ESET NOD32 ANTIVIRUS - FOR WINDOWS ADMINISTRATOR User Manual

NOD32 for Windows
Administrator

NOD32 Remote
Administrator

User’s guide

w e p r o t e c t d i g i t a l w o r l d s

2

content

chapter 1.

Basic network features of NOD32 for Windows ................5

chapter 2.

Centralized management –

NOD32 Remote Administrator .......................................13

chapter 3.

Remote installation .......................................................25

chapter 4.

Tasks, typical examples .................................................31

chapter 5.

Large hierarchical networks – replications ....................35

chapter 6.

Summary of information ...............................................39

Copyright © Eset, spol. s r. o.
All rights reserved.

No part of this document may be reproduced or
transmitted in any form or by any means electronic
or mechanical, for any purpose without the express
written permission of Eset, spol. s r. o. Information
in this document is subject to change without prior
notice.

Certain names of program products and company
names used in this
document might be registered trademarks or
trademarks owned by other entities.

Eset, NOD32 and AMON are trademarks of Eset, spol.
s r. o.
Microsoft and Windows are registered trademarks of
Microsoft Corporation.

Eset, spol. s r. o.
Svoradova 1, 811 03 Bratislava, Slovak Republic

http://www.eset.sk/en

Technical Support Worldwide:
http://www.eset.com/support
Technical Support for Europe:
http://www.eset.sk/en/support

3

INTRODUCTION

The NOD32 Antivirus system oers a wide range of
tools, which make running and managing both smaller
and larger company networks easier.

Even the multi-license NOD32 for Windows oers
the basic network services. Especially a feature called Mi­rror, which serves to decrease trac across your Internet
LAN connection. Client workstations, with NOD32 instal­led, will not download updates directly from the manu­facturer (Eset company), but from a local update server,
which is located in the same LAN. Using a Mirror, you can
congure all NOD32 system settings. Thus you can recon­gure NOD32 settings on all workstations “en bloc“.

In addition, NOD32 for Windows itself, or the control
module NOD32 Control Center, can inform the ad­ministrator about virus or other problems on workstati­ons via electronic mail or Windows Messenger.

NOD32 Enterprise Edition oers much more. It in­cludes NOD32 for Windows and NOD32 Remote Adminis­trator.

NOD32 Remote Administrator serves to ma­nage the NOD32 antivirus system in large computer ne­tworks. Thanks to NOD32 Remote Administrator,
you can get a global overview of the NOD32 antivirus sys­tem activity on network workstations together with in­formation about eventual inltration. The information

retrieved from the workstations (from the NOD32 for Win­dows, or the NOD32 Control Center module) are
stored centrally on the server (NOD32 Remote Ad-
ministrator – RAS), and the network administrator
can access them at once using the user-friendly graphical
interface of the console (NOD32 Remote Adminis-
trator Console – RAC). The communication takes
place also in the opposite direction and administrator can
thus immediately react to newly-created situations, and
assign tasks to the NOD32 Antivirus System on the client
workstations.

Because a lot of information, which may be dicult
to remember is to follow, at the end of the manual you
can nd a summary of the most important issues.

Chapter 1:

Basic network features of
NOD32 for Windows

1 Basic network features of NOD32 for Windows

6

Mirror server

Workstation

Workstation

Workstation

Workstation

Internet

Mirror

Mirror is available in two versions:

• mirror as a shared network folder

• mirror as an HTTP server
and its setup is available from NOD32 Control

Center.

When you create the Mirror as an HTTP server, one PC

serves for downloading updates from Eset`s servers, and
as a NOD32 update server for the other workstations in
the LAN at the same time. This version is easier to con­gure and is not limited by the number of licenses of the
le server, which is required by the rst version for access
to the shared folder.

HTTP Server is a direct part of NOD32 2.5 administra-

tor version and by default runs on port 8081.

If the Mirror is created as a shared folder, then its prin-

ciple lies in distribution of updates across the network,
using a shared network folder. In contrast to the rst me­thod (HTTP server), a computer creating a Mirror does not
have to be a server, to which the other workstations con­nect to download updates at the same time.

Figure 1 Principle of a Mirror: The company server downloads updates from the Internet, and workstati

­ons update from this local server. The Mirror thus decreases trac across your Internet connection, becau­se the workstations download update les from the local server, and not from the Internet. Update pro­cess is initialized by Mirror server (Update from the Internet) and workstations (update from Mirror Ser­ver) in regular intervals.

