Client State

Define client filtering parameters in the Client filter window. When a rule is applied, only clients meeting the client filter criteria are taken into consideration. The filtering criteria are:

FROM Primary Server – Only clients from primary server (the negative NOT FROM can also be applied).

Primary Server IN – Includes primary server in the output.

HAS New Flag – clients marked by the flag ”New” (the negative HAS NOT can also be applied).

ERA Groups IN – Clients belonging to the specified group.

Domain/Workgroup IN – Clients belonging to the specified domain.

Computer Name Mask – Clients with the specified computer name.

HAS IPv4 Mask – Clients falling into the specified IPv4 mask.

HAS IPv4 Range – Clients within the specified IPv4 address range.

HAS IPv6 Network Prefix – Clients with the specific IPv6 Network Prefix.

HAS IPv6 Range – Clients within the specified IPv6 address range.

HAS Defined Policy – Clients with the specified policy assigned (the negative HAS NOT can also be applied).

After you have specified a client filter for your notification rule, click OK and proceed to the rule parameters. Client parameters define what condition a client or a group of clients must meet in order to run the notification action. To view the available parameter, click the Edit… button in the Parameters section.

The availability of parameters depends on the selected Trigger type. The following parameters are available for Client State Triggers:

Protection Status Any Warnings – Any warning found in the Protection Status column.

Protection Status Critical Warnings – A critical warning found in the Protection Status column.

Virus Signature DB version – Problem with virus signature database (6 possible values):

 - Previous – Virus signature database is one version older than the current one.

 - Older or N/A – Virus signature database is more than one version older than the current one.

 - Older than 5 versions or N/A – Virus signature database is more than 5 versions older than the current one.

 - Older than 10 versions or N/A – Virus signature database is more than 10 versions older than the current one.

 - Older than 7 days or N/A – Virus signature database is more than 7 days older than the current one.

 - Older than 14 days or N/A – Virus signature database is more than 14 days older than the current one.

Last Connected Warning – The last connection was established before the specified time period.

Has Last Threat Event – The Threat column contains a threat warning.

Has Last Event – The Last Event column contains an entry.

Has Last Firewall Event – The Firewall Event column contains a firewall event entry.

Has New Flag – Client has the ”New” flag.

Waiting For Restart – Client is waiting for restart.

Last Scan Found Threat – On the client, the specified number of threats was found during the last scan.

Last Scan Not Cleaned Threat – On the client, the specified number of uncleaned threats was found during the last scan.

All parameters can be negated, but not all negations are usable. It is only suitable to negate those parameters that include two logical values: true and not true. For example, the parameter Has New Flag only covers clients with the ”New” flag. The negative parameter would include all clients that are not marked by the flag.

All conditions above can be logically combined and inverted. The rule  is applied when drop down-menu offers two choices:

all of the options are met – Rule will only run if all specified parameters are met.

any of the options is met – Rule will run if at least one condition is met.

If the specified parameters for a rule are met, the action defined by the administrator is automatically performed. To configure actions, click Edit… in the Action section.

Activation of the rule can be delayed to a time period ranging from one hour to three months. If you wish to activate the rule as soon as possible, select ASAP from the Activation after drop-down menu. The Notification Manager is activated every 10 minutes by default, so if you select ASAP, the task should run within 10 minutes. If a specific time period is selected from this menu, the action will automatically be performed after the time period has elapsed (provided that the rule condition is met).

The Repeat after every… menu allows you to specify a time interval after which the action will be repeated. However, the condition to activate the rule must still be met. In Server > Advanced > Edit Advanced Settings > ESET Remote Administrator > Server > Setup > Notifications > Interval for notification processing (minutes) you can specify the time interval in which the server will check and execute active rules.

The default value is 10 minutes. We do not recommend decreasing it, since this may cause significant server slowdown.