[KB3741] Create dynamic group templates in ESET Remote Administrator (6.x)
Issue
ESET business product no longer supported
This article applies to an ESET product version that is currently in End of Life status and is no longer supported. The content in this article is no longer updated.
This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.
If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):
Select an existing dynamic group Template and click Edit Template, or click New Template to create a new dynamic group Template. In the following example, we'll create a template for a dynamic group that contains computers without ESET endpoint solutions installed.
Figure 1-1 Click the image to view larger in new window
Type a name for your new dynamic group Template into the Name field.
Figure 1-2 Click the image to view larger in new window
Expand Expression, select NOR (All conditions have to be false) from the Operation drop-down menu and click + Add Rule. In addition to NOR, you can use the OR(at least one condition has to be true), NAND (At least one condition has to be false), and And (All conditions have to be true) operations to create custom expressions. An expression can contain multiple rules.
Figure 1-3 Click the image to view larger in new window
You can create rules to sort devices by a variety of criteria. Expand each section below for more information about each of the criteria you can sort by. Some criteria appear in multiple sections but sort devices using the same logic.
Object URI—Group devices based on the Uniform Resource Indicator associated with a found threat
Process name—Group devices based on part or all of the process name associated with a found threat
Restart required—Group devices based on whether they require a restart
Scan log reference—Group devices based on whether a specific item is referenced in their scan log
Threat handled—Group devices based on whether a specific threat has been resolved
Threat name—Group devices based on whether a specific threat was detected
User—Group devices based on the user currently logged in
Detection Engine—Group devices based on which Detection engine version they are currently using, or whether their Detection engine was released before or after a specific date
Running on battery—Group devices based on whether they are discharging (running on battery power), not discharging (running using a power adapter), or not present.
Issuer—Group devices based on the isuer of their peer certificate
Product—Group devices based on the product associated with their peer certificate
Serial number—Group devices based on the serial number of their peer certificate
Status—Group devices based on whether their peer certificate is valid, invalid, going to expire, going to be invalidated, or the CA used the sign the certificate is going to expire
Subject—Group devices based on the subject specified in their peer certificate. For example, you could assign different subjects to certificates based on office location, and then group devices based on this information
Valid from—Group devices based on the start date for validity of their peer certificate
Valid till—Group devices based on when their peer certificate is going to expire
Storage capacity [MB]—Group devices based on storage capacity in MB
Storage encryption status—Group devices based on whether they use encrypted or un-encrypted storage
Storage ID—Group devices based on the ID of their primary storage device
Storage type—Group devices based on the presence of a specific type of storage. Select Compact disc, Local disk, Network drive, Removable disk, or unknown drive type
Time zone—Group devices based on the time zone they use
Time zone offset [minutes]—Group devices based on the time zone offset they use in minutes
For example, expand Installed software, select Application name and then click OK.
Figure 1-4
Select has prefix from the drop-down menu and type ESET Endpoint into the blank field. This expression will recognize any application with a name that begins with ESET Endpoint.
Click Finish when you are finished making changes. If you are editing a template associated with an existing dynamic group, ERA will automatically recognize when a new computer meets the criteria defined in a Dynamic Group template and add it to the appropriate Dynamic Group.
If this is a new template, create dynamic group using the template you just created.
Figure 1-5 Click the image to view larger in new window