Settings
In the Settings section, you can configure specific settings for the ESET PROTECT Server. These settings are similar to Policies, but they are applied directly on the ESET PROTECT Server.
Connection
Restart the ESET PROTECT Server service for changes in the Connection section to take effect. |
Server port—This is the port for the connection between the ESET PROTECT Server and Agent(s). A change of the port may require changes in firewall settings. The default value is 2222.
Web Console port—Port for the connection between the ESET PROTECT Web Console and the ESET PROTECT Server. The default value is 2223. If you change the port, you may need to change firewall settings.
Advanced security—This setting enables advanced security of network communication of the ESET PROTECT components. Advanced security is enabled by default.
Certificate—Here you can manage ESET PROTECT Server certificates. Click Select existing certificate and select the certificate for the ESET PROTECT Server. Click Upload custom certificate to upload a custom certificate. For more information, see Peer Certificates.
Updates
Select the interval at which updates will be received. You can select:
•Update server at a regular interval—The default value is six hours.
•Update server at intervals specified by a CRON expression—Configure the update interval by using a CRON expression.
Update server—Update server from which the ESET PROTECT Server receives updates for ESET application versions and ESET PROTECT components. The default value is AUTOSELECT. To update ESET PROTECT On-Prem 13.1 from a mirror (Mirror tool), set the full address of the era6 update folder (according to your HTTP server root location). For example: http://your_server_address/mirror/eset_upd/era6
Update type—Select the type of ESET PROTECT Server module updates you want to receive. You can find the current version of installed ESET PROTECT Server modules in Help > About.
Regular update |
ESET PROTECT Server module updates will automatically be downloaded from the ESET server with the least network traffic. Default setting. |
Pre-release update |
These updates have gone through comprehensive internal testing and will be available to the general public soon. You can benefit from enabling pre-release updates by having access to the latest updates for ESET PROTECT Server modules. Pre-release updates may help resolve specific issues with ESET PROTECT Server. However, pre-release updates may be unstable and should not be used on production servers where maximum availability and stability are required. Pre-release updates are available only when AUTOSELECT is defined in the Update server parameter. |
Advanced
Quarantined files upload—Provide the path to the ESET PROTECT Server directory (Upload path) where the exported quarantined files will be saved. Ensure the path is valid and there is enough free space on the server.
HTTP Proxy—Use a proxy server to facilitate internet traffic to clients on your network:
•Specify the Proxy settings (Host, Port, Username and Password). The Host field is the address of the machine running the HTTP Proxy.
•If you install ESET PROTECT On-Prem using the All-in-one installer, HTTP proxy (ESET Bridge) is installed and enabled by default.
•ESET Bridge uses port 3128 by default. You can set a different port if needed. Ensure to set the same port also in the HTTP Proxy configuration (see ESET Bridge Policy).
•The Use direct connection if HTTP proxy is not available toggle is pre-selected as a fallback.
•HTTP Proxy settings are not applied for communication with Two-Factor Authentication servers.
The ESET PROTECT Server can run instant replication of the ESET Management Agent on a client machine via EPNS (Wake-Up Calls). This is useful when you do not want to wait for the regular interval when the ESET Management Agent connects to the ESET PROTECT Server. For example, when you want a Task to be run immediately on client(s) or if you want a Policy to be applied right away.
Wake on LAN—Set up Multicast Addresses if you want to send Wake on LAN calls to one or more IP addresses.
SMTP server—Use an SMTP Server to let the ESET PROTECT Server send email messages (for example, email notifications or reports). Specify details of your SMTP server.
Active Directory—You can pre-set your AD settings. ESET PROTECT On-Prem uses your credentials by default in Active Directory synchronization tasks (user synchronization, static group synchronization). When the related fields are left blank in the task configuration, ESET PROTECT On-Prem uses the pre-set credentials. Use a read-only AD user. ESET PROTECT On-Prem does not make any changes to the AD structure.
•If the ESET PROTECT Server runs on Linux (or a Virtual Appliance), you need to have a Kerberos configuration file set up properly. You can set up Kerberos to synchronize with multiple domains. •If the ESET PROTECT Server runs on a Windows machine connected to a domain, only the Host field is necessary. You can skip all the other Active Directory configuration steps below. Synchronization among more domains is possible if domains have established trust. |
•Host—Type the Server name or IP address of your domain controller.
