy Policy may be required for the purpose of technical support provision.
16. Transfer of the License. The Software can be transferred from one Computer to another, unless contrary to the terms of the Agreement. If not contrary to the terms of the Agreement, the End User shall only be entitled to permanently transfer the License and all rights ensuing from this Agreement to another End User with the
Provider's consent, subject to the condition that (i) the original End User does not retain any copies of the
Software; (ii) the transfer of rights must be direct, i.e. from the original End User to the new End User; (iii) the new End User must assume all the rights and obligations incumbent on the original End User under the terms of this Agreement; (iv) the original End User has to provide the new End User with documentation enabling verification of the genuineness of the Software as specified under Article 17.
17. Verification of the genuineness of the Software. The End User may demonstrate entitlement to use the
Software in one of the following ways: (i) through a license certificate issued by the Provider or a third party appointed by the Provider; (ii) through a written license agreement, if such an agreement was concluded; (iii) through the submission of an e-mail sent by the Provider containing licensing details (user name and password).
License information and End User identification data in compliance with Privacy Policy may be required for the purpose of Software genuineness verification.
18. Licensing for public authorities and the US Government. The Software shall be provided to public authorities, including the United States Government, with the license rights and restrictions described in this Agreement.
19. Trade control compliance.
a) You will not, directly or indirectly, export, re-export, transfer or otherwise make available the Software to any person, or use it in any manner, or be involved in any activity, that could result in ESET or its holding companies, its subsidiaries, and the subsidiaries of any of its holding companies, as well as entities controlled by its holding companies ("Affiliates") being in violation of, or being subject to, negative consequences under trade control laws which include: i. any laws that control, restrict, or impose licensing requirements on export, re-export or transfer of goods, software, technology, or services, issued or adopted by any government, state or regulatory authority of the
United States of America, Singapore, the United Kingdom, the European Union or any of its Member States, or any country in which obligations under the Agreement are to be performed, or in which ESET or any of its
Affiliates are incorporated or operate, and ii. any economic, financial, trade or other, sanction, restriction, embargo, import or export ban, prohibition on transfer of funds or assets or on performing services, or equivalent measure imposed by any government, state or regulatory authority of the United States of America, Singapore, the United Kingdom, the European Union or any of its Member States, or any country in which obligations under the Agreement are to be performed, or in which
ESET or any of its Affiliates are incorporated or operate.
(legal acts referred to in points i, and ii. above together as "Trade Control Laws").
b) ESET shall have the right to suspend its obligations under, or terminate, these Terms with immediate effect in
55
the event that: i. ESET determines that, in its reasonable opinion, the User has breached or is likely to breach provision of Article
19 a) of the Agreement; or ii. the End User and/or the Software become subject to Trade Control Laws and, as a result, ESET determines that, in its reasonable opinion, the continued performance of its obligations under the Agreement could result in ESET or its Affiliates being in violation of, or being subject to negative consequences under, Trade Control Laws.
c) Nothing in the Agreement is intended, and nothing should be interpreted or construed, to induce or require either party to act or refrain from acting (or to agree to act or refrain from acting) in any manner which is inconsistent with, penalized, or prohibited under any applicable Trade Control Laws.
20. Notices. All notices and returns of the Software and Documentation must be delivered to: ESET, spol. s r. o.,
Einsteinova 24, 85101 Bratislava, Slovak Republic, without prejudice to ESET's right to communicate to You any changes to this Agreement, Privacy Policies, EOL Policy and Documentation in accordance with art. 22 of the
Agreement. ESET may send You emails, in-app notifications via Software or post the communication on our website. You agree to receive legal communications from ESET in electronic form, including any communications on change in Terms, Special Terms or Privacy Policies, any contract proposal/acceptance or invitations to treat, notices or other legal communications. Such electronic communication shall be deemed as received in writing, unless applicable laws specifically require a different form of communication.
21. Applicable law. This Agreement shall be governed by and construed in accordance with the laws of the Slovak
Republic. The End User and the Provider hereby agree that the principles of the conflict of laws and the United
Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that any disputes or claims ensuing from this Agreement with respect to the Provider or any disputes or claims relating to use of the Software shall be settled by Bratislava I District Court and You expressly agree to the said court exercising jurisdiction.
22. General provisions. Should any of the provisions of this Agreement be invalid or unenforceable, this shall not affect the validity of the other provisions of the Agreement, which shall remain valid and enforceable under the conditions stipulated therein. This Agreement has been executed in English. In case any translation of the
Agreement is prepared for the convenience or any other purpose or in any case of a discrepancy between language versions of this Agreement, the English version shall prevail.
