[KB7930] Enable and apply Advanced security on your network using ESET PROTECT On-Prem

Issue

Details

Click to expand
  • ESET PROTECT Server installation has Advanced security enabled by default
  • Newly created certificates and Certification Authorities use SHA-256 (instead of SHA-1)
  • ESET PROTECT Server uses the latest TLS (TLS 1.2) for communication with Agents
  • Advanced Security enforces the use of TLS 1.2 for Syslog and SMTP communication

Solution

Minimum compatibility requirements for Advanced security

  • Before enabling Advanced security, ensure all your client computers can communicate via TLS 1.2
  • Supported operating systems: Windows, Linux, or macOS
  • To enable the Advanced security feature, you must restart the ESET PROTECT Server service twice

Advanced security does not affect the existing Certification Authorities and certificates, only the new Certification Authorities and certificates created after Advanced security is enabled. To apply Advanced security in your existing ESET PROTECT On-Prem infrastructure, replace the existing certificates.

Enable Advanced security in ESET PROTECT On-Prem

Resolve Peer Certificate notification

Users may receive the Peer Certificate notification if all of the following are true:

  • ESET Management Agent was originally installed with version 8.0 or earlier and was updated to ESET Management Agent version 8.1 or later
  • Agents were moved to SHA-2 certificates

  2. Click MoreSettings. Click the toggle next to Advanced security (requires restart!) to enable it. Click Save.

  3. Close the ESET PROTECT Web Console and restart the ESET PROTECT Server service.

  4. Wait a few minutes after the service starts, and log in to the ESET PROTECT Web Console.

  5. Verify that all computers are still connecting and that no other problems have occurred.

  6. Create a new Certification Authority. The public part of the Certification Authority is automatically sent to all client computers during the next Agent-to-Server connection.

  7. Create new peer certificates signed with the new Certification Authority. Create a peer certificate for Agent and one for Server (select the applicable value in the Component drop-down menu in step 2 of the linked process).

  8. Apply the new Agent certificate and assign the policy to the computers where you want to use the Advanced security.

    Minimize the risk of orphaning client computers

    To minimize the risk of orphaning client computers, apply the changes to a test computer before applying them to all target computers.

  9. After all devices have connected to the new certificate, replace the current Server certificate with the new Server certificate. In the ESET PROTECT Web Console, click MoreSettingsChange Certificate.

  10. Click Open certificate list.

  11. Select the new Server certificate and click OKOKSave.

  12. Restart the ESET PROTECT Server.
Last Updated: Jan 26, 2026

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?