ESET Remote Administrator Installation Manual and User Guide we protect your digital worlds ©
contents Contents 1. Introduction................................................. 4 2. ERA – client/server architecture..................... 5 2.1 ERA Server (ERAS).................................................5 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 Requirements.........................................................5 ERAS hierarchy at large networks............................6 Installation............................................................. 7 Logs.....................................
4.6.6 4.6.7 Updates............................................................... 29 Other Settings tab................................................ 29 5. Tasks..........................................................30 5.1 Configuration Task.............................................. 30 5.2 On-Demand Scan task..........................................31 5.3 Update Now task.................................................31 6. Installation of ESET’s client solutions............. 32 6.
1. Introduction ESET Remote Administrator is an application which allows you to manage ESET‘s products in a networked environment. ESET Remote Administrator (ERA) is a solution which allows you to administer ESET products, including workstations and servers – from one central location. Thanks to ESET Remote Administrator‘s built-in task management system, you can quickly respond to new problems threats, and - last but not least – install ESET solutions on remote computers.
2. ERA – client/server architecture Technically, ESET Remote Administrator consists of two separate components: ERA Server (ERAS) and ERA Console (ERAC). You can run an unlimited number of ERA Servers and clients on your network as there are no limitations in the license agreement for their use. The only limitation is the total number of clients your installation of ERA can administer (see section 2.1.6 , “License keys”). 2.
2.1.2 ERAS hierarchy at large networks In larger networks multiple ERA Servers can be installed to perform future remote installs of client computers from servers which are more accessible. For this purpose, ERA Server offers “replication“, which allows stored information to be forwarded to a superior ERA Server (“upper server”). Replication can be configured using ERAC. The replication feature is very useful for companies with multiple branches or remote offices.
2.1.3 Installation The installation process is initiated by running the installation package. During this process, you will be prompted to upload a license key, which is a file with the .lic extension. If the Expert installation mode is selected, several other parameters can be defined. They can be modified later in ERAC, but in most cases there is no need to do so. The only exception is the server name.
• The number of clients defined in a .lic file is exceeded This status will be displayed by an error message in ERAC. It will be not possible to administer the extra clients communicating with the ERA Server. License keys should be stored in the folder: %ALLUSERSPROFILE%\Application Data\Eset\Eset Remote Administrator\Server\license During the installation of ERAS, the license key is automatically copied to the above-mentioned folder.
3. Other ESET components in network environment 3.1 ESET client solutions Client solutions are the security products which detect and block malicious code on workstations and servers. The primary client solutions are ESET NOD32 Antivirus 3.0 and ESET Smart Security. Clients communicate through two main channels: • ERA Server on TCP port 2222 in order to submit information such as logs, current configuration, threat alerts, etc.
To access the Configuration Editor, start the ERA Console and click Tools > ESET Configuration Editor. 3.2.1 Configuration layering If a value is changed in the Configuration Editor, the change is marked by a blue symbol. Any entry with the grey icon has not been changed and will not be written to the .xml output configuration. When applying a configuration to clients, only those modifications which have been saved to the .xml output configuration file will be applied. An example is shown below.
specified in the ERA Server. For more information, see the chapter about the configuration of ERAS – the Password for Clients option). If a password is used, the communication between clients and the ERAS will be encrypted. • Kernel > Setup > License keys Client computers require no license keys to be added or managed. License keys are used only for server products. • Kernel > Setup > ThreatSense.Net This branch defines the behavior of the ThreatSense.
3.3.1 Operation of Mirror server The computer hosting the Mirror server should always be running, and connected to the Internet or to an upper Mirror server for replication. Mirror server update packages can be downloaded in two ways: 1. Using the HTTP protocol (recommended) 2. Using a shared network drive (SMB) ESET‘s update servers use the HTTP protocol with authentication.
3.3.3 How to enable and configure Mirror If the Mirror integrated directly into ESET Remote Administrator is used (a Business Edition component), connect to the ERAS using the ERA Console and follow these steps: • From the ERA Console, click Tools > Server Options... and click the Updates tab. • From the Update server: drop-down menu, select Choose Automatically (updates will be downloaded from ESET’s servers), or enter the URL/UNC path to a Mirror server.
