ESET Remote Administrator 4 Installation Manual and User Guide
ESET Remote Administrator 4 Copyright © 2010 by ESET, spol. s r.o. ESET Remote Administrator 4 was developed by ESET, spol. s r.o. For more information visit www.eset.com. All rights reserved. No part of this documentation may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without permission in writing from the author. ESET, spol. s r.o.
Contents 1 Introduction ..................................................5 1.1 What's .............................................................................5 new 1.2 Program .............................................................................6 architecture 2 Installation of ERA Server and ERA Console ..................................................8 2.1 Requirements .............................................................................8 2.1.1 Software ......................
5.3.4 5.3.5 5.3.6 5.3.7 5.3.7.1 5.3.7.2 5.3.7.3 5.3.8 5.3.9 5.3.10 5.3.10.1 5.3.10.2 5.3.10.3 5.3.10.4 5.3.10.5 5.3.10.6 Role and purpose of policies in the policy tree structure ...........................................................................................52 Viewing ...........................................................................................53 policies Importing/Exporting ...........................................................................................
1. Introduction ESET Remote Administrator (ERA) is an application which allows you to manage ESET’s products in a networked environment, including workstations and servers – from one central location. With ESET Remote Administrator‘s built-in task management system, you can install ESET security solutions on remote computers and quickly respond to new problems and threats. ESET Remote Administrator itself does not provide any other form of protection against malicious code.
- Mirror for ESET NOD32 Antivirus 2.x - new setup - domain-based filtering option added in Find Unregistered Computers - compression of server logs (zip) - minor bugs fixed and several minor features added - Rescue CD Internal Server enhancements - support for additional databases (MS Access, MS SQL Server, Oracle, MySQL) New ESET Configuration Editor - support for ESET Security products 4.x ESET Remote Administrator Version 2.
ERAC is the client component of ERA and is usually installed on a workstation. This workstation is used by the administrator to remotely control ESET solutions on individual clients. Using ERAC, the administrator can connect to the server component of ERA – on TCP port 2223. The communication is controlled by the process console.exe, which is usually located in the following directory: %ProgramFiles%\ESET\ESET Remote Administrator\Console When installing ERAC, you may need to enter the name of an ERAS.
2. Installation of ERA Server and ERA Console 2.1 Requirements ERAS works as a service, and therefore requires a Microsoft Windows NT-based operating system (NT4 SP6, 2000, XP, 2003, Vista, 7, or 2008). Although the Microsoft Windows Server Edition is not necessary for ERAS to work, we recommend installing ERAS on server-based operating systems for smooth operation.
Overload If a server is overloaded (e.g., we connect 20,000 clients to a server only able to service 10,000 clients at an interval of every 10 minutes) it will skip some of the clients connected. On average every second client connection will be serviced, as if the client connection interval were set to 20 minutes instead of 10 minutes.
UDP UDP 137 (target port from the point of view of ERAS) 138 (target port from the point of view of ERAS) TCP 445 (target port from the point of view of ERAS) “Name resolving” during remote install. “Browsing” during remote install Direct access to shared resources using TCP/IP during remote install (an alternative to TCP 139) The predefined ports 2221, 2222, 2223, 2224 and 2846 can be changed if they are already in use by other applications.
2.2.2 Before installation Before installing, the following installation packages should be downloaded from ESET’s website: ESET Remote Administrator components: ESET Remote Administrator – Server ESET Remote Administrator – Console ESET client solutions: ESET Smart Security 4.x ESET Smart Security 3.x ESET NOD32 Antivirus 4.x ESET NOD32 Antivirus 3.x ESET NOD32 Antivirus 2.7 Only download the client solutions you will use on client workstations. 2.2.3 Installation 2.2.3.
/qb - No user intervention is possible, but the installation process is indicated by a progress bar. Example: era_server_nt32_ENU.msi /qb Parameters and configuration of the command line installation can be further supplemented by the administrator's .xml configuration file the "cfg.xml", which must be in the same folder as the ERA .msi installation file. The configuration file can be created in the ESET Configuration Editor and allows you to configure various ERA settings.
2.2.3.4 Database types supported by ERA Server By default, the program uses the Microsoft Access (Jet Database) engine. ERAS 4.0 also supports the following databases: Microsoft SQL Server 2005 MySQL 5.0 Oracle 9i The database type can be selected during the Advanced installation mode of ERAS. After the installation it is not possible to change the database type directly from ERA, however, you can do so using the ERA Maintenance Tool 81 .
