If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.
Click More → Dynamic Group Templates. Select an existing dynamic group Template and click Edit Template to edit it, or click New Template to create a new dynamic group Template.
Figure 1-1
Type a name for your new dynamic group Template into the Name field.
Figure 1-2
Click Expression, select NOR (All conditions have to be false) from the Operation drop-down menu and click Add Rule. In addition to NOR, you can use the OR(at least one condition has to be true), NAND (At least one condition has to be false), and And (All conditions have to be true) operations to create custom expressions. An expression can contain multiple rules.
Figure 1-3
You can create rules to sort devices by a variety of criteria. Some criteria appear in multiple sections but sort devices using the same logic.
Detection Engine—Group devices based on which Detection engine version they are currently using, or whether their Detection engine was released before or after a specific date
First seen time
Hash of detected file
Object URI—Group devices based on the Uniform Resource Indicator associated with a found threat
Process name—Group devices based on part or all of the process name associated with a found threat
Restart required—Group devices based on whether they require a restart
Scan log reference—Group devices based on whether a specific item is referenced in their scan log
Threat handled—Group devices based on whether a specific threat has been resolved
Threat name—Group devices based on whether a specific threat was detected
Threat type
User—Group devices based on the user currently logged in
Running on battery—Group devices based on whether they are discharging (running on battery power), not discharging (running using a power adapter), or not present.
Issuer—Group devices based on the issuer of their peer certificate
Product—Group devices based on the product associated with their peer certificate
Serial number—Group devices based on the serial number of their peer certificate
Status—Group devices based on whether their peer certificate is valid, invalid, going to expire, going to be invalidated, or the CA used the sign the certificate is going to expire
Subject—Group devices based on the subject specified in their peer certificate. For example, you could assign different subjects to certificates based on office location, and then group devices based on this information
Valid from—Group devices based on the start date for the validity of their peer certificate
Valid till—Group devices based on when their peer certificate is going to expire
Storage capacity [MB]—Group devices based on storage capacity in MB
Storage encryption status—Group devices based on whether they use encrypted or un-encrypted storage
Storage ID—Group devices based on the ID of their primary storage device
Storage type—Group devices based on the presence of a specific type of storage. Select Compact disc, Local disk, Network drive, Removable disk, or unknown drive type
Time zone—Group devices based on the time zone they use
Time zone offset [minutes]—Group devices based on the time zone offset they use in minutes
For example, expand Installed software, select Application name and then click OK.
Figure 1-4
Select has prefix from the drop-down menu and type ESET Endpoint Security into the blank field. This expression will recognize any application with a name that begins with ESET Endpoint Security.
Click Finish when you are finished making changes. If you are editing a template associated with an existing dynamic group, ESET PROTECT will automatically recognize when a new computer meets the criteria defined in a Dynamic Group template and add it to the appropriate Dynamic Group.