• From the Advanced Setup window (F5), click Miscellaneous > License keys. Click the Add... button, browse for the nod32.lic file and click Open. This will install the license and allow configuration of the Mirror feature. • From the Update branch click the Setup... button and select the Mirror tab. • Select the Create update mirror and Provide update files via internal HTTP server option.
4. ESET Remote Administrator Console in detail 4.1 Connecting to ERAS Most features in the ERA Console are available only after connecting to an ERA Server. Before the first connection, first define the server by name or IP address: Open the ERA Console, click File > Edit Connections... and click the Connection tab. Click the Add/Remove... button to add new ERA Servers, or to modify currently listed servers.
Information is divided into several tabs (2) in order of importance. In most cases data can be (5) sorted in ascending or in descending order by clicking on an attribute, while a drag-and-drop operation can be used for reorganization. If multiple data rows are to be processed, you can limit them by using the Items to show drop-down menu and the browse page by page buttons. Select a View mode to display attributes according to your need. For more information see section 4.3, “Information filtering”.
• Only clients beginning like Output will list only clients with names beginning with the specified string. • Only clients like Output will list only clients with names containing the specified string • Exclude clients (using whole word), Exclude clients beginning like, Exclude clients like These options will yield opposite results to the previous three The Primary server, Computer name, Client name and MAC Address fields accept whole strings.
4.3.4 Views In the Clients tab, the number of columns displayed can be adjusted by using the View mode: drop-down menu on the far right side of the Console. When the Full View Mode is active, all columns are displayed, while the Minimal View Mode shows only the most important columns. These modes are predefined and cannot be modified. To activate the Custom View, select Custom View Mode. The Custom View can be configured in Tools > Console Options... by clicking the Columns – Show/Hide tab. 4.
Figure 5 4.4.3 Click Request to retrieve missing information from inferior ERA Servers. Clients tab This tab displays general information about individual clients. Attribute Description Client Name Name identifying a client computer in ERA. New clients use the value “Computer Name”. Client Name can be modified with no side effects.
Last Files Scanned Number of scanned files during the last On-demand scan Last Files Infected Number of infected files during the last On-demand scan Last Files Cleaned Number of cleaned (or deleted) files during the last On-demand scan Last Scan Date Time of the last On-demand scan Restart Request Is a restart required (e.g.
Figure 7 Detailed information about a client workstation. The Clients tab offers several options after double-clicking on a client: • General tab Contains similar information to that displayed in the Clients tab. Here you can specify the Client Name - the name under which this client is visible in ERA, plus an optional comment. • Member Of Groups tab This tab lists all groups to which the client belongs. For more information please see “Information filtering“ in section 4.3.
4.4.4 Threat Log tab This tab contains detailed information about individual virus or threat incidents. Attribute Threat Id Client Name Computer Name MAC Address Primary Server Date Received Date Occurred Level Scanner Object Name Threat Action User Information 4.4.
Level Event level Plugin Name of the program component reporting the event Event Description of the event User Name of the user logged in when the event occurred 4.4.7 The Scan Log tab This tab lists results of On-demand computer scans that were started remotely, locally on client computers, or as scheduled tasks.
• Top Threats List of the most frequently detected threats • Top Clients with most Threats Lists the most “active” client workstations (in number of detected threats) • Threats Progress Progress of malware events (number) • Threats Comparative Progress Progress of malware events by selected threats (using filter) compared with the total number of malware • Threats By Scanner Number of threat alerts from the individual program modules • Threats By Object Number of threat alerts according to the way they atte
the number of generated reports (End after), or a date that the report-generation process is not to exceed (End by). To save settings of defined reports to a template, click the Save or Save as... buttons. If you are creating a new template, click the Save as... button and give the template a name. At the top of the Console window in the Report templates section, you can see names of templates that were already created.
• Remote Administrator updates This section allows you to enable checking for new versions of ESET Remote Administrator. We recommend that you leave the default value of Monthly. If a new version is available, the ERA Console displays a notification at program startup. • Use automatic refresh If selected, data in individual tabs is automatically refreshed according to the designated interval.
• Password for ESET Remote Installer (Agent) Sets password for the installer agent to access the ERAS. Relevant for remote installations • Enable unauthenticated access for Clients (ESET Security Products) Enables access to ERAS for those clients which do not have a valid password specified (if current password is different from Password for Clients).