7

chapter 1 / Basic network features of NOD32 for Windows

Model installation of Mirror
as an HTTP server

1. In the NOD32 Control Center choose Mirror and on the

right, click on the Setup button.

2. Check Create update and also Enable access to les

to perform program component upgrade. In the up­per part, choose those versions of NOD32, for which
updates will be downloaded from the Internet. All

versions that will be running on the workstati­ons should be checked. Into the dialog box Upda-

te mirror folder, enter a path to the folder, where the
update les will be downloaded and later presen­ted by the HTTP server. For example the path can be
C:\ OD32LAN.

3. Click OK to save your settings.

4. In order not to wait for the next automatic update (and

thus for the folder C:\NOD32LAN to be lled in), click on
the Update now button in the Update dialog window.
Now server setup is completed. We will proceed to the

workstations.

5. For NOD32 on workstations, just change the update

server URL. In most cases it means from Choose auto-

matically to http:// IP_address_of_my_server:8081.
This is done in NOD32 Control Center: click on the
Update button, and then choose Setup.

6. When there, click on the Servers button and add
a new server, namely http:/ /IP_address_of_my_ser-
ver:8081. Save the changes by clicking OK and set this
server in the previous dialog window.
Now the conguration of workstations is comple-

ted too.

Now click on the Update now button in the Update tab

to check whether it is set up correctly.

Model installation of Mirror
as a shared folder

The whole process of installation is similar to the pre-

vious case. Some dierences can be found in the steps 2,
5, and 6, the others are identical.

• Step 2:

Check the Create update mirror checkbox. In the up-

per part choose those versions of NOD32, for which upda­tes will be downloaded from the Internet. All versions

that will be running on the workstations should be

8

checked. Into the Update mirror folder enter a path to
the directory, where updates will be downloaded – i.e.
a path to the shared network folder – Mirror – and en

­ter username and password of user with a right to read,
write and browse.

When entering a path, please use the UNC path. Let’s
assume that the shared folder is named NOD32NET and
is located on the MAIN server. Then enter the path in this
form: \\MAIN\NOD32NET.

WARNING! Please, pay attention when entering
“username” and “password”. See below chapter for
details.

• Step 5:

Just change the URL of update server on NOD32 on
the workstations. Again, please be careful when entering
username with Windows NT / 2000 / XP / 2003. Open the
NOD32 Control Center, then choose Update, click on the
Setup button, and enter the username.

Click on the Servers button to add a new update ser­ver. According to the previous example, enter \\MAIN\NO-
D32NET. Save the changes and return to the Update setup
window and choose it from the roll down menu.

WARNING! Please, pay attention when entering
“username” and “password”. See below chapter for
details.

Click OK in the bottom section to save the settings. To
make sure that it is set up correctly, click on the Update 
Now button in the Update dialog window.

If it is set up correctly, you should not be asked for
username and password, and, naturally, no error messa­ges should be displayed.

Now click on Update now in the Update tab to check
whether it is set up correctly.

How to transfer conguration via
Mirror.

Using a local update server – Mirror – you can also dis­tribute a conguration for NOD32, by which the worksta­tions will be congured at the next attempt to update.

In order to automatically distribute a conguration,

• set update server on the workstations to http://IP_

address_of_your_server:8081 (if it is the version wi­th an HTTP server) or to \\MAIN\NOD32NET (if it is the
version with a shared folder)

• place the conguration XML le on the server.
The conguration itself is created on the same PC

where the mirror is created. Click on the Mirror button
in the Update section in the NOD32 Control Center, and
then click on the Setup button. In the Mirror Setup dia­log window, click on Setup in Conguration les. After clic-
king on the Setup button, select Add, then New and cre­ate a new conguration le. Save the new conguration
le anywhere on the local disk, EXCEPT for the folder with
the Mirror. After this is done, the application NOD32 Con-
guration Editor is launched (see below).

After required changes are made, save them by clic-

king on the diskette in the upper part of the window.
Then just close the window and click OK to return to the
NOD32 Control Center. Now, by clicking on the Update
button in the Mirror for local updates section the congu­ration le will be generated in the folder with the Mirror.

The presence of the conguration le in the upda­te folder / mirror will ensure, that the workstations
will, besides downloading updates, apply this con­rmation also.

