If you use the default Administrator user or are unable to perform the tasks below (the option is unavailable), create a second administrator user with all access rights.
Click More → Dynamic Group Templates. Click New Template to create a new Dynamic Group Template. You can also select an existing Dynamic Group Template and click Edit Template to edit it.
Type a name for your new Dynamic Group Template into the Name field.
Click Expression, select NOR (All conditions have to be false) from the Operation drop-down menu and click Add Rule. In addition to NOR, you can use the OR(at least one condition has to be true), NAND (At least one condition has to be false),and And (All conditions have to be true) operations to create custom expressions. An expression can contain multiple rules.
You can create rules to sort devices by a variety of criteria. Some criteria appear in multiple sections but sort devices using the same logic.
View Dynamic Group Criteria
Activation
Activated by ESET PROTECT—Group devices based on whether they were activated or are not activated by ESET PROTECT or ESET PROTECT On-Prem
License expiration date—Group devices based on their license expiration date
License flags
License model status
License model type
License product code
License product name—Group devices based on the product name in your product license
License public ID—Group devices based on the public ID associated with a specific product license
License renewal period
License type
Location ID
Product code
Seat name
Active detections
Detection engine—Group devices based on which Detection engine version they are currently using or whether their Detection engine was released before or after a specific date
Detection handled
Detection name
Detection type
First seen time
Hash of detected file
Object URI—Group devices based on the Uniform Resource Indicator associated with a found threat
Process name—Group devices based on part or all of the process names associated with a found threat
Restart required—Group devices based on whether they require a restart
Scan log reference—Group devices based on whether a specific item is referenced in their scan log
User—Group devices based on the user currently logged in
Computer
Computer—Group all devices except for a specific computer together, or select a single computer to treat as a group
Managed products mask—Group devices based on whether they are or are not covered by one of the pre-defined managed product masks
Device identifiers
Identifier type—Group devices based on the type of identifier they use, FQDN, Computer Name, Computer Workgroup, IMEI or Serial Number
Identifier value—Group devices based on part or all of a specific identifier value
Functionality/Protection problems
Feature—Group devices based on which product features require attention
Problem—Group devices based on the error notification ESET is displaying. Select from a list of available error notifications
Source—Group devices based on the ESET PROTECT component, client solution, or operating system identified as the source of an issue
Status—Group devices based on their indicated status. Select from Malfunction, OK, Security Notification, and Security risk
Functionality/Protection status
Source—Group devices based on the ESET PROTECT component, client solution, or operating system identified as the source of an issue
Status—Group devices based on their indicated status. Select from Malfunction, OK, Security Notification, and Security risk
Functionality/Protection status of computer
Status—Group devices based on their indicated status. Select from Malfunction, OK, Security Notification, and Security risk
Hardware
Running on battery—Group devices based on whether they are discharging (running on battery power), not discharging (running using a power adapter), or not present.
HW inventory/Chasis
Description
Identifier
Manufacturer—Group devices based on the manufacturer
Serial number
Type
HW inventory/Device information
Device manufacturer
Device model
Firmware type
Firmware version
Serial number
Trusted Platform Module (TPM) Version
HW inventory/Display
Description
Identifier
Manufacturer
Serial number
HW inventory/Display adapter
Architecture type
Description
Identifier
Manufacturer
Memory size [MB]
Memory type
Refresh rate (max) [Hz]
HW inventory/Input device
Description
Identifier
Manufacturer
Type
HW inventory/Mass storage
Description
Hardware Encryption Status
Identifier
Manufacturer
Serial number
Storage capacity [MB]
Type
HW inventory/Network adapter
Connection name
Description
Identifier
MAC address
Manufacturer
Type
HW inventory/Printer
Description
Identifier
Location type
Marking type
Printing type
Resolution (horizontal - vertical) [pixels per inch]
HW inventory/Processor
Architecture type
Clock speed [MHz]
Description
Identifier
Manufacturer
Number of cores
Number of logical cores
HW inventory/RAM
Architecture type
Capacity [MB]
Clock speed [Hz]
Description
Identifier
Manufacturer
Serial number
HW inventory/Sound device
Description
Identifier
Manufacturer
Installed software
Agent supports uninstall—Group computers with agent versions that support the agent uninstall task
Application name—Group devices that have a specific application installed or not installed
Application vendor—Group devices with software from a specific vendor installed
Application version—Group devices with a specific version of an application
Device administrator permission—Group devices based on whether you have administrator permissions on them or not
Size in MB—Group devices based on the amount of drive space in MB that is used by software
Last boot time
Last boot time
Logged users
Domain—Group devices based on whether they log in to a specific domain
Full name—Group devices based on the full name of the device's user
Username—Group devices based on the name of the user currently logged in
Mobile network
Cellular technology—Group devices based on the cellular network they use
Home subscriber MCC—Group devices based on their Mobile Country Code (MCC)