• Replication “to“ settings • Replication “from“ settings The Replication “to“settings section is used to configure lower ERA Servers. The option Enable “to“ replication must be enabled and the IP address or the name of the master ERA Server (Upper server) entered. Data from the lower server is then replicated to the master server. The Replication “from“ settings allow master “upper” ERA Servers to accept data from lower ERA Servers, or to transfer them to their master servers.
replicated only on demand. The reason is that some logs contain large amounts of data that may not be relevant. For example, a scan log with the Log all files option enabled will consume a signficant amount of disk space. Such information is usually not necessary and can be requested manually. 4.6.6 Updates This tab allows you to configure the settings of the Mirror feature which are integrated into ESET Remote Administrator (ERAS).
5. Tasks ESET Remote Administrator allows you to remotely perform tasks on client workstations. These tasks are performed at the moment the client establishes a connection to the ERA Server (on the TCP 2222), which is every five minutes. Three types of tasks are available: • Configuration – Modifies configuration of clients • On-Demand Scan – Performs an On-demand scan • Update Now – Forces update task To open the task wizard from the ERA Console, press CTRL+N, click File > New Task...
5.2 On-Demand Scan task To create an On-demand scan task, first specify which client computers will apply the task (From a technical perspective, there are minor differences in the scan task settings between generation 2.x and 3.x). NOTE: If the administrator enables On-demand Scan task for Windows NOD32 and also On-demand Scan task for Windows ESET Security Product, the same task can be used for both older and newer versions of the program.
6. Installation of ESET’s client solutions This chapter is dedicated to the installation (both direct and remote) of ESET’s client solutions for Microsoft Windows operating systems. NOTE: Although it is technically feasible, we recommend that the remote installation feature is used to install ESET products to workstations only (not servers). 6.1 Command line parameters for direct installation of client solutions There are several parameters which can affect the installation process.
There are differences in applying the .xml configuration format between versions 3.x and 2.x of ESET client solutions: • Version 3.x: Download the installation file (e.g., ess_nt32_enu.msi) from ESET’s web site. Insert the .xml configuration file (cfg.xml) to the directory where the install file is located. If you run the installer, it will automatically adopt the configuration from the .xml configuration file. If the .
Figure 9 Dialog window of the installation packages Editor Each package is automatically assigned an ESET Remote Installer agent, which allows for seamless installation and communication between target workstations and ERAS. The ESET Remote Installer agent is named einstaller.exe and contains the ERA Server name, and the name and type of package to which it belongs. The following chapters provide a detailed description of the agent. 6.2.
3) From the Package drop-down menu, select the desired install package to be delivered to target workstations. 4) In the panel on the right, select those workstations to which you intend push the package. 5) Click Install (you can also click Get Info to view information on selected clients). 6) In most cases, you will be prompted to insert the user name and password of the account under which the installation will take place (it must be an account with administrator rights).
9) Agent starts as a service under the account specified in step 6. 10) Agent establishes communication with its “mother” ERAS and downloads the corresponding install package on TCP port 2224. 11) Agent installs the package under the administrator account defined in step 6; the corresponding .xml configuration and command line parameters are also applied. 12) Immediately after the installation is complete, the agent sends a message back to ERAS. Some ESET solutions require a reboot.
• Logon... Opens a dialog window for specifying the administrator user name and password, which is otherwise displayed automatically (step 6). This feature forces logon to selected workstations. • Logoff Terminates logon session for selected workstations • Add Client... Adds individual clients (workstations) to the list. Enter IP address or the name of the client. Additional clients can be added simultaneously. 6.2.4 Logon / email remote install The Logon and email remote install methods are very similar.
Figure 10 Export Installer to Folder / Logon Script dialog window Attaching the agent (einstaller.exe) to email: • • • • • Click Email... on the Remote Install tab and select the Type and the name of the Package you wish to install. Click To... to select addresses from the address book3 (or insert individual addresses). Insert a Subject in the corresponding field. Type a message into Body. Click Send to send the message.
adopts settings from the Set Default Logon for E-mail and Logon Script settings in the Remote Install tab. Click Logon... to specify the user name and password of the account under which the installation of the package is to be performed. It must be an account with administrator rights or, preferably, a domain administrator account. NOTE: Values inserted in the Logon...dialog window are forgotten after each service (ERAS) restart. 6.2.
