ESET Online Help

Search English
Select the topic

Batch files / Scripting

You can use eShell as a powerful scripting tool for automation. To use a batch file with eShell, create one with an eShell and command in it.


example

eshell get computer real-time status

You can also chain commands, which is sometimes necessary. For instance, if you want to type a specific scheduled task, type the following:

eshell select scheduler task 4 "&" get scheduler action

Item selection (task number 4 in this case) usually applies only to a currently running eShell instance. If you were to run these two commands one after the other, the second command would fail with the error "No task selected or selected task no longer exists".

The execution policy is set to Limited Scripting by default for security reasons. It enables you to use eShell as a monitoring tool, but it will not let you make configuration changes to ESET Server Security by running a script. If you try executing a script with commands that can affect security, for example, by disabling protection, an Access Denied message will be displayed. We recommend you use signed batch files to execute commands that make configuration changes.

To change configuration using a single command entered manually in the Windows Command Prompt, you must grant eShell full access (not recommended). To grant full access, use ui eshell shell-execution-policy in the Interactive mode of eShell itself or via the main program window in Advanced Setup (F5)> User interface > ESET Shell.

Signed batch files

eShell enables you to secure common batch files (*.bat) with a signature. Scripts are signed with the same password that is used for settings protection. To sign a script you need to enable settings protection first. This can be done via the main program window or within eShell using set ui access lock-password command. You can start signing batch files when the protection password is set up.


note

You must sign all scripts again if you change your settings protection password. Otherwise, the scripts will fail to execute following the password change. The password entered when signing a script must match the settings protection password on the target system.

To sign a batch file, run sign <script.bat> from the root context of eShell, where script.bat is the path to the script you want to sign. Type and confirm the password that will be used for signing. This password must match your settings protection password. A signature is placed at the end of the batch file in the form of a comment. If this script has already been signed, the signature will be replaced with a new one.


note

When you modify a previously signed batch file, it must be signed again.

To execute a signed batch file from a Windows Command Prompt or as a scheduled task, use following command:

eshell run <script.bat>

Where script.bat is the path to the batch file.

eshell run d:\myeshellscript.bat