Access usernames and passwords

Please pay attention when lling in the username

and password dialog boxes in the Update  setup dialog
window before updating from the mirror (or before cre­ating the mirror).

The NOD32 update process runs at the service level,

and a currently logged in user cannot aect this situation
(even if he/she has access to the folder with the Mirror).

So in case of MS Windows NT / 2000 / XP / 2003 opera-

ting system ll in the “name” dialog box this way:

DOMAIN\USER

or

WORKGROUP\USER

under Novell system, just put USER.
Of course we must not forget the password. LOGIN

NAME is a name of the user with read-only rights to the
folder with the mirror (if the user creates the mirror, then
also to write).

9

We recommend creating a new special account for
this purpose (e. g. noduser) and using it for downloading
updates (company\noduser etc.)

NOD32 Program component
upgrades

Besides the virus signatures database update, a licen­se also includes program updates – program component
upgrades, which require a restart of the operating sys­tem and bring a lot of new features and improvements
to NOD32 (it is an upgrade to a completely new version, e.
g. from 2.0 to 2.5). Choose “Require permission to perform 
program component upgrade” in the Mirror Setup window
to ensure that the program component upgrade will not
be applied to a local update server immediately it is avai­lable on the servers of the Eset company. NOD32 on the
workstations will remain in the current version, and the
workstations will only accept virus signatures updates
from the mirror.This feature is suitable if the administra­tor tests new program updates before applying them to
all workstations in the network.

If “Require permission to perform program compo­nent upgrade” is active and there is a newer program
update available than the one saved in the Mirror direc­tory, the “Components Update” in NOD32 Control Center
> Mirror will be active. By clicking on this button the ad­ministrator agrees that the program update will be avai­lable to the workstations via Mirror.

Installation of NOD32 for Windows
on workstations

The above-mentioned conguration le can serve
also for a new installation of NOD32 according to the re­quested setup. Place the conguration le into the folder
with the installation of NOD32, i.e. where SETUP.EXE is lo-
cated and name the conguration le NOD32.XML.

It may be useful to remember the parameter /SILENT-

MODE connected with SETUP.EXE (i.e. SETUP.EXE /SILENT-
MODE), which installs NOD32 in silent mode – no dialog

window will be displayed during installation.

chapter 1 / Basic network features of NOD32 for Windows

Now there follows a list of all useful parameters that
can be used during installation of NOD32:
/SILENTMODE – a mode without dialog windows – si­lent installation.

/UNINSTALL – uninstall of existing installation.
/FORCEOLD – will also install over newer version.
/CFG= – switch with a conguration name (if this para-

meter is not present, NOD32.XML is used by default).
/SETTINGS= – name with obligatory SETUP.XML le (en­tered only if SETUP.XML is not present in the installation
folder, or has a dierent name).
/TEST – if the installation is launched with this parame­ter, NSETUP.LOG is created, where the installation progress
is described in details. Here you can exact reasons of even­tual problem when installing.
/REBOOT – after a silent installation is complete, the
PC is not restarted by default, even though it may be re­quired. Using this parameter will switch the restart op­tion on.
/SHOWRESTART – if this parameter is combined with the
previous one, conrmation for restart will be required.
/PWD= – entering password for uninstall. This is impor­tant in case a current version of NOD32 is protected by
a password, and the administrator intends to reinstall in
silent mode.
/NUP= – if the value of this parameter is set (name of
the le with component), the installation does not re­quire SETUP.XML for the whole installation, but you can
install only one component.
/INSTMFC – this parameter turns on installation of MFC
libraries – if it is necessary – without asking. The MFC li­brary must be located in the same directory as SETUP.EXE.
The installation program will check whether there are
newer libraries in the system (or none) and will proceed
according to the verdict (e. g. install).

The switches with “=” require entering of a thread. It
can be put into quote marks, but does not have to. Quote
marks are obligatory only if the thread contains spaces.

Should this version of the installation be applied, for
example using logon scripts, then make sure that the in­stallation will not be repeated by every start of the logon
script. SETUP.EXE can not decide by itself whether there is
NOD32 already installed on the workstation.