Home subscriber MNC—Group devices based on their Mobile Network Code (MNC)
Phone number—Group devices based on their phone number
Roaming subscriber—Group devices based on whether or not they are roaming
Roaming subscriber MCC—Group devices based on their roaming Mobile Country Code
Roaming subscriber MNC—Group devices based on their roaming Mobile Network Code
SIM carrier network—Group devices based on their SIM carrier network
SIM unique serial number—Group devices based on their SIM unique serial number or a range of SIM serial numbers
Network adapters
Adapter name—Group devices based on the name of the network adapter installed
MAC address—Group devices based on their MAC address
Order—Group devices based on whether they are using their primary or secondary network adapter
Network DNS servers
IP DNS server—Group devices based on their use of a specific DNS server IP address or an address within a specified range
Order—Group devices based on whether they are using their primary or secondary DNS server
Network gateways
IP gateway—Group devices based on the IP of the network gateway they use
Network IP addresses
Adapter IP address—Group devices based on their network adapter IP address
Adapter subnet mask—Group devices based on the subnet mask they use
Address type—Group devices based on whether they use an IPv4 or IPv6 address
IP subnetwork—Group devices based on their IP subnetwork
MAC address—Group devices based on their MAC address
Order—Group devices based on whether they are using their primary or secondary network IP address
Network WINS servers
IP WINS server—Group devices based on the IP address of the WINS server they use
Order—Group devices based on whether they are using their primary or secondary WINS server
OS edition
OS build number
OS name—Group devices based on the name of the operating system they use
OS platform—Group devices based on the platform of the operating system they use
OS service patch
OS service pack—Group devices based on whether they use a specific service pack or range of service packs
OS type—Group devices based on the type of operating system they use
OS version—Group devices based on the version of the operating system they use
OS locale
OS language—Group devices based on the language of the OS they use
OS locale—Group devices based on the locale of the OS they use
Peer certificate
Issuer—Group devices based on the issuer of their peer certificate
Product—Group devices based on the product associated with their peer certificate
Serial number—Group devices based on the serial number of their peer certificate
Status—Group devices based on whether their peer certificate is valid, invalid, going to expire, going to be invalidated, or the CA used the sign the certificate is going to expire
Subject—Group devices based on the subject specified in their peer certificate. For example, you could assign different subjects to certificates based on office location and then group devices based on this information
Valid from—Group devices based on the start date for the validity of their peer certificate
Valid till—Group devices based on when their peer certificate is going to expire
Performance
Idle state—Group devices based on whether they are or are not in an idle state
Quarantine
Detection name
Excludable—Group devices based on whether items in the quarantine can be excluded from scanning
Hash—Group devices based on the hash of items in the quarantine
Hits—Group devices based on whether they have a specific number of quarantined items or have more or less than that number of items
Object name—Group devices based on whether an object with a specific name is quarantined
Restorable—Group devices based on whether items in the quarantine can be restored to their original locations
Size—Group devices based on whether items in the quarantine can be restored to their original locations
Time of first occurrence—Group devices based on the time that a given threat was first quarantined
Time of last occurrence—Group devices based on the time that a given item was last quarantined
Spam top domains
Count—Group devices based on whether they have received a certain number of spam emails from a given domain
Domain—Group devices that log in to domains associated with the highest number of spam messages
Spam top recipients
Count—Group devices based on whether they have received a certain number of spam emails
Recipient—Group devices that receive the highest amount of spam email
Spam top senders
Count—Group devices that have sent a certain number of spam emails
Sender—Group devices that send the highest number of spam emails
Storage devices
Storage capacity [MB]—Group devices based on storage capacity in MB
Storage encryption status—Group devices based on whether they use encrypted or un-encrypted storage
Storage Id—Group devices based on the ID of their primary storage device
Storage type—Group devices based on the presence of a specific type of storage. Select Compact disc, Local disk, Network drive, Removable disk, or unknown drive type
Storage devices capacity
Free space [%]—Group devices based on the amount of free space available in percent
Free space [MB]—Group devices based on the amount of free drive space available in MB
Storage Id—Group devices based on the ID of their primary storage device
Time zone
Time zone—Group devices based on the time zone they use
Time zone offset [minutes]—Group devices based on the time zone offset they use in minutes
For example, expand Installed software, select Application name and click OK.
Select has prefix from the drop-down menu and type ESET Endpoint Security into the blank field. This expression will recognize any application with a name that begins with ESET Endpoint Security. Click Finish when you are finished making changes.
If you edit a template associated with an existing dynamic group, ESET PROTECT or ESET PROTECT On-Prem will automatically recognize when a new computer meets the criteria defined in a Dynamic Group template and add it to the appropriate Dynamic Group.