Today I will go into some tips and tricks regarding the usage of the ESET Security Management Center.
Most of the discussed material will be regarding best practises and ways to set up/make use of specific parts of the software.
As I was mostly used to the managing of Kaspersky Security Center, I have noticed there were a few distinct steps in logic within the ESET way of doing things.
Hopefully, we can look at those and get your ESMC in the correct direction.
These basics will not go into specific settings and/or details, but will mostly discuss the logic behind them.
Part 1 will focus on Groups, Tasks and Triggers.
DISCLAIMER: Some information mentioned will be my own preferred way of handling/processing certain things. If you find a way that fits your environment and/or company more, just stick with that.
Now, let us look at the ESET Security Management Center.
First, we will want to make a group structure that makes it easy to manage and find specific devices.
There are two types of groups that we can use for this:
- Static groups are like normal folders. You can drag&drop devices and target them using policies, tasks and reports.
- Dynamic groups are more like filters than actual folders. A dynamic group will take all the devices within the static folder it belongs to and then filter it depending on the Dynamic Group Template.
(These are templates filled with rules/filters that can filter out specific devices. By default ESMC already has a good few, but they are easy to create by going to the More option within ESMC and go to Dynamic Group Templates)
You can split the structure up into multiple groups depending on your company and/or customers by dividing it by customer, department, office-location, etc.
Afterwards it can be sub-divided in for example workstations, servers, OS-types, etc.
All of this depends on whether the ESMC will hold only one company, multiple companies or a different configuration.
It is probably best to keep the fundamental structure as static groups and use more generic dynamic groups for basic policies/tasks (I will get back to this later). This is because of certain features like Reports not being able to target dynamic groups well and thus it is desirable to have the main groups set as static.
1. Split up your devices into separate static groups that can later run different reports on depending on what is required for the specific groups
2. If wanted, we can further divide it to make searching and managing for specific devices easier. This is optional.
3. Dynamic groups have endless uses depending on how you have set up the dynamic group template and its filters.
For example, if an environment has multiple companies with different licenses but you still want to have all licenses automatically distributed, you can set up dynamic groups to make this happen.
A good example for this would be to make a dynamic group under each company’s static group that uses the default “Not activated Security Product” dynamic template.
This means that for each company, these is a dynamic group containing all not-activated devices for that specific company (As it only takes from the static group it is in).
Like this you can run tasks (For example an activation task with a company-specific license) that specifically targets not-activated devices for that company.
Now you might wonder "but I would still have to set up a task with a specific schedule to make this automatically happen" right?
Yes. However, dynamic groups have a few options to make this a lot easier.
Let’s take a detailed look at how tasks work and how this can help us automate almost everything.
Tasks are, simply said, what action is going to be run. You could see it as a component, a script, an installer and more. In the end, it boils down to the fact that is an action that can be run on a device. Within ESET are a lot of actions that can be run through a task ranging from CMD-lines to software deinstallation and ESET updates to scans.
However, a task needs directions and this is where triggers come into the picture.
Triggers define 2 things:
- When does the task need to be executed
- On what does the task need to be executed
The combination of task and triggers makes stuff happen on devices.
A big thing about this is that 1 task can have multiple triggers.
Time to go back to the automation part.
When creating a trigger with a dynamic group as target, the trigger type “Joined Dynamic Group Trigger” will become available. This will trigger the task on a device, the moment it gets first added to the dynamic group.
Now, when looking at the example of the activation of devices using a Not activated Security Product .. we can create an activation task with a license that run on devices the moment they get added to the Not activated Security Products group for that specific company/group.
All without us having to lift a finger.
Another example for this would be an automatic installation of the ESET client on Workstations and/or Servers depending on OS-type. For this we can use the Dynamic Group templates to create 2 filters. One template that will filter out Windows OS Workstations that don't have the ESET client and one for Windows OS Servers that don't have the ESET client.
Above an example for the workstation version of the filter. We can adjust this depending on needs.
1. As ESET takes certain logic steps whereby combining filters that use “Does not” and “Does” causes several issues, it is best to have the operation set in such a way that you do not have to use a combination of positive and negative filters. Here NOR fits because it allows me to not use any negative rules.
2. This selects the device type. Here I have included everything that could show up if it already had a client running. This way we can filter out any already installed devices.
3. I have added this due to the fact that we had Kaspersky running on most of the devices. By filtering out anything that contains a different anti-virus makes it so it will not try to install the client while there is something else installed (ESET client will mostly fail its installation when it sees a different anti-virus)
4. Make sure it excludes the OS or device-type that you don’t want it to be automatically installed on. As we do not want the workstation version of ESET on servers, I have excluded those.
What we now have is a Dynamic Group Template that we can then use to create a dynamic group with that template so that it filters workstations without ESET client installed.
All that is left is to create a task that installs the ESET client and set it to make use of the special “Joined Dynamic Group Trigger” which thus will make it install the ESET client whenever a workstation arrives with only an ESET agent.
We can do the same for Servers.
There are a LOT of options within Dynamic Group Templates and it can make your automation life a whole lot easier, so I can recommend trying to get the hang of creating/editing them for use with your dynamic groups.
One last thing that is important is to make use of the fact that 1 task can have multiple triggers.
Some tasks like a scan are universal for all the devices, whether Workstation or Server, so why would you make multiple tasks for different device-types if all you need is 1 task with multiple triggers?
All we have to do is make a scan task (Or any other task), set it up the way we want it and then use multiple triggers to make it run on different times with different devices.
For example, a scan task can have a trigger during the day for workstations and in the evening or weekend for servers.
Hopefully, this has given some idea’s on how to make ESMC a lot less chaotic.
Part 2 can be found here.
That one will focus more on policies and ways they can be applied and changed.
Categories: ESET, Basics, Informational
Patrick Berger AKA Powershellder.
[ i ] Parallax section below. Click on the section below to upload image. Don't worry if it looks weird in the Weebly editor. It'll look normal on your published site.
To edit or delete your image, press the "toggle" button below. Then, hover over your image until a popup appears with the "edit" and "delete" options. If you don't want a white content section, leave it blank. It will disappear on your live website.