[KB8062] Recommended settings for ESET Server Security for Windows Server installed on a terminal or Citrix server (8.x–9.x)

Issue

  • ESET recommends you configure Citrix and other terminal servers using these parameters when running ESET products

Details


Click to expand


ESET server products can run in virtualized environments (such as Citrix) using default settings. Make a few small changes to minimize the impact on performance ESET products have on your virtual machine.

Normally, ESET Server Security GUI starts up every time a remote user logs onto the server and creates a terminal session. This is usually undesirable on terminal servers.


Solution

Complete the steps below in sequence to achieve the best performance on a server with ESET Server Security for Microsoft Windows Server installed.

  1. Verify that Network protection module is installed
  2. Disable the ESET Server Security graphic user interface (GUI) to prevent it from starting up every time a user logs in
  3. Scan file execution events and local drives only (Citrix servers only)
  4. Add needed exclusions (Citrix servers only)

I. Verify that Network protection module is installed

Server 2008/2008R2 users: There are 2 ways to verify that the Network protection module in ESET Server Security for Microsoft Windows Server is installed.

  • If you have already installed ESET Server Security, enable the Network protection module:

    1. Double-click the installer you used to install ESET Server Security (for example, efsw_nt64.msi) and click Next.

      Figure 1-1
      Click the image to view larger in new window
    2. Click Modify.

      Figure 1-2
      Click the image to view larger in new window
    3. From the product component drop-down menu next to Network Protection, select Entire feature will be installed on local hard drive and click Modify.

      Figure 1-3
      Click the image to view larger in new window
    4. Wait for the installation to finish. In the Setup Web and email section of ESET Server Security, you will now see the Web access protection and Email client protection modules.

      Figure 1-4
      Click the image to view larger in new window
  • If you are installing ESET Server Security for the first time, follow the instructions below to enable the Network Protection module. You can modify installed components anytime by running the installer. This can be done without a server restart. The GUI will restart and you will see only the components you chose to install.

ESET Server Security installation guide

For illustrated instructions to download and install ESET Server Security, see Download, install, and activate ESET Server Security for Microsoft Windows Server.

    1. Double-click the ESET Server Security installer you downloaded (for example, efsw_nt64.msi) and click Next.

      Figure 1-5
      Click the image to view larger in new window
    2. Select Custom and click Next.

      Figure 1-6
      Click the image to view larger in new window
    3. Click the product component drop-down menu option next to Network protection, click Entire feature will be installed on local hard drive and click Next.

      Figure 1-7
      Click the image to view larger in new window
    4. Click Install and wait for the installation to finish. 

      Figure 1-8
      Click the image to view larger in new window

II. Disable the graphic user interface (GUI)

The steps in this section will disable the GUI from launching automatically at startup. However, you can still access the GUI at any time from the Start Menu.

a. Enable silent mode on the server

Assign the Visibility - Silent mode policy on ESET Server Security in ESET PROTECT to enable silent mode on a server.

  1. Open the ESET PROTECT Web Console in your web browser and log in.

  2. Click Policies, expand Built-in Policies, select ESET File Security for Windows Server and select the check box next to Visibility - Silent mode. Click Assign → Assign computers.

    Figure 2-1
    Click the image to view larger in new window
  3. Select the check box next to the computer that you want to assign the policy to and click OK.

    Figure 2-2
    Click the image to view larger in new window

Continue to part III below if you are using a Citrix server.

b. Manually update individual client workstations using ESET Shell.
Check or Change your GUI Mode

If you want to find out what mode is currently used, run the following command in ESET Shell:

get ui ui gui-start-mode

The following commands will change the GUI mode that you are using:

set ui ui gui-start-mode full

set ui ui gui-start-mode none

To see what policies are assigned to a specific group, select that group and click the Policies tab to view a list of policies assigned to the group. For more information about policies, see the Policies chapter in Online Help.

Perform these steps on individual client workstations:

  1. To open ESET Shell click the Start  icon and navigate to ESET. Right-click ESET Shell and select MoreRun as administrator from the context menu. For Windows Server 2012, you can type ESET Shell into the Search field.

    If prompted, type in the username and password for the administrative account. If you are opening ESET Shell for the first time, on your keyboard press the x key to skip the help section.

    Figure 2-3
    Click the image to view larger in new window
  2. Type the following command:

    set ui ui gui-start-mode none

    Figure 2-4
    Click the image to view larger in new window
  3. On your keyboard, press Enter and wait for the command to complete. Close the ESET Shell window.

Continue to part III below if you are using a Citrix server.


III. Scan file execution events and local drives only (Citrix servers only)

  1. To open ESET Server Security, click the Start  icon, navigate to ESET and click ESET File Security.

  2. Press the F5 key to open Advanced Setup.

  3. Click Detection EngineReal-time file system protection from the main menu on the left. Turn off the following four features by clicking the slider bars next to them:

    • Network drives
    • File open
    • File creation
    • Removable media access

    Click OK. Continue to part IV below to add exclusions for a Citrix server.

    Figure 3-1
    Click the image to view larger in new window

IV. Add needed exclusions (Citrix servers only)

  1. To open ESET Server Security, click the Start  icon, navigate to ESET and click ESET Server Security.

  2. Press the F5 key to open Advanced Setup.

  3. Click Detection Engine from the main menu on the left, expand Exclusions, and then click Edit next to Performance exclusions.

    Figure 4-1
    Click the image to view larger in new window
  4. Click Add, in the field next to Path type C:\Program Files\Citrix\ and click OKOKOK.

    To add additional file paths to exclude, type \ at the end of the path. ESET will treat \ as a wildcard, and all children of the original path will be excluded.

    View the Citrix Consolidated list of Antivirus exclusions

    Figure 4-2
    Click the image to view larger in new window

Assistęncia Adicional