•Username—Type the Username for your domain controller in the following format:
oDOMAIN\username (ESET PROTECT Server running on Windows)
ousername@FULL.DOMAIN.NAME or username (ESET PROTECT Server running on Linux).
Type the domain in capital letters to properly authenticate queries to an Active Directory server. |
•Password—Type the password used to log on to your domain controller.
•Root container—Type the full identifier of an AD container, for example: CN=John,CN=Users,DC=Corp. It serves as a pre-set Distinguished Name. Copy and paste the value from a server task to ensure accuracy (copy the value from the Distinguished Name field when it is selected).
ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory (AD) connections. You can also configure LDAPS on ESET PROTECT Virtual Appliance. For a successful AD connection over LDAPS, configure the following: 1.The domain controller must have installed a machine certificate. To issue a certificate for your domain controller, follow the steps below: a)Open the Server Manager, click Manage > Add Roles and Features and install the Active Directory Certificate Services > Certification Authority. A new Certification Authority will be created in Trusted Root Certification Authorities. b)Click the notification (yellow triangle) in the Server Manager and Configure Active Directory Certificate Services on the destination server. In the Role Services, select Certification Authority. Finish the configuration by clicking Next. c)Navigate to Start > type certlm.msc and press Enter to run the Certificates Microsoft Management Console snap-in > Certificates—Local Computer > Personal > right-click the empty pane > All Tasks > Request New Certificate > Enroll Domain Controller role. d)Verify that the issued certificate contains the domain controller's FQDN. e)On your ESET PROTECT server, import the CA you generated to the certificate store (using certlm.msc tool) > Local Machine > the Trusted Root Certification Authorities folder. f)Restart the ESET PROTECT server computer. 2.When providing connection settings to the AD server, type the FQDN of the domain controller (as provided in the domain controller certificate) in the Server or Host field. An IP address is no longer sufficient for LDAPS. To enable fallback to the LDAP protocol, select the check box Use LDAP instead of Active Directory in the Static Group Synchronization or User Synchronization task. |
Static Groups > Automatically pair found computers—Enable automatic pairing of found computers to computers already present in Static Groups. Pairing works with the reported hostname from the ESET Management Agent and if it cannot be trusted, it should be disabled. If pairing fails, the computer moves to the Lost & found group.
Repository—Location of the repository server where all installation files are stored.
•The default ESET repository is set to AUTOSELECT (it points to: http://repository.eset.com/v1). It automatically determines the repository server with the best connection based on the geographic location (IP address) of the ESET PROTECT Server (using a CDN—Content Delivery Network). Therefore, you do not need to change the repository settings. •Optionally, you can set a repository that uses only ESET servers: http://repositorynocdn.eset.com/v1 •Never use an IP address to access the ESET repository. •You can create and use an offline repository. |
Participate in product improvement program—Enable or disable the submission of crash reports and anonymous telemetry data to ESET (operating system version and type, ESET application version and other application-specific information).
Trace log verbosity—Set the log verbosity to determine the level of information that will be collected and logged, from Trace (informational) to Fatal (most important critical information).
You can find the latest ESET PROTECT Server log files here:
•Windows: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs
•Linux: /var/log/eset/RemoteAdministrator/Server/
You can set up exporting logs to Syslog.
Database cleanup—To prevent a database overload, you can use this option to regularly clean logs. The database cleanup automatically deletes these types of logs: SysInspector logs, Diagnostics logs, logs that are not collected anymore (logs from removed devices, logs from removed report templates). The database cleanup process runs every night at midnight by default. Changes to this setting take effect following the next cleanup. You can set the cleaning interval for each of these types of logs:
Log type |
Example of a log type |
|---|---|
Detection logs |
• • • • • |
Management logs |
•Tasks •Triggers •Exported configuration •Enrollment |
Audit logs |
•Audit Log and the Audit log report. |
Monitoring logs |
•Device Control •Web Control •Logged users |
Diagnostic logs are cleaned every day. The user cannot change the cleaning interval.
