[KB3741] Dynamische Gruppen-Templates im ESET Remote Administrator erstellen (6.x)

Problem

  • Erkennen von Client-Computern ohne installierte ESET Endpoint-Produkte

Lösung

Stellen Sie ESET Lösungen automatisch für ungeschützte Clients bereit

Dynamische Gruppen können in Kombination mit Tasks verwendet werden, um ESET Endpoint Security oder ESET Endpoint Antivirus auf ungeschützte Client-Computer zu verteilen. Klicken Sie hier, um eine Schritt-für-Schritt-Anleitung zu erhalten.

ERA 6.5 Benutzerberechtigungen

In diesem Artikel wird davon ausgegangen, dass Ihr ERA-Benutzer über die richtigen Zugriffsrechte und Berechtigungen verfügt, um die folgenden Aufgaben auszuführen.

Wenn Sie weiterhin den standardmäßigen Administrator-Benutzer verwenden oder die folgenden Aufgaben nicht ausführen können (die Option ist ausgegraut), finden Sie im folgenden Artikel eine Anleitung, um einen zweiten Administrator mit allen Zugriffsrechten anzulegen (sie müssen dies nur einmal tun):

Berechtigungen anzeigen, die für den Benutzerzugriff mit der geringsten Berechtigung erforderlich sind

Ein Benutzer muss die folgenden Berechtigungen für seine Stammgruppe haben:

Funktionalität Lesen Benutzen Schreiben
Dynamische Grupen-Templates 

Sobald diese Berechtigungen vorhanden sind, führen Sie die folgenden Schritte aus.

  1. Öffnen Sie die ESET Remote Administrator Web-Konsole (ERA Web-Konsole) in Ihrem Webbrowser und melden Sie sich an.
     
  2. Klicken Sie auf Admin → Dynamische Gruppen-Templates.
     
  3. Wählen Sie ein vorhandenes dynamische Gruppen-Template aus und klicken Sie auf Template bearbeiten, um sie zu bearbeiten, oder klicken Sie auf Neues Template, um eine neues dynamisches Gruppen-Template zu erstellen. Im folgenden Beispiel erstellen wir ein Template für eine dynamische Gruppe, die Computer ohne installierte ESET Endpoint-Software enthält.

Abbildung 1-1
Klicken Sie in das Bild für eine vergrößerte Darstellung in einem neuen Fenster

  1. Geben Sie einen Namen für Ihr neues dynamisches Gruppen-Template in das Feld Name ein.

Abbildung 1-2
Klicken Sie in das Bild für eine vergrößerte Darstellung in einem neuen Fenster

  1. Erweitern Sie Ausdruck, wählen Sie im Dropdown-Menü Vorgang die Option NOR (Alle Bedingungen müssen falsch sein) und klicken Sie auf + Regel hinzufügen. Zusätzlich zu NOR können Sie OR (mindestens eine Bedingung muss wahr sein), NAND (mindestens eine Bedingung muss falsch sein) und AND (alle Bedingungen müssen wahr sein) verwenden, um benutzerdefinierte Ausdrücke zu erstellen. Ein Ausdruck kann mehrere Regeln enthalten.

Abbildung 1-3
Klicken Sie in das Bild für eine vergrößerte Darstellung in einem neuen Fenster

  1. Sie können Regeln erstellen, um Geräte nach verschiedenen Kriterien zu sortieren. Erweitern Sie jeden Abschnitt unten, um weitere Informationen zu den einzelnen Kriterien zu erhalten, nach denen Sie sortieren können. Einige Kriterien werden in mehreren Abschnitten angezeigt, sortieren jedoch Geräte mit derselben Logik.
Kriterien Dynamischer Gruppen anzeigen
Aktivierung
  • Activated by ESET Remote Administrator—Group devices based on whether they were activated, or are not activated by ESET Remote administrator
     
  • Associated seat ID—Group devices based on a specific Seat ID or a range of Seat IDs
     
  • License expiration date—Group devices based on their license expiration date
     
  • License product name—Group devices based on the product named in your product license
     
  • License public ID—Group devices based on the public ID associated with a specific product license
     
  • Log source—Group devices based on their number of log sources
     
  • Managed by ESET Remote Administrator—Group devices based on whether they are or are not managed by ESET Remote Administrator
     
Aktive Bedrohnungen
  • Object URI—Group devices based on the Uniform Resource Indicator associated with a found threat
     