This is an example of a complete connection string for Oracle Server: Driver ={Oracle in instantclient10_1}; dbq =hostname: 1521/ESETRADB This is an example of a complete connection string for MySQL Server: Driver ={MySQL ODBC 3.51 Driver}; Server =hostname; Database =ESETRADB Then set the Username and password for the connection (the Set button). Oracle and MS SQL Server databases also require a Schema Name (for MS SQL Server this is usually the same as username).
2.3 Scenario - Installation in an Enterprise environment 2.3.1 Environment overview (network structure) Below is a copy of the previous network structure with one additional branch office, several clients and one server named LITTLE. Let’s suppose there is a slow VPN channel between the headquarters and the branch office. In this scenario, the Mirror server should be installed on the server LITTLE.
2.3.2 Installation 2.3.2.1 Installation at headquarters Installations of ERAS, ERAC and client workstations are very similar to the previous scenario. The only difference is in the configuration of the master ERAS (GHOST). In Tools > Server Options… > Replication select the Enable “from” replication check box and enter the name of the secondary server in Allowed servers. In our case, the lower server is named LITTLE.
2.3.3 Other requirements for Enterprise environments In larger networks, multiple ERA Servers can be installed to perform remote installs of client computers from servers which are more accessible. For this purpose, ERAS offers replication (see chapter Installation at headquarters 16 and Branch office: Installation of ERA Server 16 ), which allows stored information to be forwarded to a parent ERAS (upper server). Replication can be configured using ERAC.
3. Working with ERAC 3.1 Connecting to ERAS Most features in ERAC are only available after connecting to ERAS. Define the server by name or IP address before connecting: Open the ERAC and click File > Edit Connections… (or Tools > Console Options…) and click the Connection tab. Click the Add/Remove… button to add new ERA Servers or to modify currently listed servers. Pick the desired server in the Select connection drop-down menu. Then, click the Connect button.
3.2 ERAC - main window The current communication status between ERAC and ERAS is displayed in the status bar (1). All necessary data from ERAS is refreshed regularly (Default is every minute. See Tools > Console Options…). The refresh progress can also be seen in the status bar. NOTE: Press F5 to refresh displayed data. Information is divided into several tabs in order of importance (2).
Server Name Displays name of server. Clients Total number of clients connecting to or in the database of the selected ERAS. Virus Signature DB Range Version of virus signature databases among the clients of the selected ERAS. Least Recent Connection Time elapsed since the least recent connection to the server. Last Threat Alerts Total number of virus alerts (see the attribute Last Threat Alert in section 5). Last Firewall Alerts The total number of firewall alerts.
Output only includes clients with names identical to the string entered. Only clients beginning like (?,*) Output will only list clients with names beginning with the specified string. Only clients like (?,*) Output will list only clients with names containing the specified string. Exclude clients (using whole words), Exclude clients beginning like (?,*), Exclude clients like (?,*) These options will yield results opposite to the previous three.
3.3.3 View mode In the Clients tab, the number of columns displayed can be adjusted by using the View mode drop-down menu on the far right side of the Console. The Full View Mode displays all columns, while the Minimal View Mode only shows the most important columns. These modes are predefined and cannot be modified. To activate the Custom View, select Custom View Mode. It can be configured in the Tools > Console Options… > Columns > Show/Hide tab. 3.4 Tabs in ERAC 3.4.
If the information cannot be found in the dialog windows of the program, click the Request button (available under Actions > Properties > Configuration). Clicking this button will download missing information from a lower ERAS. Since replication is always initiated by a lower ERAS, the missing information will be delivered within the preset replication interval. Fig: Click Request to retrieve missing information from lower ERA Servers.
Attribute Product Install Date Roaming User New Client OS Name OS Platform HW Platform Configuration Protection Status Protection Features System Information SysInspector Custom Info Comment Description Date that the ESET security product was installed on the client Clients with this attribute will perform the ”update now” task each time they establish a connection with the ERAS (recommended for notebooks). The update is only performed if the client's virus signature database is not up to date.
Fig.: Detailed information about a client workstation. The Clients tab offers several options after double-clicking on a client: General Contains similar information to that displayed in the Clients tab. Here you can specify the Client Name – the name under which this client is visible in ERA, plus an optional comment. Member Of Groups This tab lists all groups to which the client belongs. For more information, see chapter Information filtering Tasks Tasks related to the given client.
