Resolving cloning questions

Every time a machine connects to the ESET PROTECT, an entry is created based on two fingerprints:

•an ESET Management Agent UUID (universally unique identifier) - It changes after the ESET Management Agent is re-installed on a machine (see Double Agent situation).

•a machine hardware fingerprint - It changes if the machine is cloned or redeployed.

A question is displayed if ESET PROTECT Server detects one of the following:

•a cloned device connecting

•a change of hardware in an existing device with ESET Management Agent installed

Hardware fingerprint detection is not supported on:

•Linux, macOS, Android, iOS

•machines without ESET Management Agent

Click the question and select:

Resolve question > New computers are being cloned or imagined from this computer:

Option	Action	More details
Match with the existing computer every time	Select this option when: •You use the computer as a master and all its images should connect to the existing computer entry in ESET PROTECT. •You use the computer as a master to set up a VDI environment and the computer is in VDI pool and is expected to recover its identity based on a hardware fingerprint ID.	KB article
Create a new computer every time	Select this option when you use this computer as a master image and you want ESET PROTECT to automatically recognize all clones of this computer as new computers. Do not use with VDI environments.	KB article
Create a new computer this time only	Computer is cloned only once. Select to create a new instance for the cloned device.	KB article

Option

Action

More details

Match with the existing computer every time

Select this option when:

•You use the computer as a master and all its images should connect to the existing computer entry in ESET PROTECT.

•You use the computer as a master to set up a VDI environment and the computer is in VDI pool and is expected to recover its identity based on a hardware fingerprint ID.

KB article

Create a new computer every time

Select this option when you use this computer as a master image and you want ESET PROTECT to automatically recognize all clones of this computer as new computers. Do not use with VDI environments.

KB article

Create a new computer this time only

Computer is cloned only once. Select to create a new instance for the cloned device.

KB article

Resolve question > No computers are cloned from this computer, but its hardware has changed:

Option

Action

Accept changed hardware every time

Disable the hardware detection permanently for this device. Use only if non-existent hardware changes are reported.

This action is irreversible!

If you disable the hardware detection, both Agent and Server store this setting. Re-deployment of the Agent does not restore the disabled HW detection. Machines with disabled hardware detection are not suitable for the VDI scenarios in ESET PROTECT.

Accept changed hardware only this time

Select to renew the hardware fingerprint of the device. Use this option after the hardware of the client computer is changed. Future hardware modifications will be reported again.

Click Resolve to submit the selected option. The cloning question gets resolved next time the cloned computer connects to ESET PROTECT.

question

If you do not resolve a question in 30 days, the Create a new computer this time only option will be selected automatically.

Double Agent situation

If an ESET Management Agent is uninstalled (but the computer is not removed from Web Console) on the client machine and installed again, there are two same computers in the Web Console. One is connecting to ESET PROTECT and the other one is not. The Questions dialog window does not handle this situation. Such a situation is the result of an incorrect agent removal procedure. The only solution is to manually remove the computer that is not connecting from the Web Console. The history and logs created before the re-installation will be lost afterward.

Using the Delete not connecting computers task

If you have a VDI pool of computers and did not resolve the question (refer above) correctly, the Web Console creates a new computer instance after reloading the computer from the pool. Computer instances stack up in the Web Console and licenses can get overused. We do not recommend solving this issue by setting up a task for deleting not connecting computers. Such a procedure removes the history (logs) for deleted computers, and licenses can also be overused.

Overused licenses

When a client computer with installed ESET Management Agent and activated ESET security product gets cloned, each cloned machine can claim another license seat. This process can overuse your licenses. In VDI environments, use an offline license file to activate ESET products and contact ESET to modify your license.

Notifications for cloned computers

A user can choose from three prepared notifications for cloning-related actions. To set up a notification, select the Notifications menu in the Web Console.

•New Computer Enrolled—Notify if a computer is connected for the first time to the selected static group (the group All is selected by default)

•Computer Identity Recovered—Notify if a computer was identified based on its hardware; the computer was cloned from a Master machine or other known source

•Potential Computer Cloning Detected—Notify about a significant hardware modification or cloning if the source machine was not flagged as a Master before

˄˅