During database cleanup, items in Detections corresponding to the cleaned Incident logs are deleted as well (regardless of detection status). By default, the cleanup period for Incident logs (and Detections) is set to 6 months. You can change the interval in More > Settings. |
API
•REST API—Enable the toggle to enable the REST server. The REST server runs locally on the ESET PROTECT Server.
The REST server running on Linux requires the glibc library version 2.32.0 and later. You can verify the installed glibc version by running this terminal command: ldd --version. |
•Public port (default: 9443)—The port opened for REST API clients. Changing the port requires restarting the ESET PROTECT Server.
•Internal port (default: 2224)—The port used internally by ESET PROTECT Server to communicate with the REST API component that provides the public port. Change this port only if required by your network configuration. Changing the port requires restarting the ESET PROTECT Server.
•Certificate—Select the certificate used for communication between the REST API client and the REST server. You can select the Server certificate by clicking Select existing certificate. However, we recommend using a dedicated certificate for the REST server—click Upload custom certificate.
•The REST server does not accept a SHA-1 certificate. Ensure that Advanced Security is enabled, and that the certificate supports SHA-256. •For proper operation of the API on an ESET PROTECT Server running on Linux, the Common name/Host field in the certificate must contain the actual hostname and cannot use a wildcard character. •Restart the ESET PROTECT Server service for changes in the API Public port, Internal port or Certificate to take effect. |
•Enable Swagger UI—The enabled built-in Swagger UI is accessible at https://localhost:9443/swagger. Replace localhost with the server name or IP address if needed. What is Swagger UI? Swagger UI files are located in:
oWindows: C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Data\swagger-ui
oLinux: /var/opt/eset/RemoteAdministrator/Server/swagger-ui
Additional REST API requirements •Assign the API users the API permission set. The Administrator account cannot use the API. •Ensure to open the API ports in your local firewall. •To use the REST API, the peer certificate for the ESET PROTECT Server (whether used as the REST server certificate or not) must contain localhost in the Common name/Host field. If the peer (Server) certificate does not meet this requirement, create a new certificate and change the Server certificate. |
Customization
Company logo—You can add a custom logo to the ESET PROTECT Web Console, the reports generated via Server Task and email notifications.
|
Web Console |
Reports |
Notifications |
|---|---|---|---|
None |
Basic design, no custom logo |
ESET PROTECT On-Prem logo on the side of the footer. |
ESET PROTECT On-Prem logo on the side of the header. |
Co-branding |
Custom logo for Web Console |
A custom logo in the report footer—ESET PROTECT On-Prem logo and your logo. |
A custom logo in the notification header—ESET PROTECT On-Prem logo and your logo. |
White-labeling (requires MSP subscription) |
Custom logo for Web Console |
A custom logo in the report footer—no ESET PROTECT On-Prem logo, only your logo. |
A custom logo in the notification header. Next to it is Powered by ESET PROTECT On-Prem. |
Select one of the custom logo options > click Upload to select a company logo:
•Dark background logo (Web Console header)—This logo will be displayed in the top corner of Web Console.
•Light background logo—This logo will be displayed in the header (for MSP subscription owners) or footer (co-branding setting) of reports generated via Server Task and in the header of email notifications.
Click
to download the current logo. Click
to remove the current logo.
Reports and Notifications
•Customize reports—Enable this option to use the selected logo in reports and/or to add a footer text.
•Report footer text—Type the text that will be added to the bottom corner of reports generated in PDF format.
A custom logo cannot be used together with custom footer text. The logo has the same position as the footer text. If the logo and the footer are used simultaneously, only the logo will be visible. When using the White-labeling setting, the custom logo will appear in the upper corner of the report; a smaller powered by ESET logo is placed in the bottom corner, instead of the footer text. |
Badges—Disable the Enable badges in the main menu for all users toggle to hide the badges in the main menu.
Export
In the Export section, you can see and edit the configured Syslog servers.
You can configure up to five Syslog servers. |
Add Syslog server—You can configure ESET PROTECT On-Prem to send notifications and event messages to your Syslog server. Also, you can export logs from a client computer's ESET application and send them to the Syslog server.
Click the three dots
icon next to the configured Syslog server and select:
•
Edit—Edit the selected Syslog server configuration.
•
Delete—Remove the selected Syslog server configuration.