3.4.4 Threat Log tab This tab contains detailed information about individual virus or threat incidents.
3.4.7 Scan Log tab This tab lists results of On-demand computer scans that were started remotely, locally on client computers, or as scheduled tasks.
3.4.10 Tasks tab The meaning of this tab is described in the chapter titled ”Tasks”. The following attributes are available: Attribute State Type Name Description Date to deploy Date Received Details Comment Description Task status (Active = being applied, Finished = task was delivered to clients) Task type Task name Task description Task execution time /date Time at which the event was logged by ERAS Task log submission status A short comment describing the client (entered by the administrator) 3.4.
3.5.6 Other settings tab Filter settings > Auto apply changes If enabled, filters in individual tabs will generate new outputs upon each modification of filter settings. Otherwise, filtering will only take place after clicking the Apply Changes button. Remote Administrator updates This section allows you to enable checking for new versions of ESET Remote Administrator. We recommend the default value of Monthly. If a new version is available, ERAC displays a notification at program startup.
3.7 ESET Configuration Editor The ESET Configuration Editor is an important component of ERAC and is used for several purposes. Some of the most important are the creation of the following: Predefined configurations for installation packages Configurations sent as tasks or policies to clients A general (.xml) configuration file Configuration Editor is a part of ERAC and is represented mainly by the cfgedit.* files.
3.7.2 Key configuration entries In this section, we explain several of the key configuration entries for ESET Smart Security and ESET NOD32 Antivirus, available through the ESET Configuration Editor: ESET Smart Security, ESET NOD32 Antivirus > ESET Kernel > Setup > Remote administration Here you can enable communication between client computers and the ERAS (Connect to Remote Administrator server). Enter the name or IP address of ERAS (Server address).
be changed remotely. To change the setting remotely the Suppress user settings option must be set to Yes. The Suppress user settings option is only available for clients running 4.0 or later ESET security products. Update This branch of the Configuration Editor allows you to define how update profiles are applied. Normally, it is only necessary to modify the predefined profile My profile and change the Update server, Username and Password settings.
4. Installation of ESET client solutions This chapter is dedicated to the installation of ESET client solutions for Microsoft Windows operating systems. Installations can be performed directly on workstations, or remotely from ERAS. This chapter also outlines alternative methods of remote installation. NOTE: Although it is technically feasible, we do not recommend that the remote installation feature be used to install ESET products to servers (workstations only). 4.
anywhere within its contents. Select Manage packages from the context menu. Each installation package is defined by a Name. See (1) in the figure above. The remaining sections of the dialog window are related to the content of the package, which is applied after it has been successfully delivered to a target workstation. Each package contains: ESET client solution installation files (2) .
REBOOTPROMPT =”” After installation, a dialog window prompting the user to confirm rebooting is displayed (can’t be used along with /qn). ADMINCFG =”path_to_xml_file” During installation, parameters defined in the specified.xml files are applied to ESET security products. The parameter is not required for remote installation. Installation packages contain their own .xml configuration, which is applied automatically.
embeds this setting in the Advanced installation scenario so you must select Advanced ? Fully customized installation during the installation. We highly recommend that you check all requirements before installation, especially if there are multiple workstations in the network (on the Remote Install tab select the Computers tab, right-click the relevant client(s) and select Diagnostics of Push Installation from the context menu). ESET Remote Administrator 4.2 4.2.
4.2.3 Remote Push Install This method of remote install pushes ESET client solutions to remote target computers. Target computers should be online. Supposing that all workstations are turned on, the push installation method is the most effective method. Before starting a push install, you must first download the .msi install files for ESET Smart Security or ESET NOD32 Antivirus from ESET’s website and create an installation package. You can create an .
6) Agent starts as a service under the system account. 7) Agent establishes communication with its ”parent” ERAS and downloads the corresponding install package on TCP port 2224. 8) Agent installs the package under the administrator account defined in step 2; the corresponding .xml configuration and command line parameters are also applied. 9) Immediately after the installation is complete, the agent sends a message back to ERAS.
Diagnostics of Push Installation Checks the availability of clients and services to be used during the remote install. For more information, see the chapter titled Configuring the environment for remote installation 36 . Push installation Runs the remote install task. Export to Folder or Logon Script See Logon / email remote install 39 for details. Send via E-mail See Logon / email remote install 39 for details.