ESET reserves the right to make changes to the Software as well as to revise terms of this Agreement, its Annexes,
Addendums, Privacy Policy, EOL Policy and Documentation or any part thereof at any time by updating the relevant document (i) to reflect changes to the Software or to how ESET does business, (ii) for legal, regulatory or security reasons, or (iii) to prevent abuse or harm. You will be notified about any revision of the Agreement by email, in-app notification or by other electronic means. If You disagree with the proposed changes to the
Agreement, You may terminate it in accordance with Art. 10 within 30 days after receiving a notice of the change.
Unless You terminate the Agreement within this time limit, the proposed changes will be deemed accepted and become effective towards You as of the date You received a notice of the change.
This is the entire Agreement between the Provider and You relating to the Software and it supersedes any prior representations, discussions, undertakings, communications or advertising relating to the Software.
EULAID: EULA-PRODUCT-LG-EI; 3537.0
ADDENDUM TO THE AGREEMENT
Forwarding of Information to the Provider. Additional provisions apply to the Forwarding of Information to the
Provider as follows:
56
The Software contains functions which collect samples of computer viruses and other malicious computer programs and suspicious, problematic, potentially unwanted or potentially unsafe objects such as files, URLs, IP packets and ethernet frames (hereinafter referred to as "Infiltrations") and then send them to the Provider, including but not limited to information about the installation process, the computer and/or the platform on which the Software is installed and/or information about the operations and functionality of the Software
(hereinafter referred to as "Information"). The Information and Infiltrations may contain data (including randomly or accidentally obtained personal data) about the End User or other users of the computer on which the Software is installed, and files affected by Infiltrations with associated metadata.
Information and Infiltrations may be collected by LiveGrid Reputation System function which includes collection and sending of one-way hashes related to Infiltrations to Provider. This function is enabled under the Software's standard settings.
The Provider shall only use Information and Infiltrations received for analysis and research of Infiltrations, improvement of Software and License authenticity verification and shall take appropriate measures to ensure that Infiltrations and Information received remain secure. By activating this function of the Software You are agreeing to Infiltrations and Information being sent to the Provider and You are also granting the Provider the necessary approval, as specified under the relevant legal regulations, for processing Infiltrations and Information obtained. You can deactivate these functions at any time.
EULAID: EULA-PRODUCT-LG-EI; 3537.0
Privacy Policy
The protection of personal data is of particular importance to ESET, spol. s r. o., having its registered office at
Einsteinova 24, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by
Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number: 31333532 as a Data
Controller ("ESET" or "We"). We want to comply with the transparency requirement as legally standardized under the EU General Data Protection Regulation ("GDPR"). To achieve this goal, We are publishing this Privacy Policy with the sole purpose of informing our customer ("End User" or "You") as a data subject about following personal data protection topics:
• Legal Basis of Personal Data Processing,
• Data Sharing and Confidentiality,
• Data Security,
• Your Rights as a Data Subject,
• Processing of Your Personal Data
• Contact Information.
Processing of Your Personal Data
Services provided by ESET implemented in our product are provided under the terms of EULA , but some of them might require specific attention. We would like to provide You with more details on data collection connected with the provision of our services. We render various services described in the EULA and the product documentation . To make it all work, We need to collect the following information:
57
Server and web console
• Information concerning installation process, including platform on which our product is installed and information about the operations and functionality of our product such as hardware fingerprint, installation IDs, crash dumps, license IDs, IP address, MAC address, configuration settings of ESET product installed on server
(not including data from monitored endpoint devices).
• Licensing information such as license ID and personal data such as company name, name and surname, address, email address is required for billing purposes, license genuineness verification and provision of our services.
• Contact information and data contained in your support requests may be required for service of support.
Based on the channel You choose to contact us, We may collect your email address, phone number, license information, product details and description of your support case. You may be asked to provide us with other information to facilitate service of support such as generated log files.
• Telemetry data concerning usage.
Monitored endpoint devices
• ESET product collects and locally stores information from monitoring of endpoint devices and network exclusively based on preferences, requirements and setting managed by You.
• Data from monitored endpoint devices and from network are not transferred to ESET.
We encourage You to check and review the legislation and legal requirements for data collection and processing in Your country while setting up ESET product. You might be required to notify users of monitored endpoint devices or ask for specific permission under the certain jurisdiction when You monitor and collect.
