How to create policies

The default installation only implements one policy called ”Server Policy”. The policy itself is configurable from the ESET Configuration Editor – click Edit Policy... and define parameters for the selected ESET security product (or client). All parameters are organized into a comprehensive structure and all items in the Editor are assigned an icon. Clients will only adopt active parameters (marked by a blue icon). All inactive (greyed out) parameters will remain unchanged on target computers. The same principle applies to inherited and merged policies – a child policy will adopt only active parameters from a parent policy.

ERA Servers allow for multiple policies (New Policy Child...). The following options are available for new policies: Policy name, linking to a Parent policy and Policy configuration (configuration can be empty, you can copy merged policy configuration from a policy in the drop down menu, copied from an .xml configuration file or you can use the Firewall Rules Merge Wizzard). Policies can only be created on the server you are currently connected to via ERAC. To create a policy on a lower server you need to connect directly to that server.

Each policy has two basic attributes: Override any child policy and Down replicable policy. These attributes define how active configuration parameters are adopted by child policies.

Override any child policy – Forces all active parameters to inherited policies. If the child policy differs, the merged policy will contain all active parameters from the parent policy (even though the Override… is active for the child policy). All inactive parameters from the parent policy will adjust to match the child policy. If Override any child policy is not enabled, settings in the child policy have priority over those in the parent policy for the resulting merged policy. Such merged policies will be applied to any additional child policies of the policy that was edited.

Down replicable policy – Activates replication of policies to lower servers, for example, a policy can serve as the default policy for lower servers and can also be assigned to clients connected to lower servers.

Policies can also be imported/exported from/to an .xml file or imported from Groups. For more information see chapter titled Importing/Exporting policies.