Attaching the agent (einstaller.exe) to email: 1) Click Email… on the Remote Install tab and select the Type and name of the Package you wish to install. 2) Click To… to select addresses from the address book (or insert individual addresses). 3) Enter a Subject in the corresponding field. 4) Type a message into the Body. 5) Check the Send compressed as .zip file option if you wish to send the agent as a zipped package. 6) Click Send to send the message.
The username and password of the account under which the installation of the package is to be performed must be an account with administrator rights or, preferably, a domain administrator account. Values inserted in the Default Logon… dialog window are forgotten after each service (ERAS) restart. 4.2.5 Custom remote install It is not a requirement to use ERA tools to remotely install ESET client solutions. In the end, the most important aspect is to deliver and execute the einstaller.
The username and password of the account under which the installation of the package is to be performed must be an account with administrator rights or, preferably, a domain administrator account. During the remote installation process, backward connection to ERAS takes place and the agent (einstaller.exe) adopts settings from the Set Default Logon for E-mail and Logon Script Installations option. If the einstaller.
4.2.7 Avoiding repeated installations Immediately after the agent successfully completes the remote installation process, it marks the remote client with a flag prohibiting repeated installations of the same installation package. The flag is written to the following registry key: HKEY_LOCAL_MACHINE\Software\ESET\ESET Remote Installer If the Type and Name of the package defined in the einstaller.exe agent match the data in the registry, the installation will not be performed.
3) Insert an .xml configuration file, which is to be applied to the program, to the same folder. The file should be named cfg. xml. To create a configuration file, the ESET Configuration Editor can be used. For more information see chapter ESET Configuration Editor 30 . 4) Click Start > Programs > Administrative tools > Active Directory Users and Computers. 5) Right-click the domain name and select Properties > Group Policy > Edit > User Configuration.
5. Administering client computers 5.1 Tasks Client workstations that are correctly connected to ERAS and displayed in ERAC can be configured and administered using various types of tasks. The general workflow below applies for all tasks described in the following sub-chapters except the Interactive Task (see the chapter for an explanation of the workflow). 48 Stage I - New Task Tasks can be applied to multiple clients, or to one or more groups of clients.
5.1.1 Configuration Task Configuration tasks are used to modify protection settings on client workstations. These tasks are delivered to client workstations in configuration packages which contain the modification parameters. The .xml files created in the ESET Configuration Editor or exported from clients are also compatible with configuration tasks. The example below demonstrates how to create a configuration task that changes the username and password on target computers.
4) Click Next to proceed to the dialog windows labeled Select Clients and Task Report which are described in detail in the Tasks 45 chapter. 5) After the task is finished executing on the client workstations, the results are sent back to the ERAS and they can be viewed in ERAC in the Scan Log pane. 5.1.3 Update Now Task The purpose of this task is to force updates on target workstations (virus signature database updates as well as program component upgrades).
5.1.6 Generate Security Audit Log Task This task applies to ESET Mobile Security only. Security Audit checks: battery level, Bluetooth status, free disk space, device visibility, home network and running processes. A detailed report will be generated, indicating whether or not the item value is below the specified threshold or if it could represent a potential security risk (e.g., device visibility turned on, etc.).
3) The Protection status field will contain one or more warnings. Click the blue text suggesting a solution at the end of each message. 4) Click Yes to confirm execution of the interactive task. 5) After repeating steps 3 and 4 for every message displayed, click Refresh several times to see if the status message(s) disappear. Once you have resolved all the issues successfully, the protection status message will change to Protection status: System is secure.
be displayed with its corresponding clients. Click the Add/Remove button to add or remove clients from groups, or click the Delete button to delete an entire group. Click the Copy to Clipboard button to copy the client and group lists. To refresh the group clients press the Refresh button. You can also Import/Export currently selected group clients to an .xml file. 5.2.2 Parametric Groups In addition to Static Groups, Parametric Groups can be very useful.
Administrator > ERA Server > Setup > Groups > Active Directory Synchronization options). By default, only Computer security groups and Computer organization units are synchronized. However, you can add other Active Directory objects by checking the desired option. NOTE: For ERAS to synchronize with Active Directory, ERAS does not need to be installed on your Domain Controller. The Domain Controller only needs to be accessible from the computer where your ERAS is located.
