Template rules evaluation

Template rules evaluation is handled by ESET Management Agent, not ESET PROTECT (only the result is sent to ESET PROTECT). The evaluation process happens according to the rules that are configured in a Template. Below are a few examples of template rules evaluation process.

You need to distinguish between test for existence (something does not exist at all with that value) and test for difference (something exists but has different value). Here are some basic rules to make this distinction:

•To verify existence: Operation without negation (AND, OR) and operator without negation (=, >, <, contains,...).

•To verify existence of a different value: Operation AND and operators including at least one negation (=, >, <, contains, does not contain,...).

•To verify non-existence of a value: Operations with negation (NAND, NOR) and operators without negation (=, >, <, contains,...).

To verify presence of a list of items (for example, a specific list of applications installed on a computer), you need to create a separate Dynamic Group template for each item in the list and assign the template to a separate Dynamic Group, each Dynamic Group being a sub-group of another. Computers with the list of items are in the last sub-group.

Status is a cluster of various information. Some sources provide more than one dimensional status per machine (for example, Operating System, RAM size, etc.), others provide multidimensional status information (for example, IP Address, Installed Application, etc).

Below is a visual representation of the status of a client:

Network Adapters - IP Address	Network Adapters - MAC Address	OS Name	OS Version	HW - RAM size in MB	Installed Application
192.168.1.2	4A-64-3F-10-FC-75	Windows 11 Enterprise	10.0.22621	2048	ESET Endpoint Security
10.1.1.11	2B-E8-73-BE-81-C7				PDF Reader
124.256.25.25	52-FB-E5-74-35-73				Office Suite
					Weather Forecast

Status is made of information groups. One group of data always provides coherent information organized into rows. The number of rows per group may vary.

Conditions are evaluated per group and per row - if there are more conditions regarding the columns from one group, only the values on the same row are considered.

Example 1:

For this example consider the following condition:

Network Adapters.IP Address = 10.1.1.11 AND Network Adapters.MAC Address = 4A-64-3F-10-FC-75

This rule matches no computer, as there is no such row where both conditions hold true.

Network Adapters - IP Address	Network Adapters - MAC Address	OS Name	OS Version	HW - RAM size in MB	Installed Application
192.168.1.2	4A-64-3F-10-FC-75	Windows 11 Enterprise	10.0.22621	2048	ESET Endpoint Security
10.1.1.11	2B-E8-73-BE-81-C7				PDF Reader
124.256.25.25	52-FB-E5-74-35-73				Office Suite
					Weather Forecast

Example 2:

For this example consider the following condition:

Network Adapters.IP Address = 192.168.1.2 AND Network Adapters.MAC Address = 4A-64-3F-10-FC-75

This time, both conditions match cells on the same row and therefore, the rule as a whole is evaluated as TRUE. The computer is selected.

Network Adapters - IP Address	Network Adapters - MAC Address	OS Name	OS Version	HW - RAM size in MB	Installed Application
192.168.1.2	4A-64-3F-10-FC-75	Windows 11 Enterprise	10.0.22621	2048	ESET Endpoint Security
10.1.1.11	2B-E8-73-BE-81-C7				PDF Reader
124.256.25.25	52-FB-E5-74-35-73				Office Suite
					Weather Forecast

Example 3:

For conditions with the OR operator (at least one condition must be TRUE), such as:

Network Adapters.IP Address = 10.1.1.11 OR Network Adapters.MAC Address = 4A-64-3F-10-FC-75

The rule is TRUE for two rows, as only either of the conditions must be satisfied. The computer is selected.

Network Adapters - IP Address	Network Adapters - MAC Address	OS Name	OS Version	HW - RAM size in MB	Installed Application
192.168.1.2	4A-64-3F-10-FC-75	Windows 11 Enterprise	10.0.22621	2048	ESET Endpoint Security
10.1.1.11	2B-E8-73-BE-81-C7				PDF Reader
124.256.25.25	52-FB-E5-74-35-73				Office Suite
					Weather Forecast

˄˅