If the einstaller.exe agent is launched on a workstation with the Microsoft Windows NT4/2000/XP/Vista operating system: 1. einstaller.exe contacts ERAS on TCP port 2224 and adopts the user name and password defined in ERA (either during installation, or using the Logon...button ). 2. (1) is the signal for ERAS to send the corresponding install package via admin$. 3. The waiting einstaller.exe collects the package and starts the installation under the defined account, applying the associated .
Could not set up IPC connection to target computer (SC error code 6, GLE error code 1326) While SC error codes are primarily for internal identification, GLE codes are more important for the user. These are the typical “Win32 Error Codes“, which can be found at the following URL: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp The example above – GLE error 1326 – is caused by an incorrect user name and password for the account used for installation.
7. Deployment scenarios for ESET Remote Administrator, Mirror server and ESET client solutions 7.1 Small network – 1x ERAS, 1x Mirror server Suppose all clients are Microsoft Windows 2000/XP workstations and notebooks, networked within a domain. The server named GHOST is online 24/7 and can be a Windows workstation, Professional, or Server edition (it does not have to be an Active Directory Server).
• Click OK to save the settings. Now, perform an update of the virus signature database by clicking Update > Update virus signature database from the main program window. This will download all necessary files to the C:\ESET folder and activate the Mirror server. 7.1.2 Installation of ERA Server We recommend that you install the ERA Server on the same computer which stores the update (Mirror ) files– GHOST, in the example above. During the installation, the license key file (nod32.
• Click Create to insert the installation file to the package (it may take a few minutes for the .msi files to be delivered to ERA Server). • Click Edit in the Installation Packages Editor window to assign an .xml configuration file for the package. This configuration file will be applied later when installing the package.
• • • • Click the Edit button to modify the .xml file created using the ERAC Editor in section 7.1.4. Navigate to ESET Smart Security, ESET NOD32 Antivirus > Update > Profile (My profile). Right-click Profile (My profile) and select New Profile... from the context menu. In the New Profile dialog window, verify that Update is highlighted and then deselect the Use default profile name check box. • Enter a New Profile name, such as notebook. • Click OK to save the configuration.
If you already have a logon script in use for other purposes, ERAC can automatically add a line to your existing script. This will allow notebooks to receive the latest virus signature update whenever they log on to the domain. To add this line to your existing script, follow the steps below: • Click the ... button to the right of the Script Folder field and select the folder where your script resides. • From the Remote Install tab, click Logon...
7.2.2 Subsidiary: installation of ERA Server As in the example above, install the second ERA Server. Again, enable and configure the replication settings. Select the option Enable “to” replication (Tools > Server Options... > Replication) and enter the IP address4 of the master ERA Server into the Upper server field - the IP address of the GHOST server, in our example. 7.2.
8. Hints & tips 8.1 Export and other features of client XML configuration From the ERA Console, select any clients in the Clients tab in ERA Console. Right-click and select Configuration... from the context menu. Click Save As... to export the assigned configuration of the given client to an .xml file6. The .xml file can be used afterwards for various operations: • For remote installations, the .xml file can be used as a template for a predefined configuration. This means that no new .
Security, ESET NOD32 Antivirus > Kernel > Setup > Scheduler/Planner or NOD32 version 2 > General > Setup > Scheduler/Planner. Click the Edit button to display the Scheduled tasks window. • To create a new task, click Add. From the Scheduled task drop-down menu, select Update and click Next. • Enter the Task name (e.g., “combined update”), select Repeatedly and click Next. • Leave the Interval between task execution set to 60. Click Next twice to accept the defaults and then click Finish.
8.4 Scheduler setup To modify scheduled tasks remotely, open the ESET Configuration Editor and navigate to ESET Smart Security, ESET NOD32 Antivirus > Kernel > Setup > Scheduler/Planner (or NOD32 version 2 / General /Setup / Scheduler/ Planner) and click the Edit button. If you intend to add new tasks, you can use a completely new (empty) .xml configuration. If you wish to modify or remove existing tasks, it is necessary to: • Use an .
The functionality of the buttons in the dialog window are as follows: • • • • • • Add... – Adds new tasks Edit – Modifies selected tasks Change ID – Modifies ID of selected tasks Details – Summary information about the selected task Select for deletion – Application of .xml file will remove tasks selected by clicking this button from target clients Remove from list – Deletes selected tasks from the list. Please note that tasks removed from the list in the .