10

Such control can be provided for example with this batch
le (.BAT):

@echo o
IF EXIST “c:\program les\eset\nod32.exe” GOTO end
echo Installing NOD32...
\\server\nod32\setup.exe /SILENTMODE /REBOOT  /cfg=\\
server\cfg\kong01.xml
GOTO end2
:end
echo NOD32 already installed...
GOTO end3
:end2
echo Completed...
:end3

Conguration editor

Using the Conguration editor, you can create a con­guration XML le, according to which, NOD32 on worksta­tions and servers will be set up, or scan the computers
using its conguration. All of the features are arranged in
a tree structure. The small icons in front of each feature
are very important. At the moment when the congurati­on will be applied on the target PC, the setting marked by
a “grey” symbol will be left unchanged on the target
PC. However, all items marked by blue symbols: will
be changed on the target PC.

Thus you can easily recongure chosen features on
all computers at once and leave the other settings un­changed.

Some of the key settings of the
NOD32 conguration

Now there follows a list of some key conguration op­tions (other important information can be found in the
Proles chapter).

Path:

• General / Settings / General / Silent Mode
If the Silent mode is turned on, no messages about

successful updates and so on, will be displayed. This

setting will not aect behavior of NOD32 in case an

inltration was found.

• General / Settings / General / Lock Settings and Password 

to unlock

These settings protect access to the NOD32 congura-

tion options by the workstation user.

• General / Settings / Remote Administration
Very important in case NOD32 Remote Administra-

tor is also installed. Then it is important to enter the

IP address (or DNS name) of the RA server, by which

the client workstations communicate (you can leave

default settings for Server port and Interval between

connecting to RA Server) and allow remote adminis-

tration.

• AMON / Settings / Security / Start AMON automatically
We recommend leaving the default setting. Change

it only if you are not sure, whether there is another

antivirus system installed. It is not recommended to

have two AV’s installed and running in real-time on

one PC (it can lead to conicts). These settings can be

changed also in the NOD32 Control Center > Threat-

11

Protection Modules > AMON > Setup > Security tab
> Enable automatic startup of AMON.

• AMON / Settings / Enabled 
AMON – the resident shield will watch over the ma-

nipulation of les (YES), or will be running only in the
background and will not watch over the manipulation
(NO).

• IMON / Settings / Register IMON to the system
We recommend setting this option to YES, if it is

a workstation, and to NO, if NOD32 for Windows will
be installed on a server, or a PC, where some other
services are running.

These settings can be changed also in the menu

NOD32 Control Center > Threat Protection Modules >
IMON > Quit.

• IMON / Settings / Enabled
IMON – the Internet monitor – will control commu-

nication (YES), or will be running only in the backg­round and will not watch over the communication
(NO).

• Update / Prole / Settings / Update server
This option sets a path to the server, which will be ser-

ving as an update server. By default it is set to AUTO­SELECT - NOD32 automatically chooses one of the Eset
company update servers.

• Update / Prole / Settings / Username and Password
Username and password are authorization data to the

above mentioned server. In case NOD32 is updated di­rectly from an Internet update server of the Eset Com­pany, then enter the username and password you re­ceived when you purchased the NOD32 license. If you
use your own update server (see chapter about “Mir­ror”), enter the username and password for this upda­te server (also described in a separate chapter).

• General /Settings / ThreatSense.Net
This system allows sending of suspicious les (that

were identied by heuristic analysis as probably be­ing infected by an unknown virus) from client to our
virus lab. We recommend considering this feature,
especially the option that decides whether the suspi­cious les will be sent automatically, after user’s con­sent or not at all..

Proles – Scheduler/Planner

NOD32 for Windows allows dening “groups” of set­tings – proles – in certain parts of the program, espe­cially in update  proles  and scanning proles. You may,
for example, want to have one prole p roviding updates
from a local server and another one, providing updates di­rectly from the Internet. The same applies to the scanning
proles – one prole would test local disks without scan­ning of archives, and another would scan network drives
including archives.

The proles are interconnected with scheduled  tasks 

(NOD32  Control  Center / NOD32  System  Tools / Schedu­ler/Planner). For example, after standard installation of

NOD32 for Windows, a prole is created called My Pro­le, which as one of its tasks sets automatic update for

every hour.

Please pay attention when setting compatibility of
the proles and the scheduled tasks, and please also be
careful when dening your own proles – check whether
the proles are really launched automatically.

If there’s no automatic update scheduled, it is shown
in the Setup of Automatic Update tab, as can be seen in
the screenshot.

chapter 1 / Basic network features of NOD32 for Windows