5.3.3 Virtual policies In addition to created policies, as well as those replicated from other servers (see chapter Replication tab 77 ), the Policy Tree also contains a Default Parent Policy and Default Primary Clients Policy, which are referred to as virtual policies. The default Parent Policy is located on an upper server in the Global Policy Settings and selected as Default policy for lower servers. If the server is not replicated, this policy is empty (will be explained later on).
selected (for more information, see chapter How to create policies 51 ). Icons with downward arrows – these policies are replicated – the option Down replicable policy is enabled. You can apply these policies on the given server and on its child servers. 2) Policies with grey icons originate from other servers. Icons with upward arrows – These policies are replicated from child servers. They can only be viewed or deleted with the option Delete Policy Branch.
5.3.7 Assigning policies to clients There are two main rules for assigning policies to clients: 1. Local (primary) clients can be assigned any local policy or any policy replicated from upper servers. 2. Clients replicated from lower servers can be assigned any local policy with the Down replicable attribute or any policy replicated from upper servers. They cannot be forced to adopt policies from their own primary server (to do so, you must connect to that server with ERAC).
HAS IP Range (specify) – if client belongs to the group defined by the IP range… HAS (NOT) Defined Policy (specify) – if client does (or does not) adopt the policy… Product Name (NOT) IN - if product name is... Product Version IS (NOT) - if product version is... Client Custom Info Mask (NOT) IN - if Client Custom Info contains... HAS (NOT) Protection Status (specify) - if client´s protection status is... Virus Signature DB Version IS (NOT) - if virus signature database is...
5.3.9 Special settings Two additional policies are not located in the Policy Manager but in Tools > Server Options > Advanced > Edit Advanced Settings > ESET Remote Administrator > ERA Server > Setup > Policies. Interval for policy enforcement (minutes): This feature applies to policies in the specified interval. We recommend the default setting. Disable policy usage: Enable this option to cancel application of policies to servers. We recommend this option if there is a problem with the policy.
5.3.10.2 Each server is administered individually - policies are managed locally but the Default Parent Policy is inherited from the upper server The configuration from the previous scenario also applies to this scenario. However, Server A has the Default Policy for Lower Servers enabled and policies on the lower servers inherit the configuration of the Default Parent Policy from the master server. In this scenario, the local administrators are given a large degree of autonomy to configure policies.
5.3.10.3 Inheriting policies from an upper server The network model for this scenario is the same as the previous two scenarios. In addition, the master server, along with the Default Parent Policy, contains other policies, that are down replicable and serve as parent policies on the lower servers. For Policy 1 (see the figure below), the attribute Override any child policy is activated.
5.3.10.4 Assigning policies only from the upper server This scenario represents a centralized system of policy management. Policies for clients are created, modified and assigned only on the main server - the local administrator has no rights to modify them. All lower servers have only one basic policy, which is empty (by default titled Server Policy). This policy serves as the Default Parent Policy for Primary Clients. 5.3.10.
5.3.10.6 Using groups In some situations, assigning policies to groups of clients can complement previous scenarios. Groups can be created manually or by using the Active Directory Synchronization option. Clients can be added to groups either manually (Static Groups) or automatically — by the group properties (Parametric Groups). See chapter Group Manager 49 for more details.
5.4.1 Notification Manager To open the Notification Manager main window, click Tools > Notification Manager. The main window is divided in two sections. The Notification rules section in the top part of the window contains a list of existing (either predefined or user defined) rules. A rule in this section must be checked to generate notification messages. By default, no notifications are enabled. Therefore, we recommend checking whether your rules are active.
meeting the client filter criteria are taken into consideration. The filtering criteria are: FROM Primary Server – Only clients from primary server; (the negative NOT FROM can also be applied) Primary Server IN – Includes primary server in the output HAS New Flag – clients marked by the flag ”New” (the negative HAS NOT can also be applied).
corresponding level. Otherwise such notification rules would never find a trigger in the server log.
The notification format can be edited in the Message box in the bottom section of the Notification Manager main window. In the text you can use special variables, using this syntax: %VARIABLE_NAME%. To view the list of available variables, click Show me options.
not clean at least one infiltration and that client has not been disconnected for more than one week; the rule runs ASAP. Completed task – If there was a task completed on a client; the rule runs ASAP. New primary clients – If a new client has connected to the server; the rule runs ASAP. New replicated clients – If there is a new replicated client in the list of clients; the rule runs after one hour.
The rule is now active. If there is a problem with the protection status on a client from the HQ group, the rule will be run. The administrator will receive an email notification with an attachment containing the name of the problematic client. Click Close to exit the Notification Manager. 5.5 Detailed information from clients ERA allows you to extract information about running processes, startup programs, etc. from client workstations.