  • Process name—Group devices based on part or all of the process name associated with a found threat
     
  • Restart required—Group devices based on whether they require a restart
     
  • Scan log reference—Group devices based on whether a specific item is referenced in their scan log
     
  • Threat handled—Group devices based on whether a specific threat has been resolved
     
  • Threat name—Group devices based on whether a specific threat was detected
     
  • User—Group devices based on the user currently logged in
     
  • Virus signature database—Group devices based on which virus signature database (VSD) version they are currently using, or whether their VSD was released before or after a specific date
Computer
  • Computer—Group all devices except for a specific computer together, or select a single computer to treat as a group
     
  • Managed products mask—Group devices based on whether they are or are not covered by one of the 13 pre-defined managed product masks
Geräte-IDs
  • Identifier type—Group devices based on the type of identifier they use, FQDN, Computer Name, Computer Workgroup, IMEI or Serial Number
     
  • Identifier value—Group devices based on part or all of a specific identifier value
Geräteinformationen
  • Device manufacturer—Group devices based on manufacturer
     
  • Device model—Group devices based on model
Funktionalität / Schutzstatus
  • Feature—Group devices based on which product feature(s) require attention
     
  • Problem—Group devices based on the error notification ESET is displaying. Select from a list of available error notifications
     
  • Source—Group devices based on the ERA component, client solution, or operating system identified as the source of an issue
     
  • Status—Group devices based on their indicated status. Select from Malfunction, OK, Security Notification, and Security risk
Funktionalität / Schutzstatus des Computers
  • Status—Group devices based on their indicated status. Select from Malfunction, OK, Security Notification, and Security risk
Hardware
  • Running on battery—Group devices based on whether they are discharging (running on battery power), not discharging (running using a power adapter), or not present.
Installierte Software
  • Agent supports uninstall—Group computers with agent versions that support the agent uninstall task
     
  • Application name—Group devices that have a specific application installed or not installed
     
  • Application vendor—Group devices with software from a specific vendor installed
     
  • Application version—Group devices with a specific version of an application
     
  • Device administrator permission—Group devices based on whether you have adminstrator permissions on them or not
     
  • Size in MB—Group devices based on the amount of drive space in MB that is used by software
Angemeldete Benutzer
  • Domain—Group devices based on whether they log in to a specific domain
     
  • Full name—Group devices based on the full name of the device's user
     
  • User name—Group devices based on the name of the user currently logged in
Mobilfunknetz
  • Cellular technology—Group devices based on the cellular network they use
     
  • Home subscriber MCC—Group devices based on their Mobile Country Code (MCC)
     
  • Home subscriber MNC—Group devices based on their Mobile Network Code (MNC)
     
  • Phone number—Group devices based on their phone number
     
  • Roaming subscriber—Group devices based on whether or not they are roaming
     
  • Roaming subscriber MCC—Group devices based on their roaming Mobile Country Code
     
  • Roaming subscriber MNC—Group devices based on their roaming Mobile Network Code
     
  • SIM carrier network—Group devices based on their SIM carrier network
     
  • SIM unique serial number—Group devices based on their SIM unique serial number or a range of SIM serial numbers
Netzwerkadapter
  • Adapter name—Group devices based on the name of the network adapter installed
     
  • MAC address—Group devices based on their MAC address
     
  • Order—Group devices based on whether they are using their primary or secondary network adapter
Netzwerk-DNS-Server
  • IP DNS server—Group devices based on their use of a specific DNS server IP address or an address within a specified range
     
  • MAC address—Group devices based on their MAC address or a range of MAC addresses
     
  • Order—Group devices based on whether they are using their primary or secondary DNS server
Netzwerk-Gateways
  • IP gateway—Group devices based on the IP of the network gateway they use
     
  • MAC address—Group devices based on their MAC address or a range of MAC addresses
Netzwerk-IP-Adressen
  • Adapter IP address—Group devices based on their network adapter IP address
     
  • Adapter subnet mask—Group devices based on the subnet mask they use
     
  • Address type—Group devices based on whether they use an IPv4 or IPv6 address
     
  • IP subnetwork—Group devices based on their IP subnetwork
     
  • MAC address—Group devices based on their MAC address
     
  • Order—Group devices based on whether they are using their primary or secondary network IP address
Netzwerk-WINS-Server
  • IP WINS server—Group devices based on the IP address of the WINS server they use
     
