ESET Remote Administrator v6 Getting Started Guide for MSPs January 2017

Similar documents
DOCUMENTATION. UVM Appliance Azure. Quick Start Guide

ESET REMOTE ADMINISTRATOR PLUG-IN FOR TIGERPAW Technical Setup and User Guide

ESET REMOTE ADMINISTRATOR PLUG-IN FOR CONNECTWISE Technical Setup and User Guide

ForeScout Extended Module for Carbon Black

Automate Consulting Services

Kaseya 2. Installation guide. Version R8. English

ESET REMOTE ADMINISTRATOR PLUG-IN FOR KASEYA. Technical Setup and User Guide

LabTech Ignite Installation

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Zemana Endpoint Security Administration Guide. Version



2. PRTG LabTech Plugin Configuration and Usage

ESET Remote Administrator 6. Version 6.0 Product Details

Veriato Recon / 360. Version 9.0.3

for businesses with more than 25 seats

UDS Enterprise Free & Evaluation Edition. Lab UDS Enterprise + VMware vsphere + RDP/XRDP

UDS Enterprise Free & Evaluation Edition. Lab UDS Enterprise + VMware vsphere + RDP/XRDP


ESET SHARED LOCAL CACHE

Detector Service Delivery System (SDS) Version 3.0

ForeScout Extended Module for Symantec Endpoint Protection

Kaseya 2. User Guide. Version 6.0

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

Installation Guide. for 6.5 and all add-on modules

Installation Guide. Version R94. English

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

SolarWinds. Patch Manager. Evaluation Guide. Version 2.1.2


VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Dell Wyse Management Suite. Version 1.0 Quick Start Guide

Installation Guide for Pulse on Windows Server 2012

ForeScout Extended Module for VMware AirWatch MDM

ForeScout Extended Module for IBM BigFix

Installing Cisco CMX in a VMware Virtual Machine

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

Table of Contents HOL-1757-MBL-6

Installation on Windows Server 2008

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Installing Cisco Virtual Switch Update Manager

ForeScout Extended Module for MobileIron

This guide details the deployment and initial configuration necessary to maximize the value of JetAdvantage Insights.

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

Installing and Configuring VMware Identity Manager. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

ESET SHARED LOCAL CACHE

DameWare Server. Administrator Guide

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

Evaluation Quick Start Guide Version 10.0 FR1

All - In - One for Hyper- V

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Privileged Identity App Launcher and Session Recording

Contents. Limitations. Prerequisites. Configuration

Transport Gateway Installation / Registration / Configuration

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

New Dropbox Users (don t have a Dropbox account set up with your Exeter account)

ForeScout Extended Module for ServiceNow

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Table of Contents. VMware AirWatch: Technology Partner Integration

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Edge Device Manager Quick Start Guide. Version R15

Migrating vrealize Automation 6.2 to 7.2

KYOCERA Net Admin Installation Guide

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

for businesses with more than 25 seats

ForeScout Extended Module for MaaS360

SynapSense Software. Installation Manual. Release 7.1 Issue 1

Transport Gateway Installation / Registration / Configuration

ForeScout Extended Module for IBM BigFix

Installing and Configuring VMware Identity Manager. Modified on 14 DEC 2017 VMware Identity Manager 2.9.1

USER GUIDE. (intended for product version 6.5 and higher) Click here to download the most recent version of this document

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Application Launcher & Session Recording

EdgeConnect for Amazon Web Services (AWS)

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

AirWatch Mobile Device Management

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

VMware AirWatch Integration with RSA PKI Guide

Sophos Enterprise Console advanced startup guide

VMware Enterprise Systems Connector Installation and Configuration

Azure for On-Premises Administrators Practice Exercises

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

QuickStart Guide for Managing Computers. Version

Demo KACE K1000 System Management Appliance

VMware App Volumes Installation Guide. VMware App Volumes 2.13

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Getting Started with ESXi Embedded

Privileged Access Administrative Interface 17.1


EMS DESKTOP CLIENT Installation Guide

EventTracker: Virtual Appliance

Cisco TelePresence Management Suite Provisioning Extension

Symantec Endpoint Protection Installation Guide

Deploy the ExtraHop Discover Appliance in Azure

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Online Backup Client User Manual

Intel Small Business Extended Access. Deployment Guide

Transcription:

ESET Remote Administrator v6 Getting Started Guide for MSPs January 2017

Table of Contents Table of Contents... 2 Environmental Pre-requisites... 3 Installing ESET Remote Administrator (ERA)... 4 Configuring ERA (MSP Best Practices)... 6 Create BASE policies... 7 Create a new customer in ERA and prepare for deployment... 10 Deploy ESET ERA agent and security products... 12 ESET MSP Getting Started Guide Page 2