View – Opens the log listed in the top section directly in ESET SysInspector Save As… – Saves the current log to a file. The Then Run ESET SysInspector Viewer to view this file option automatically opens the log after it is saved (as it would after clicking View). Generating and displaying new log files can sometimes be slowed by the local client, due to the size of the log and data transfer speed.
6. Firewall Rules Merge Wizard Firewall Rules Merge Wizard allows you to merge the firewall rules for selected clients. This is especially useful when you need to create a single configuration containing all firewall rules that were gathered by clients in learning mode. The resulting configuration can then be sent to clients via a configuration task or can be applied as a policy.
7. Reports The Reports tab is used to turn statistical information into graphs or charts. These can be saved and processed later in the Comma Separated Value format (.csv) by using ERA tools to provide graphs and graphical outputs. By default, ERA saves output in HTML format. Most of the reports related to infiltrations are generated from the Threat log. To browse and select graphical styles, use the Style drop-down menu in the Report section. ERA provides several predefined templates for reports.
Summary of Combined Top Clients with most Threats/ Top Threats; Combined Top Threats / Threats Comparative Progress; Threats Progress Comprehensive Network Attacks Report Summary of Combined Top Clients with most Network Attacks / Top Network Attacks; Top Network Attacks; Top Network Attacks Sources; Network Attacks Progress Comprehensive SMS Spam Report Summary of Combined Top Clients with most SMS Spam / Top SMS Spammers; Top SMS Spammers; SMS Spam Progress In the Filter section you can use the Target cli
Templates placed in the Favorites list can be used later to immediately generate new reports. To move a template to Favorites, right-click the report and click Add to Favorites from the context menu. 7.1 Example report scenario To maintain your clients’ network security at the top level, you will need to have a good overview of the network’s security status. You can easily create reports with full details about threats, updates, client product versions, etc.
8. ESET Remote Administrator Server (ERAS) setup 8.1 Security Version 3.x and later ESET security solutions (ESET Smart Security, etc.) offer password protection for decrypted communication between the client and ERAS (communication at the TCP protocol, port 2222). Earlier versions (2.x) do not have this functionality. To provide backward compatibility for earlier versions, the Enable unauthenticated access for Clients mode must be activated.
Deletes all system events older than the specified number of months (or days). Delete scan logs older than X months (days) Deletes all scanner logs older than the specified number of months (or days). Delete mobile logs older than X months (days) Deletes all mobile logs older than the specified number of months (or days). Delete quarantine entries with no clients older than X months (days) Deletes all scanner logs older than the specified number of months (or days).
8.3.1 Operation of the Mirror server The computer hosting the Mirror server should always be running, and connected to the Internet or to an upper Mirror server for replication. Mirror server update packages can be downloaded in two ways: 1. Using the HTTP protocol (recommended) 2. Using a shared network drive (SMB) ESET‘s update servers use the HTTP protocol with authentication.
8.3.3 How to enable and configure the Mirror If the Mirror is directly integrated into ERA (a Business Edition component), connect to ERAS using ERAC and follow these steps: From the ERAC click Tools > Server Options… > Updates. From the Update server: drop-down menu, select Choose Automatically (updates will be downloaded from ESET’s servers), or enter the URL/UNC path to a Mirror server. Set the Update interval for updates (we recommend sixty minutes).
The Mirror feature is also available directly from the program interface in ESET Smart Security Business Edition and ESET NOD32 Antivirus Business Edition. It is left to the administrator’s discretion as to which is used to implement the Mirror server.
8.4 Replication Replication is used in large networks where multiple ERA Servers are installed (e.g., a company with several branches). For more information, see chapter Installation 16 . The options in the Replication tab (Tools > Server Options...) are divided into two sections: Replication “to“ settings Replication “from“ settings The Replication ”to“ settings section is used to configure lower ERA Servers.
Replicate quarantine log If these options are selected, all information displayed on the Clients, Threat Log, Firewall Log, Event Log, Scan Log, Mobile Log, Quarantine Log and Tasks tab is replicated in individual columns and lines. Information not stored directly in the database, but in individual files (i.e., .txt or.xml format), may not be replicated. Enable these options to also replicate entries in those files.
copied to the server. The central part of the window displays information about the license key which is currently used by the server. To see details about all license keys present on the server, click the Details… button. ERAS is capable of selecting the most relevant license key and merging multiple keys into one. If there is more than one license key uploaded, ERAS will always try to find the key with the most clients and furthest expiration date.
