[KB6858] Supported settings in VDI environments using ESMC (7.x) and ESET PROTECT (8.x)

Issue

Details

ESET Security Management Center is renamed to ESET PROTECT

The ESET Security Management Center (ESMC) is renamed to ESET PROTECT starting with version 8.0. In this article, when writing about ESET PROTECT, the information is valid for ESET PROTECT Cloud and ESMC unless explicitly stated otherwise.

Supported environments:

  • Citrix PVS 7.0+ physical machines
  • Citrix PVS 7.0+ virtual machines in Citrix XenServer 7+
  • Citrix PVS 7.0+  and Citrix XenDesktop with Citrix XenServer 7+
  • (without PVS) Citrix XenDesktop with Citrix XenServer 7+
  • VMWare Horizon 7.x and 8.0 with VMWare ESXi, instant clones are not supported
  • Microsoft SCCM (for re-imaging)
Other environments may be functional as well, but were not tested.

Solution

VMware Horizon

  • The setting Delete or refresh machine on logoff:
    • Never - this option is supported.
    • Delete immediately - this option is not currently supported in ESET PROTECT. VMware creates a machine with a new name and old hardware, this causes ESET PROTECT to create a new machine in the Web Console.
    • Refresh Immediately - The notification about recovery of identity (Events on managed computers → Computer identity recovered) may not function properly. It is due to the way VMware optimizes the manipulation with images. VMware sometimes uses the previous identity, which can cause the notification to not work. The assigning of the identities of such clones in ESET PROTECT is functioning correctly.

Figure 1-1

 
  • Instant clones are not supported with ESET PROTECT. Full clones and Linked clones are supported.
     

Figure 1-2

  • Actions over a pool of machines:
    • Using Refresh over a pool of machines is supported in ESET PROTECT, however the notification about the recovery of identity (Events on managed computers → Computer identity recovered) may not function properly.
    • Rebalance - supported in ESET PROTECT.
    • Operation Recompose changes the serial numbers of virtual drives. If there are more virtual dives mounted, it can cause ESET PROTECT to create new machine identities in the Web Console. Check your machines in the Web Console after running the Recompose.

Figure 1-3

Microsoft SCCM

If you use SCCM for re-imaging of machines with ESET Management Agent, the Agent must be installed in the Windows reference image. The following conditions must be met to create a fully functional reference image with ESET Management Agent:

  • Allowed local administrator has a blank password
  • Computer must be a member of Workgroup; not be in a domain 
  • SCCM agent cannot be installed
  • Requesting strong passwords must be turned off
  • ESET Management Agent must be installed on the system and have connected at least twice to ESET PRTOECT server, or the cloud instance, before creating the image

All conditions mentioned above must be met only during the creation of the reference image. After the image is deployed, you can change them on the target machine.

If the installation of the ESET Management Agent is included in the task sequence, ESET PROTECT creates a new machine identity in the Web Console after each re-imaging.