Environmental Pre-requisites ERA Getting Started Guide for MSPs Jan 2017 The ERA management server is required to manage ESET endpoint products across all OS platforms under a single management console. The following pre-requisites should be configured in the environment before proceeding with the install of ERA: One of the following (either/or): o Windows machine (supported on Windows Client or Server OS. Windows Server 2012 R2 is recommended) Recommended hardware (virtual or physical): 2 vcpu, 8 GB RAM, 40 GB free disk space (after Windows install) base build with OS updates static IP address Install Java Runtime Environment (version 7 or later) and ensure Java is updating correctly Install Microsoft.NET Framework 3.5 using the Add Roles and Features Wizard (Windows Server) or Turn Windows Features On or Off (Windows Client) ESET Remote Administrator Software downloaded. o ERA Linux virtual appliance deployed via OVA NOTE that when installing the Linux virtual appliance, the password that you set as the admin console password will automatically be set as the internal certificate authority password as well Download the ESET Remote Administrator Windows installer or Linux Virtual appliance here: https://www.eset.com/us/support/download/business/remote-administrator-6/ Firewall rule pointing an external IP address to the ERA server on port 2222 o encrypted communication of endpoint agents to server Firewall rule pointing an external IP address to the ERA server on port 443 o Access to ERA management console from outside of your network NOTE this is only required if you desire to be able to access the ERA management console while outside your internal network and do not have an alternative method of accessing the LAN (i.e. RDP, VPN, VDI, etc.) NOTE that ESET plugins to RMM and PSA tools (i.e. Kaseya, Labtech, Tigerpaw, Connectwise or Autotask) will use port 2223 for API communications to the ERA server and either port 80 or 443 (80 by default) for policy display. If there is a firewall between your RMM/PSA server and your ERA server, these port must be transitively allowed between these systems An A record in your public DNS zone pointing to the external IP address used in the firewall rule. It can new (i.e. era.yourpublicdomain.com) or existing (i.e. mail. yourpublicdomain.com) ESET MSP Getting Started Guide Page 3

Installing ESET Remote Administrator (ERA) 1. Extract the zip file downloaded and access the folder 2. Right click on setup.exe and select Run as administrator. a) If prompted accept the User Account Control elevation prompt 3. Click next on the start-up screen 4. Select Install Remote Administrator Server and click Next. 5. Read the End-User License Agreement. If you agree, select I accept the terms in the license agreement and click Next. 6. Your network architecture will determine which components should be installed. Read the descriptions below and deselect the check box next to any components that you do not want to install: a) Microsoft SQL Server Express: If you have an existing Microsoft SQL or MySQL database that you will use with ESET Remote Administrator, deselect this check box. Leave this check box selected to create a new Microsoft SQL Server Express database for use with ESET Remote Administrator. b) Web Console: This will install the Apache Tomcat service necessary for ESET Remote Administrator Server to manage clients. Leave this check box selected. c) ESET Mobile Device Connector: This will install the ESET Mobile Device Connector (EMDC) component, which allows for the remote management of Android and ios devices. If you will manage mobile devices, select this option. If not leave it deselected. See our EMDC FAQ for more information. d) ESET Rogue Detection Sensor: Deselect this component. This will install ESET Rogue Detection Sensor, a component that helps locate unmanaged computers on your network so that you can deploy resources to allow for their management via ERA. This is only useful for machines on your internal network, not customer machines. e) Apache HTTP Proxy: Deselect this component i) Using HTTP Proxy will create and apply several proxy-based policies for clients and apply them automatically, which can affect your ability to download updates. You can install Apache HTTP Proxy later if you want. Click Install when you are done selecting components. Installation time will vary depending on your system configuration. If a prerequisite is not satisfied or an error occurs, follow the instructions from the installer to resolve any issues. ESET MSP Getting Started Guide Page 4

