Template rules evaluation
Template rules evaluation is handled by ESET Management Agent, not ESET PROTECT Server (only the result is sent to ESET PROTECT Server). The evaluation process happens according to the rules that are configured in a Template. Below are a few examples of template rules evaluation process.
|
You need to distinguish between test for existence (something does not exist at all with that value) and test for difference (something exists but has different value). Here are some basic rules to make this distinction: •To verify existence: Operation without negation (AND, OR) and operator without negation (=, >, <, contains,...). •To verify existence of a different value: Operation AND and operators including at least one negation (=, >, <, contains, does not contain,...). •To verify non-existence of a value: Operations with negation (NAND, NOR) and operators without negation (=, >, <, contains,...). To verify presence of a list of items (for example, a specific list of applications installed on a computer), you need to create a separate Dynamic Group template for each item in the list and assign the template to a separate Dynamic Group, each Dynamic Group being a sub-group of another. Computers with the list of items are in the last sub-group. |
Status is a cluster of various information. Some sources provide more than one dimensional status per machine (for example, Operating System, RAM size, etc.), others provide multidimensional status information (for example, IP Address, Installed Application, etc).
Below is a visual representation of the status of a client:
Network Adapters - IP Address |
Network Adapters - MAC Address |
OS Name |
OS Version |
HW - RAM size in MB |
Installed Application |
|---|---|---|---|---|---|
192.168.1.2 |
4A-64-3F-10-FC-75 |
Windows 11 Enterprise |
10.0.22621 |
2048 |
ESET Endpoint Security |
10.1.1.11 |
2B-E8-73-BE-81-C7 |
|
|
|
PDF Reader |
124.256.25.25 |
52-FB-E5-74-35-73 |
|
|
|
Office Suite |
|
|
|
|
|
Weather Forecast |
Status is made of information groups. One group of data always provides coherent information organized into rows. The number of rows per group may vary.
Conditions are evaluated per group and per row - if there are more conditions regarding the columns from one group, only the values on the same row are considered.
Example 1:
For this example consider the following condition:
Network Adapters.IP Address = 10.1.1.11 AND Network Adapters.MAC Address = 4A-64-3F-10-FC-75
This rule matches no computer, as there is no such row where both conditions hold true.
Network Adapters - IP Address |
Network Adapters - MAC Address |
OS Name |
OS Version |
HW - RAM size in MB |
Installed Application |
|---|---|---|---|---|---|
192.168.1.2 |
4A-64-3F-10-FC-75 |
Windows 11 Enterprise |
10.0.22621 |
2048 |
ESET Endpoint Security |
10.1.1.11 |
2B-E8-73-BE-81-C7 |
|
|
|
PDF Reader |
124.256.25.25 |
52-FB-E5-74-35-73 |
|
|
|
Office Suite |
|
|
|
|
|
Weather Forecast |
Example 2:
For this example consider the following condition:
Network Adapters.IP Address = 192.168.1.2 AND Network Adapters.MAC Address = 4A-64-3F-10-FC-75
This time, both conditions match cells on the same row and therefore, the rule as a whole is evaluated as TRUE. The computer is selected.
Network Adapters - IP Address |
Network Adapters - MAC Address |
OS Name |
OS Version |
HW - RAM size in MB |
Installed Application |
|---|---|---|---|---|---|
192.168.1.2 |
4A-64-3F-10-FC-75 |
Windows 11 Enterprise |
10.0.22621 |
2048 |
ESET Endpoint Security |
10.1.1.11 |
2B-E8-73-BE-81-C7 |
|
|
|
PDF Reader |
124.256.25.25 |
52-FB-E5-74-35-73 |
|
|
|
Office Suite |
|
|
|
|
|
Weather Forecast |
Example 3:
For conditions with the OR operator (at least one condition must be TRUE), such as:
Network Adapters.IP Address = 10.1.1.11 OR Network Adapters.MAC Address = 4A-64-3F-10-FC-75
The rule is TRUE for two rows, as only either of the conditions must be satisfied. The computer is selected.
Network Adapters - IP Address |
Network Adapters - MAC Address |
OS Name |
OS Version |
HW - RAM size in MB |
Installed Application |
|---|---|---|---|---|---|
192.168.1.2 |
4A-64-3F-10-FC-75 |
Windows 11 Enterprise |
10.0.22621 |
2048 |
ESET Endpoint Security |
10.1.1.11 |
2B-E8-73-BE-81-C7 |
|
|
|
PDF Reader |
124.256.25.25 |
52-FB-E5-74-35-73 |
|
|
|
Office Suite |
|
|
|
|
|
Weather Forecast |