[KB6858] Supported settings in VDI environments using ESET PROTECT and ESET PROTECT On-Prem

Issue

Solution

Before you proceed

Information in this article is valid for ESET PROTECT and ESET PROTECT On-Prem, unless explicitly stated otherwise.

If the information is valid for all three abovementioned products, they are referred to as ESET remote management products.

ESET Security Management Center End of Life

ESET Security Management Center reached End of Life in December 31, 2022.

ESET Online Help guide for ESET Security Management Center is no longer available.

Supported environments

  • Citrix PVS 7.15+ with physical machines
  • Citrix PVS 7.15+ with virtual machines in Citrix XenServer 7.15+
  • Citrix PVS 7.15+ and Citrix XenDesktop with Citrix XenServer 7.15+
  • Citrix Machine Creation Services
  • (without PVS) Citrix XenDesktop with Citrix XenServer 7.15+
  • VMware Horizon 8.0+ with VMware ESXi
  • Microsoft SCCM (for re-imaging)

Other environments may be functional as well but were not tested.


VMware Horizon

  • Delete or refresh machine on logoff setting:

    • Never – this option is supported.
    • Delete Immediately – this option is not currently supported. VMware creates a machine with a new name and old hardware, which causes the ESET remote management products to create a new machine in their respective Web Console.
    • Refresh Immediately – The notification about identity recovery (see ESET PROTECT On-Prem or ESET PROTECT documentation) may not function properly. It is due to the way VMware optimizes the manipulation with images. VMware sometimes uses the previous identity, which can cause the notification to not work. The assigning of the identities of such clones in ESET remote management products is functioning correctly.

      Figure 1-1
  • Full virtual machines and View Composer linked clones are supported. Instant clones are now supported in ESET PROTECT On-Prem 8.1 and later and in ESET PROTECT.

    Figure 1-2
  • Actions over a pool of machines:

    • Using Refresh over a pool of machines is supported in ESET remote management products. However, the Computer Identity Recovered notification about identity recovery (see ESET PROTECT On-Prem or ESET PROTECT documentation) may not function properly.
    • The Recompose option changes the serial numbers of virtual drives. If there are more virtual dives mounted, it can cause ESET remote management products to create new machine identities in their respective Web Console. Verify your machines in the respective Web Console after running the Recompose.
    • Rebalance – this option is not supported.

      Figure 1-3

Microsoft SCCM

If you use SCCM for re-image machines with ESET Management Agent, the Agent must be installed in the Windows reference image.

The following conditions must be met to create a fully functional reference image with ESET Management Agent:

  • Allowed local administrator has a blank password
  • Computer must be a member of Workgroup (not being in a domain)
  • SCCM agent cannot be installed
  • Requesting strong passwords must be turned off
  • ESET Management Agent must be installed on the system and have connected at least twice to ESET remote management product server or the cloud instance, before creating the image.
    The above mentioned conditions must be met

    All conditions mentioned above must be met only during the creation of the reference image. After the image is deployed, you can change them on the target machine.

If the installation of the ESET Management Agent is included in the task sequence, ESET remote management products create a new machine identity in their respective Web Console after each re-imaging.