7. Upon completion of the SQL Express installation (if applicable) the ESET Remote Administrator Server setup wizard will begin 8. Click Next in the ESET Remote Administrator Server Setup window. 9. If you chose to have Microsoft SQL Server Express installed in step 6, click Next to perform a database connection check and then continue to step 11 Users with a pre-existing database: Select the appropriate database type from the Database drop-down menu. Type the Database name, Hostname and Port (you can find this information in SQL Server Configuration Manager) for your database into the appropriate fields and then click Next. In the following screen, select Use existing user and then enter the Database username and Password if one is used. 10. Type the password you will use to log into ERA Web Console into the Password and Confirm Password fields. Make sure to record this password for use later and then click Next. a) NOTE if you are deploying the Linux virtual appliance the password for the certificate authority is automatically set as the same password that is specified as the administrative log in for the ERA console. 12. In the Certificate Information window, leave all fields at default and click next a) NOTE if you are deploying the Linux virtual appliance the password for the certificate authority is automatically set as the same password that is specified as the administrative log in for the ERA console. 13. Select Activate Later and click Next. 14. Click Install. 15. Upon successful installation, click Next to install the ESET Remote Administrator agent, and subsequently any additional modules (MDC, Rogue Detection Sensor) that you had chosen during setup. 16. At the installation successful window click the URL link to open the ERA web console. Bookmark the page for easy access in the future. How do I open ERA Web Console? ESET MSP Getting Started Guide Page 5

Configuring ERA (MSP Best Practices) 1) Skip the startup wizard LICENSING ERA 2) Go in to Admin>License Management and add the Security Administrator account created in the Ingram Micro Cloud Marketplace. a) NOTE: Once these credentials have been added to ERA, one simply needs to hit the Synchronize Licenses button and changes made in the licensing portal will automatically be synced to ERA within about 5 minutes. CREATE DYNAMIC GROUP TEMPLATES 3) Go to Admin>Dynamic Group Templates and create three (3) new dynamic group templates: a) Windows Client OS i) BASIC: (1) Name: Windows Client OS (2) Description: machine runs a Windows Client Operating System ii) EXPRESSION: (1) Operation: AND (All conditions have to be TRUE) (2) RULES: (a) OS Edition, OS Type equals Microsoft Windows (b) OS Edition, OS Name doesn t contain Server b) Windows Server OS i) BASIC: (1) Name: Windows Server OS (2) Description: machine runs a Windows Server OS ii) EXPRESSION: (1) Operation: AND (all conditions have to be TRUE) (2) RULES: (a) OS Edition, OS Type equals Microsoft Windows (b) OS Edition, OS Name contains Server c) No ESET Security Product i) BASIC: (1) Name: No ESET Security Product (2) Description: machine does not have an ESET security product installed ii) EXPRESSION: (1) Operation: NOR (All conditions have to be FALSE) (2) RULES: (a) Installed Software, Application Name contains ESET Endpoint (b) Installed Software, Application Name contains ESET File (c) Installed Software, Application Name contains ESET Mail ESET MSP Getting Started Guide Page 6

CREATE _CUSTOMER AND _INTERNAL PARENT STATIC GROUPS 4) Go in to Admin>Groups and click on the ALL group at the top. Click on the settings gear that appears on the right side of the group. 5) Select New Static Group. 6) Name the static group _CUSTOMERS and click finish. 7) Go in to Admin>Groups and click on the ALL group at the top. Click on the settings gear that appears on the right side of the group. 8) Select New Static Group. 9) Name the Static group _INTERNAL and click finish. Create BASE policies 1) Go to Admin>Groups and find the Windows dynamic group that nests under the ALL static group. Click on the settings gear that appears on the right side of the Windows dynamic group, name it Clients and use the Windows Client OS dynamic group template 2) Repeat task 1, this time creating a Servers dynamic group based off of the Windows Server OS dynamic group template If a setting is not specified in the instructions below, please leave at default Create Base ERA Agent policy 3) Go to Admin>Policies and click on new policy. Name the policy _BASE ERA Agent policy a) Expand SETTINGS and under Select Product choose ESET Remote Administrator Agent i) Expand out ADVANCED SETTINGS (1) Ensure that under HTTP PROXY the setting for Use proxy server is set to off (2) Scroll down to OPERATING SYSTEM and configure the settings as follows: (a) Report non-eset-installed applications ON (b) Report if operating system is not up-to-date (i) ON if not using an RMM or other patch management solution (ii) OFF if using an RMM or patch management solution (c) Report network firewall issues OFF (d) Report virus and spyware protection issues ON (3) Scroll down to SETUP and enter a password to protect the uninstall or modification of settings of the agent on the endpoint b) Expand out ASSIGN i) click on ASSIGN button. ESET MSP Getting Started Guide Page 7