  • MAC address—Group devices baed on their MAC address
     
  • Order—Group devices based on whether they are using their primary or secondary WINS server
Betriebssystem-Edition
  • OS name—Group devices based on the name of the operating system they use
     
  • OS platform—Group devices based on the platform of the operating system they use
     
  • OS service pack—Group devices based on whether they use a specific service pack or range of service packs
     
  • OS type—Group devices based on the type of operating system they use
     
  • OS version—Group devices based on the version of the operating system they use
Betriebssystem Lokalisierungen
  • OS language—Group devices based on the language of the OS they use
     
  • OS locale—Group devices based on the locale of the OS they use
Peer-Zertifikat
  • Issuer—Group devices based on the isuer of their peer certificate
     
  • Product—Group devices based on the product associated with their peer certificate
     
  • Serial number—Group devices based on the serial number of their peer certificate
     
  • Status—Group devices based on whether their peer certificate is valid, invalid, going to expire, going to be invalidated, or the CA used the sign the certificate is going to expire
     
  • Subject—Group devices based on the subject specified in their peer certificate. For example, you could assign different subjects to certificates based on office location, and then group devices based on this information
     
  • Valid from—Group devices based on the start date for validity of their peer certificate
     
  • Valid till—Group devices based on when their peer certificate is going to expire
Performance
  • Idle state—Group devices based on whether they are or are not in an idle state
Quarantäne
  • Excludable—Group devices based on whether items in the quarantine can be excluded from scanning
     
  • Hash—Group devices based on the hash of items in the quarantine
     
  • Hits—Group devices bsed on whether they have a specific number of quarantined items, or have more or less than that number of items
     
  • Object name—Group devices based on whether an object with a specific name is quarantined
     
  • Restorable—Group devices based on whether items in the quarantine can be restroed to their original location(s)
     
  • Size—Group devices based on whether items in the quarantine can be restored to their original location(s)
     
  • Threat name—Group devices based on whether a specific threat is quarantined
     
  • Time of first occurrence—Group devices based on the time that a given threat was first quarantined
     
  • Time of last occurrence—Group devices based on the time that a given item was last quarantined
Spam-Top-Domains
  • Count—Group devices based on whether they have received a certain number of spam emails from a given domain
     
  • Domain—Group devices that log on to domains associated with the highest number of spam messages
Spam-Empfänger
  • Count—Group devices based on whether they have received a certain number of spam emails
     
  • Recipient—Group devices that receive the highest amount of spam email
Spam-Absender
  • Count—Group devices that have sent a certain number of spam emails
     
  • Sender—Group devices that send the highest number of spam emails
Speichergeräte
  • Storage capacity [MB]—Group devices based on storage capacity in MB
     
  • Storage encryption status—Group devices based on whether they use encrypted or un-encrypted storage
     
  • Storage ID—Group devices based on the ID of their primary storage device
     
  • Storage type—Group devices based on the presence of a specific type of storage. Select Compact disc, Local disk, Network drive, Removable disk, or unknown drive type
Speicherkapazität
  • Free space [%]—Group devices based on the amount of free space available in percent
     
  • Free space [MB]—Group devices based on the amount of free drive space available in MB
     
  • Storage Id—Group devices based on the ID of their primary storage device
Zeitzone
  • Time zone—Group devices based on the time zone they use
     
  • Time zone offset [minutes]—Group devices based on the time zone offset they use in minutes

Erweitern Sie zum Beispiel Installierte Software, wählen Sie Anwendungsname und klicken Sie dann auf OK.

Abbildung 1-4

 

  1. Wählen Sie Hat Präfix aus dem Dropdown-Menü aus und geben Sie ESET Endpoint in das leere Feld ein. Dieser Ausdruck erkennt alle Anwendungen mit einem Namen, der mit ESET Endpoint beginnt.
     
  2. Klicken Sie auf Fertig stellen, wenn Sie mit den Änderungen fertig sind. ERA erkennt automatisch, wenn ein neuer Computer die in einer Vorlage für dynamische Gruppen definierten Kriterien erfüllt und fügt sie der entsprechenden dynamischen Gruppe hinzu.

Abbildung 1-5
Klicken Sie in das Bild für eine vergrößerte Darstellung in einem neuen Fenster

 

Zusätzliche Hilfestellung