Issue

• ESET recommends you configure Citrix and other terminal servers using these parameters when running ESET products
• Disable all Citrix API hooks on a per-application basis

Details

Solution

Complete the steps below in sequence to achieve the best performance on a server with ESET Server Security for Microsoft Windows Server installed.

1. Verify that Network protection module is installed
2. Disable the ESET Server Security graphic user interface (GUI) to prevent it from starting up every time a user logs in
3. Scan file execution events and local drives only (Citrix servers only)
4. Add needed exclusions (Citrix servers only)

I. Verify that Network protection module is installed

Server 2008/2008R2 users: There are 2 ways to verify that the Network protection module in ESET Server Security for Microsoft Windows Server is installed.

• If you have already installed ESET Server Security, enable the Network protection module:

1. Double-click the installer you used to install ESET Server Security (for example, efsw_nt64.msi) and click Next.

   

2. Click Modify.

   

3. From the product component drop-down menu next to Network Protection, select Entire feature will be installed on local hard drive and click Modify.

   

4. Wait for the installation to finish. In the Setup → Web and email section of ESET Server Security, you will now see the Web access protection and Email client protection modules.

   

• If you are installing ESET Server Security for the first time, follow the instructions below to enable the Network Protection module. You can modify installed components anytime by running the installer. This can be done without a server restart. The GUI will restart and you will see only the components you chose to install.

1. Double-click the ESET Server Security installer you downloaded (for example, efsw_nt64.msi) and click Next.

   

2. Select Custom and click Next.

   

3. Click the product component drop-down menu option next to Network protection, click Entire feature will be installed on local hard drive and click Next.

   

4. Click Install and wait for the installation to finish. 

   

II. Disable the graphic user interface (GUI)

The steps in this section will disable the GUI from launching automatically at startup. However, you can still access the GUI at any time from the Start Menu.

a. Enable silent mode on the server

Assign the Visibility - Silent mode policy on ESET Server Security in ESET PROTECT to enable silent mode on a server.

1. Open the ESET PROTECT Web Console in your web browser and log in.

2. Click Policies, expand Built-in Policies, select ESET File Security for Windows Server and select the check box next to Visibility - Silent mode. Click Assign → Assign computers.

   

3. Select the check box next to the computer that you want to assign the policy to and click OK.

   

Continue to part III below if you are using a Citrix server.

b. Manually update individual client workstations using ESET Shell.

To see what policies are assigned to a specific group, select that group and click the Policies tab to view a list of policies assigned to the group. For more information about policies, see the Policies chapter in Online Help.

Perform these steps on individual client workstations:

1. To open ESET Shell click the Start  icon and navigate to ESET. Right-click ESET Shell and select More → Run as administrator from the context menu. For Windows Server 2012, you can type ESET Shell into the Search field.

   If prompted, type in the username and password for the administrative account. If you are opening ESET Shell for the first time, on your keyboard press the x key to skip the help section.

   

2. Type the following command:

   set ui ui gui-start-mode none

   

3. On your keyboard, press Enter and wait for the command to complete. Close the ESET Shell window.

Continue to part III below if you are using a Citrix server.

III. Scan file execution events and local drives only (Citrix servers only)

1. To open ESET Server Security, click the Start  icon, navigate to ESET and click ESET File Security.

2. Press the F5 key to open Advanced Setup.

3. Click Detection Engine → Real-time file system protection from the main menu on the left. Turn off the following four features by clicking the slider bars next to them:

   • Network drives
   • File open
   • File creation
   • Removable media access
     
     

   Click OK. Continue to part IV below to add exclusions for a Citrix server.

   

IV. Add needed exclusions (Citrix servers only)

1. To open ESET Server Security, click the Start  icon, navigate to ESET and click ESET Server Security.

2. Press the F5 key to open Advanced Setup.

3. Click Detection Engine from the main menu on the left, expand Exclusions, and then click Edit next to Performance exclusions.

   

4. Click Add, in the field next to Path type C:\Program Files\Citrix\ and click OK → OK → OK.

   To add additional file paths to exclude, type \ at the end of the path. ESET will treat \ as a wildcard, and all children of the original path will be excluded.

   View the Citrix Consolidated list of Antivirus exclusions