ii) Select the box next to the ALL static group to assign the base ERA agent policy to all agents in the console c) Click on finish Create Base ESET Security Product for Windows clients policy 4) Go to Admin>Policies and click on new policy. Name the policy _BASE <PRODUCT> Windows Client Policy (i.e. _BASE EES Windows Client policy) a) Expand SETTINGS and under Select Product choose ESET Security Product for Windows i) Click on the ANTIVIRUS tab (1) Expand out BASIC (a) Configure the settings as follows: (i) Enable detection of potentially unwanted applications - ON (ii) Enable detection of potentially unsafe applications - ON (2) Beneath ANTIVIRUS, click on the Real-time file system protection tab (a) Expand out THREATSENSE PARAMETERS (i) Configure the settings as follows: 1. Runtime packers - ON 2. Advanced heuristics/dna signatures - ON (3) Beneath ANTIVIRUS click on On-demand computer scan (a) Expand out BASIC (i) For Selected Profile choose In-Depth Scan (b) Expand out THREATSENSE PARAMETERS (i) Scroll to cleaning level and select Strict Cleaning (4) Beneath ANTIVIRUS click on Removable Media (a) Expand out BASIC (i) For Action select Automatic device scan ii) Click on the PERSONAL FIREWALL tab - *NOTE* The settings on this tab only apply to ESET Endpoint Security, not ESET Endpoint Antivirus (1) Expand out BASIC (a) Click the slider bar for Enable Personal Firewall to OFF iii) Click on TOOLS tab (1) Expand out MICROSOFT WINDOWS UPDATE (a) For Notify about Microsoft Windows system updates select the following: (i) Recommended updates if NOT using an RMM or other patch management tool (ii) No updates if using an RMM or other patch management tool (2) Beneath TOOLS click on Email notifications (a) Configure SMTP email notifications from the endpoint, if desired iv) Click on USER INTERFACE tab (1) Expand out USER INTERFACE ELEMENTS (a) Configure the settings as follows: (i) Start Mode Minimal (ii) Show splash-screen at startup OFF (iii) Use sound signal OFF ESET MSP Getting Started Guide Page 8

(iv) Show license information OFF (v) Show license messages and notifications OFF (2) Expand out ALERTS AND NOTIFICATIONS (a) Configure the settings as follows: (i) Display alerts OFF (ii) Display notifications on desktop OFF (3) Expand out ACCESS SETUP (a) Set password to protect the advanced settings and uninstall of Windows client security product b) Expand out ASSIGN and click on the ASSIGN button i) Assign the policy to the ALL>Windows>Clients dynamic group created in step 1 of this section c) Click on finish Create Base ESET Security for Windows Server policy 5) Go to Admin>Policies and click on new policy. Name the policy _BASE EFS Windows Server Policy a) Expand SETTINGS and under Select Product choose ESET File Security for Windows Server (V6+) i) Click on the ANTIVIRUS tab (1) Expand out BASIC (a) Click the following slide bars to ON: (i) Enable detection of potentially unwanted applications (ii) Enable detection of potentially unsafe applications (2) Beneath ANTIVIRUS, click on the Real-time file system protection tab (a) Expand out THREATSENSE PARAMETERS (i) Configure the settings as follows: 1. Runtime packers - ON 2. Advanced heuristics/dna signatures ON 3. Cleaning level Strict Cleaning (3) Beneath ANTIVIRUS click on On-demand computer scan (a) Expand out BASIC (i) For Selected Profile choose Smart Scan (b) Expand out THREATSENSE PARAMETERS (i) Scroll to cleaning level and select Strict Cleaning (c) Expand out BASIC (i) For Selected Profile choose In-Depth Scan (d) Expand out THREATSENSE PARAMETERS (i) Scroll to cleaning level and select Strict Cleaning (4) Beneath ANTIVIRUS click on Startup scan (a) Expand out THREATSENSE PARAMETERS (i) Scroll to cleaning level and select Strict Cleaning (5) Beneath ANTIVIRUS click on Removable Media (a) Expand out BASIC (i) For Action select Automatic device scan ii) Click on TOOLS tab ESET MSP Getting Started Guide Page 9

(1) Expand out MICROSOFT WINDOWS UPDATE (a) For Notify about Microsoft Windows system updates select the following: (i) Recommended updates if NOT using an RMM or other patch management tool (ii) No updates if using an RMM or other patch management tool (2) Beneath TOOLS click on Email notifications (a) Configure SMTP email notifications from the endpoint if desired (3) Beneath TOOLS click on Presentation Mode (a) Click the slider for Enable Presentation mode when running applications in fullscreen mode automatically to OFF iii) Click on USER INTERFACE tab (1) Expand out USER INTERFACE ELEMENTS (a) Configure the settings as follows: (i) Start Mode Terminal (ii) Show splash-screen at startup OFF (iii) Use sound signal OFF (iv) Show license information OFF (v) Show license messages and notifications OFF (2) Expand out ALERTS AND NOTIFICATIONS (a) Configure the settings as follows: (i) Display alerts OFF (ii) Display notifications on desktop OFF (3) Expand out ACCESS SETUP (a) Set password to protect the advanced settings and uninstall of Windows server security product b) Expand out ASSIGN and click on the ASSIGN button i) Assign the policy to the ALL>Windows>Servers dynamic group created in step 2 of this section c) Click on finish Create a new customer in ERA and prepare for deployment 1) Insert instructions for license procurement in Ingram Cloud Marketplace (Enter in link for ESET page in Ingram Cloud Marketplace) 2) Go to Admin>License Management (in ERA) and click on synchronize licenses 3) Go to Admin>Groups and create a new static group nested under the _CUSTOMERS static group for each customer (left click settings gear that appears when you click on the _CUSTOMERS static group) 4) Create new dynamic group(s) nested under the new customer s static group for the types of machines that will be managed (Windows clients, Windows servers, Macs, etc.) based off of their respective dynamic group templates ESET MSP Getting Started Guide Page 10

