Policies for Security Appliance & Protected VMs

You can use policies to configure your ESET product. Policies for ESET Virtualization Security are created and managed from the ESET Remote Administrator Webconsole in the Admin > Policies tab. Click Policies at the bottom and select New from the context menu.

Policies are used to push specific configurations to ESET products running on client computers. This allows you to avoid configuring each client's ESET product manually. A policy can be applied directly to individual Computers (virtual machines) as well as groups (Static and Dynamic). You can also assign multiple policies to a virtual machine or a group.

Policy application

Policies are applied in the order that Static Groups are arranged. This is not true for Dynamic Groups, where policies are enforced on child Dynamic Groups first. This allows you to apply policies with greater impact at the top of the Group tree and apply more specific policies for subgroups. Using flags, an ERA user with access to groups located higher in the tree can override the policies of lower Groups. The algorithm is explained in detail in How Policies are applied to clients.

Merging policies

The policy applied to a client is usually the result of multiple policies being merged into one final policy.


We recommend that you assign more generic policies (for example, general settings such as update server) to groups that are higher within the groups tree. More specific policies should be assigned deeper in the groups tree. The lower policy usually overrides the settings of upper policies when merging (unless defined otherwise with policy flags).


When you have a policy in place and remove it later on, the configuration of the virtual machine will not automatically revert back to their original settings once the policy is removed. The configuration will remain true to the last policy that was applied to the virtual machine. The same thing happens when a virtual machine becomes a member of a Dynamic Group to which a certain policy is applied that changes the virtual machine's settings. These settings remain even if the virtual machine leaves the Dynamic Group. Therefore, we recommend that you create a policy with default settings and assign it to the root group (All) to have the settings revert to defaults in such a situation. This way, when a virtual machine leaves a Dynamic Group that changed its settings, this virtual machine receives the default settings.