8.8 Other settings SMTP settings Some features in ERA require correct SMTP server configuration. Those features include remote email installation and generating reports to be sent by email. New clients Allow new clients If disabled, no new clients will be added in the Clients tab – even if new clients communicate with ERA Servers, they will not be visible in the Clients tab. Automatically reset “New“ flag by new clients If enabled, the New flag is removed from clients connecting to ERAS for the first time.
9. ERA Maintenance Tool The purpose of the ERA Maintenance tool is to execute specific tasks for server operation and maintenance. It can be accessed by clicking Start > Program Files > ESET Remote Administrator > Server. When you launch the ERA Maintenance tool, an interactive wizard will display to help you in performing the required tasks. NOTE: For ERA Maintenance to work properly on Windows NT4 SP6 it is necessary to upgrade the Common Controls library (comctl32.dll). Comctl32.
9.2.4 Database Backup This tool allows you to create a backup file of the database. The settings in the first window are similar to those in the database conversion (see chapter Database Transfer 81 ); in this window the source database is selected. The source database will be copied to a backup file specified in the next step.
10. Troubleshooting 10.1 FAQ This chapter contains solutions to the most frequently asked questions and problems related to installation and operation of ERA. 10.1.1 Problems installing ESET Remote Administrator to Windows server 2000/2003 Cause: One of the possible causes may be the Terminal Server running on the system in the execution mode. Solution: Microsoft advises switching the Terminal Server to “install” mode while installing programs to a system with Terminal Server service running.
10.2.2 Frequently encountered error codes in era.log 0x1203 – UPD_RETVAL_BAD_URL Update module error – incorrectly entered update server name.
11. Hints & tips 11.1 Scheduler ESET NOD32 Antivirus and ESET Smart Security contain an integrated task scheduler which allows for scheduling regular computer scans, updates, etc. All specified tasks are listed in the Scheduler. Following types of tasks can be configured using ERA: Run external application Log maintenance Computer scan Create a computer status snapshot Update Automatic startup file check In most cases, there is no need to configure a Run external application task.
Change ID – Modifies ID of selected tasks Details – Summary information about the selected tasks Mark for deletion – Application of .xml file will remove tasks (with the same ID) selected by clicking this button from target clients. Remove from list – Deletes selected tasks from the list. Please note that tasks removed from the list in the.xml configuration will not be removed from target workstations.
11.2 Removing existing profiles Occasionally you may come across duplicate profiles (either update or scan profiles) that were created by mistake. To remove those profiles remotely without damaging other settings in the Scheduler, follow the steps below: From ERAC, click the Clients tab and then double-click a problematic client. From the Client Properties window, click the Configuration tab.
11.4 Combined update for notebooks If there are any mobile devices in your local network (i.e., notebooks), we recommend that you configure a combined update from two sources: ESET’s update servers and the local Mirror server. First, notebooks contact the local Mirror server, and if the connection fails (they are outside of the office), they download updates directly from ESET’s servers.
To create a new task, click Add. From the Scheduled task drop-down menu, select Update and click Next. Enter the Task name (e.g., ”combined update”), select Repeatedly every 60 minutes and proceed to the selection of a primary and secondary profile. If the notebook workstations should contact the Mirror server first, the Primary profile should be set to LAN and the Secondary profile should be set to INET. The profile INET would only be applied if the update from LAN fails.
12. ESET SysRescue ESET SysRescue is a utility which enables you to create a bootable disk containing ESET NOD32 Antivirus (EAV) or ESET Smart Security (ESS). The main advantage of ESET SysRescue is the fact that ESS or EAV runs independent of the host operating system, while it has a direct access to the disk and the entire filesystem. Thanks to this it is possible to remove those infiltrations that normally could not be deleted, e.g. when the operating system is running, etc. 12.
12.2.2 ESET Antivirus For creating ESET SysRescue CD, you can select two sources of ESET files to be used by the compiler.
12.3 Working with ESET SysRescue For the rescue CD/DVD/USB to function effectively, you must boot your computer from the ESET SysRescue boot media. Boot priority can be modified in the BIOS. Alternatively, you can bring up the boot menu during the computer startup usually using one of the F9 - F12 keys, depending on the version of your motherboard/BIOS. After booting, ESS/EAV will start.