Data Sharing and Confidentiality
We do not share your data with third parties. However, ESET is a company that operates globally through affiliated companies or partners as part of our sales, service and support network. Licensing, billing and technical support information processed by ESET may be transferred to and from affiliates or partners for the purpose of fulfilling the EULA, such as providing services or support.
ESET prefers to process its data in the European Union (EU). However, depending on your location (use of our products and/or services outside the EU) and/or the service you choose, it may be necessary to transfer your data to a country outside the EU. For example, we use third-party services in connection with cloud computing. In these cases, we carefully select our service providers and ensure an appropriate level of data protection through contractual as well as technical and organizational measures. As a rule, we agree on the EU standard contractual clauses, if necessary, with supplementary contractual regulations.
For some countries outside the EU, such as the United Kingdom and Switzerland, the EU has already determined a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement.
Data Subject’s Rights
The rights of every End User matter and We would like to inform you that all End Users (from any EU or any non-
EU country) have the following rights guaranteed at ESET. To exercise your data subject’s rights, you can contact us via support form or by e-mail at [email protected]. For identification purposes, we ask you for the following
58
information: Name, e-mail address and - if available - license key or customer number and company affiliation.
Please refrain from sending us any other personal data, such as the date of birth. We would like to point out that to be able to process your request, as well as for identification purposes, we will process your personal data.
Right to Withdraw the Consent. Right to withdraw the consent is applicable in case of processing based on consent only. If We process your personal data on the basis of your consent, you have the right to withdraw the consent at any time without giving reasons. The withdrawal of your consent is only effective for the future and does not affect the legality of the data processed before the withdrawal.
Right to Object. Right to object the processing is applicable in case of processing based on the legitimate interest of ESET or third party. If We process your personal data to protect a legitimate interest, You as the data subject have the right to object to the legitimate interest named by us and the processing of your personal data at any time. Your objection is only effective for the future and does not affect the lawfulness of the data processed before the objection. If we process your personal data for direct marketing purposes, it is not necessary to give reasons for your objection. This also applies to profiling, insofar as it is connected with such direct marketing. In all other cases, we ask you to briefly inform us about your complaints against the legitimate interest of ESET to process your personal data.
Please note that in some cases, despite your consent withdrawal, we are entitled to further process your personal data on the basis of another legal basis, for example, for the performance of a contract.
Right of Access. As a data subject, you have the right to obtain information about your data stored by ESET free of charge at any time.
Right to Rectification. If we inadvertently process incorrect personal data about you, you have the right to have this corrected.
Right to Erasure and Right to Restriction of Processing. As a data subject, you have the right to request the deletion or restriction of the processing of your personal data. If we process your personal data, for example, with your consent, you withdraw it and there is no other legal basis, for example, a contract, We delete your personal data immediately. Your personal data will also be deleted as soon as they are no longer required for the purposes stated for them at the end of our retention period.
If we use your personal data for the sole purpose of direct marketing and you have revoked your consent or objected to the underlying legitimate interest of ESET, We will restrict the processing of your personal data to the extent that we include your contact data in our internal black list in order to avoid unsolicited contact. Otherwise, your personal data will be deleted.
Please note that We may be required to store your data until the expiry of the retention obligations and periods issued by the legislator or supervisory authorities. Retention obligations and periods may also result from the
Slovak legislation. Thereafter, the corresponding data will be routinely deleted.
Right to Data Portability. We are happy to provide You, as a data subject, with the personal data processed by
ESET in the xls format.
Right to Lodge a Complaint. As a data subject, You have a right to lodge a complaint with a supervisory authority at any time. ESET is subject to the regulation of Slovak laws and We are bound by data protection legislation as part of the European Union. The relevant data supervisory authority is The Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 82007 Bratislava 27, Slovak Republic.
59
Contact Information
If You would like to exercise your right as a data subject or You have a question or concern, send us a message at:
ESET, spol. s r.o.
Data Protection Officer
Einsteinova 24
85101 Bratislava
Slovak Republic [email protected]
60
advertisement
Key Features
- Real-time threat intelligence
- Automated threat detection
- Incident response tools
- User behavior analytics
- File analysis
- Network traffic analysis
Related manuals
Frequently Answers and Questions
What are the system requirements for ESET Inspect?
How do I install ESET Inspect?
How do I configure ESET Inspect?
advertisement