Contents

TDR and ESET Endpoint Protection

Deployment Overview

Threat Detection and Response (TDR) is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats. As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection.

This document includes information about the integration of a TDR Host Sensor with a host that runs ESET Endpoint.

This document does not describe the procedure to set up your Threat Detection and Response account. For information about how to set up your TDR account, TDR deployment best practices, and how to enable TDR on a Firebox, see Quick Start — Set Up Threat Detection and Response.

Integration Summary

To avoid conflicts between the TDR Host Sensor and ESET Endpoint Security, add these exclusions:

  • Exclusion in TDR for ESET Endpoint — For Windows:
    • C:\Program Files\ESET\
    • C:\Program Files(x86)\ESET\
    • C:\ProgramData\ESET\
  • Exclusions in TDR for ESET Endpoint — For Mac:
    • /Applications/ESET Endpoint Security.app
    • /Library/Applilcation Support/ESET/
    • /private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/PKInstallSandboxManager/*.activeSandbox/Root/Applications/ESET Endpoint Security.app/
  • Exclusions in ESET Endpoint for TDR Host Sensor— For Windows:
    • 64-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\
    • 64-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\amd64\host_sensor.exe
    • 64-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\amd64\TDRSensorStatus.exe
    • 32-bit Windows — C:\Program Files\WatchGuard\Threat Detection and Response\
    • 32-bit Windows — C:\Program Files (x86)\WatchGuard\Threat Detection and Response\amd64\host_sensor.exe
    • 32-bit Windows — C:\Program Files\WatchGuard\Threat Detection and Response\amd64\TDRSensorStatus.exe
  • Exclusion in ESET Endpoint for TDR Host Sensor — For Mac:
    • /usr/local/watchguard

If the Host Sensor and ESET detect and respond to a threat at the same time, this can cause high utilization of system resources such as CPU, Memory, and Disk I/O.

Configuration Details

To complete this deployment, you must have:

  • An active Threat Detection and Response subscription with Host Sensor licenses
  • ESET Endpoint Security 7.0.2091.0— Windows
  • ESET Endpoint Security 6.7.500.0— Mac

The TDR and Fireware versions tested for this deployment included:

  • TDR Host Sensor 5.5.4.8564
  • Firebox with Fireware v12.0 or higher

The Windows test environment for this deployment included:

  • Windows 7, 8.1, 10 Enterprise 64-bit Operating System
  • Memory (RAM) — 8 GB
  • Processor — 2 CPU Cores

The Mac test environment for this deployment included:

  • macOS 10.13
  • Memory (RAM) — 8 GB
  • Processor — Intel Core i5

Configure Exclusions in TDR

In your TDR account, add the exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. The Host Sensor and ESET Endpoint both detect and prevent threats. To prevent conflicts between the Host Sensor and ESET Endpoint, we recommend add an exclusion in TDR.

In your TDR account add the TDR exclusions for the paths listed in the Integration Summary.

Unless otherwise noted, configure each TDR exclusion with these options, which are selected by default:

  • Also exclude subfolders
  • Entities to exclude: Files and Processes

To add an exclusion in TDR:

  1. Log in to your TDR account or managed account as a user with Operator privileges.
  2. Select Configuration > Exclusion.
  3. Click Add Exclusion.
    The Add Exclusion dialog box appears.
  4. In the Path text box, type the path to exclude. Folders specified in an exclusion must end with a backslash.
  5. To apply the exception to all hosts, in the Hosts / Groups text box, specify the group All Hosts.
  6. Click Save & Close.

Repeat these steps to add each exclusion.

Configure Exclusions in ESET Endpoint Protection

In ESET Endpoint add the exclusions to identify the paths for files and locations to exclude. To prevent conflicts between the Host Sensor and ESET Endpoint, we recommend you add exclusions in ESET Endpoint for the paths used by the TDR Host Sensor.

To exclude directories used by the TDR Host Sensor, add the exclusions for the paths listed in the Integration Summary.

To add an exclusion in ESET Endpoint Security

  1. Select Setup on the left panel.
  2. Click Advanced setup.
    The Advanced setup page appears.
  3. Select ANTIVIRUS on the left pane
  4. Select EXCLUSIONS under BASIC
  5. Click Edit.
    The Excluded applications page appears.
  6. Click Add. Click ... to go to Select path.
  7. Select the exclude path.
  8. Click OK.
  9. Select PROCESSES EXCLUSIONS under BASIC
  10. Click Edit.
    The Excluded applications page appears.
  11. Click Add. Click ... to go to Select path.
  12. Select the exclude process executable.
  13. Click OK.

To add an exclusion in ESET Endpoint Security for macOS:

  1. Click ESET > Proferences.
  2. Click Startup Protection > Setup.
  3. Select Exlusions and add the TDR path.
  4. Click Real-time Protection > Setup.
  5. Select Exlusions and add the TDR path.
  6. Click OK.

For information about the integration testing methodology, see TDR Testing Methodology.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search