Batch files / Scripting

You can use eShell as a powerful scripting tool for automation. To use a batch file with eShell, create one with an eShell and command in it.


eshell get computer real-time status

You can also chain commands, which is sometimes necessary, for instance if you want to type a particular scheduled task, enter the following:

eshell select scheduler task 4 "&" get scheduler action

Item selection (task number 4 in this case) usually applies only to a currently running instance of eShell. If you were to run these two commands one after the other, the second command would fail with the error "No task selected or selected task no longer exists".

For security reasons, the execution policy is set to Limited Scripting by default. This allows you to use eShell as a monitoring tool, but it won't let you make configuration changes to ESET Mail Security by running a script. If you try executing a script with commands that can affect security, for example, by disabling protection, an Access Denied message will be displayed. We recommend that you use signed batch files to execute commands that make configuration changes.

To change configuration using a single command entered manually in the Windows Command Prompt, you must grant eShell full access (not recommended). To grant full access, use ui eshell shell-execution-policy in the Interactive mode of eShell itself, or via GUI in Advanced Setup (F5)> User interface > ESET Shell.


Signed batch files

eShell allows you to secure common batch files (*.bat) with a signature. Scripts are signed with the same password that is used for settings protection. In order to sign a script you need to enable settings protection first. This can be done via the GUI, or from within eShell using set ui access lock-password command. Once the settings protection password is set up you can start signing batch files.


If you change your settings protection password, you must sign all scripts again, otherwise the scripts will fail to execute the following the password change. The password entered when signing a script must match the settings protection password on the target system.

To sign a batch file, run sign <script.bat> from the root context of eShell, where script.bat is the path to the script you want to sign. Enter and confirm the password that will be used for signing. This password must match your settings protection password. A signature is placed at the end of the batch file in the form of a comment. If this script has already been signed, the signature will be replaced with a new one.


When you modify a previously signed batch file, it must be signed again.

To execute a signed batch file from a Windows Command Prompt or as a scheduled task, use following command:

eshell run <script.bat>

Where script.bat is the path to the batch file.


eshell run d:\myeshellscript.bat