5) Create a new dynamic group nested under each of the dynamic groups created in step 4 called ESET Not Activated and use the security product not activated dynamic group template 6) Go to Admin>Client Tasks and go to product activation task. Create new task (or duplicate existing) and name the task <Customer> <Product> (Windows Client) Activation i.e. Acme, Inc EES (Windows Client) Activation. Under settings of the task, specify the customer s windows client product license. 7) Upon clicking finish you will be prompted to create a trigger. Click on the blue Create Trigger button and name the trigger joined [Customer]>windows>clients>ESET not activated dynamic group. Target the ESET not activated dynamic group nested under the [Customer]>windows>clients dynamic group that was created in step 4. Under trigger, set the trigger type to Joined Dynamic Group Trigger a. REPEAT steps 6 and 7 for all products types to be used by the customer: i.e. EES (Windows Client), EFS (Windows Server), EES for Mac (Mac Client), etc. b. Target the product activation tasks for each product to the corresponding ESET Not Activated dynamic group(s) created in step 4 NOTE: Steps 8 10 are first time/one time set up steps. Steps 11 13 will be repeated for each new customer created in ERA 8) Go to Admin>Groups and find the Clients dynamic group nested under the ALL>Windows dynamic group. Create a sub-dynamic group called ESET not activated, and base this dynamic groups off of the Security Product Not Activated dynamic group template. Repeat this step for each OS type that will be managed in the environment (Clients, Servers, Macs, etc.) 9) Go to Admin>Client Tasks and go to product activation task. Create new task and name the task <Product> (Windows Client) Activation i.e. EES (Windows Client) Activation. Under settings of the task, specify the windows client license and click finish. 10) Upon clicking finish you will be prompted to create a trigger. Click on the blue Create Trigger button and name the trigger joined ALL>windows>clients>ESET not activated dynamic group. Target the ESET not activated dynamic group nested under the ALL>windows>clients dynamic group that was created in step 10. Under trigger, set the trigger type to Joined Dynamic Group Trigger c. REPEAT steps 9 and 10 for all products types to be managed in your environment: i.e. EES (Windows Client), EFS (Windows Server), EES for Mac (Mac Client), etc. d. Target the product activation tasks for each product to the corresponding ESET Not Activated dynamic group(s) created in step 10 Repeat steps 13 15 for each new customer 11) Go to Admin>License Management and click on synchronize licenses. Ensure that you have enough available licenses for your anticipated deployment ESET MSP Getting Started Guide Page 11

12) Go to Admin>Groups and create a new static group for each customer nested in the _CUSTOMERS static group (left click settings gear that appears when you click on the _CUSTOMERS static group) 13) Go to Admin>Groups and create a new dynamic group nested under the new customer s folder for the types of machines that will be managed (Windows clients, Windows servers, Macs, etc.) based off of their respective dynamic group templates Deploy ESET ERA agent and security products NOTE IF using an RMM tool you can leverage your RMM tool for deployment assistance. If you are using Labtech (Connectwise Automate), Kaseya or Autotask, you ll want to use the deployment tasks that are built in to the plugins for those platforms. To deploy via ERA, hover over Admin toolbox in ERA and click on Deploy ERA Agent a. All-in-one installer will bundle agent and product (windows client OS only) in to a single.exe b. Agent Live Installer will create batch file that will command the endpoint to download the agent from the internet and configure it appropriately i. You also have the ability to convert your batch files to MSI with the included MST at https://package.essetusa.com:8443. This will provide both 32 bit and 64 bit versions c. GPO script will provide an.ini that can be bundled with the agent MSI (if created in step b.i) d. Push from server (available only on local LAN) ESET MSP Getting Started Guide Page 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback