Emsisoft Management Console User Guide
Emsisoft Management Console is made for network administrators, managed service providers and IT professionals and provides centralized remote management of Emsisoft Anti-Malware (including Home, Business Security and Enterprise Security license plans).
It’s part of my.emsisoft.com and can also be pinned as an app to your app launcher.
- Create a new workspace
- Firewall configuration
- Add devices to a workspace
- Apply a license to a workspace
- Invite users to your workspaces
- Workspace overview: Protection status of your devices
- Edit global protection policies for groups of devices
- Edit local user permission policies for groups of devices
- Receive infection notifications
- Password protection
- Device overview: Protection status and quick access
- Protection settings of a device
- Scan for malware
- Manage quarantined objects
- Logs of a device
- Reducing network traffic with the built-in relay feature (cache proxy)
- Deployment via Group Policy (GPO) on Windows Servers/Active Directory
- Best practices for Managed Service Providers (MSPs)
Create a new workspace
Open MyEmsisoft and navigate to the ‘Workspaces’ dashboard in the ‘Management Console’ menu block. Click the ‘Create Workspace’ button and enter a new, unique name for your workspace.
If you already see an automatically created workspace in MyEmsisoft, feel free to rename it in its Workspace Settings panel any time.
What is a workspace?
Workspaces typically represent the boundaries of your company or organization, but can also define a group of computers or a department.
Licenses are applied on workspace level, which means your workspace can either be in trial mode or have a full version license assigned for all your devices.
A workspace can only have one full license assigned to it, but several trial licenses.
When creating a new workspace, you automatically become the Primary Owner, but you can invite other users to join your workspace. E.g. you may want to request feedback on your protection status from an IT professional. See ‘Inviting users‘ for details.
Devices running Emsisoft Anti-Malware with default Windows Firewall configurations should work automatically. If non-default firewall settings exist, it is best to add a whitelist entry for *.emsisoft.com. Precise server names if your firewall doesn’t allow wildcards like ‘ * ‘ are detailed in our Firewall Configuration Guide, with additional servers and ports listed below.
- Emsisoft Anti-Malware protected devices using Emsisoft Management Console without utilizing the Proxy Relay feature Add cloudbroker.emsisoft.com, TCP port 61614 out.
- Relay proxy configuration To utilize the relay proxy feature of Emsisoft Management Console on a specific device, the firewall must be adjusted on each device as follows:
- Emsisoft Anti-Malware protected devices using Emsisoft Management Console’s Proxy Relay feature, but not serving as the Proxy Relay Add ports 33500-33699 out to the chosen relay proxy device.
- Emsisoft Anti-Malware protected devices serving as an Emsisoft Management Console Proxy Relay Add ports 33500-33899 in for proxied device connections, and port 33700 in and out. Note that the Emsisoft Anti-Malware installation on the proxy relay can use itself to further reduce update traffic. In that case also allow ports 33500-33699 to the same machine address if needed, as above.
Add devices to a workspace
Go to your workspace overview panel and click the ‘Add Device’ button.
- Install protection on this device Select that option to download your workspace-specific installer right away. After installation, the device will show up in your ‘Devices’ list right away. No separate license activation or user account login is required.
- Send download instructions by email Select that option to invite others to add their devices to your workspace. E.g. members of your organization who are instructed to install Emsisoft protection, or your clients if you are a managed service provider.The invitation email contains your personalized download link.
Important security advise for installation tokens
Note that the download filename must not be changed. It contains a unique identifier/token (36 characters sequence) to authenticate the installed device directly with your workspace.
Warning: Never share your installer with the public! For security reasons, it is advisable to always set an expiration date for your tokens.
Installation tokens and default protection policies
By default, newly installed devices are added to the ‘New computers’ protection policy group in your workspace.
If you require them to be added to a different policy group, please navigate to the policy settings and create an additional installation token at the top of the panel. All devices installed or connected via the custom installer of that policy group will then be added to that policy group instead of the default group.
Manual connection via command line
If you have a larger number of already installed endpoints (e.g. managed by Emsisoft Enterprise Console) and would like to automatically connect them to your workspace, you may use the following command line parameters to initiate the connection:
%ProgramFiles%\Emsisoft Anti-Malware\a2start.exe /applytoken=<installtoken>
<installtoken>: Your custom installation token can be obtained from the ‘New computers’ protection policy group.
Mass deployment via GPO
Please see our guide:
Deployment via Group Policy on Windows Servers/Active Directory
Apply a license to a workspace
When creating a new workspace, the first device that gets added automatically activates a free trial license. You can add multiple devices during the trial period.
To switch to a full version license, go to the Workspace Settings panel and click the ‘Apply license key’ link. Once confirmed, your license will be deployed to all your devices.
Invite users to your workspaces
As a Primary Owner or Workspace Admin you can invite additional users and assign them different user roles. Go to the Workspace Settings panel and click the ‘Invite a user’ button to send an invitation by email.
If the invited user doesn’t yet have an Emsisoft user account, we will guide them through sign up first.
|Billing Contact||Protection Manager||Workspace Admin||Primary Workspace Owner|
All user and partner permissions explained in detail.
Primary Workspace Owner
Is the legal owner of the workspace and responsible for all activities within a workspace. Has full access to everything and can re-assign ownership to another user.
Typical use case: The buyer of the license.
Has full access to your workspace and can view/edit all devices, policies, alerts, logs, reports, users and the license of your workspace. Workspace Admins can change all user permissions except those of the Primary Workspace Owner.
Typical use case: An organization has multiple full-access administrators to share management tasks of the workspace.
Can view/edit all devices, policies, alerts, logs, reports, but can’t change the workspace settings such as user roles and licensing.
Typical use case: A trusted third party who has more experience with security software manages the protection for the workspace, i.e. an IT professional or the ‘computer geek’ in the family.
Is responsible for license payments. Can view/edit license information, but doesn’t have access to devices or other workspace settings.
The billing contact receives license renewal reminders from us.
Typical use case: A managed service provider (MSP) or reseller who sells the malware protection in a bundle with other services, i.e. general computer maintenance services.
Workspace overview: Protection status of your devices
Select any of your workspaces in your Workspaces Dashboard to see all connected devices in that workspace. The table provides a quick overview of what’s going on in your environment and will signal issues printed in red.
Pay special attention to the Protection Status and Last Update columns, as they indicate potential issues that may affect your security.
The column ‘Protection Policy’ tells you which device settings policy currently applies to a particular device. Special tags, e.g. [5 edits], indicate how many custom settings were on the device that deviate from the group policy settings.
‘Last User’ and ‘User Policy’ indicate which user is currently (or was last) logged on at the device and which permission policy applies.
The last column provides a hamburger menu with shortcuts to common tasks such as malware scans, or to edit the device settings.
Tip: Hover your workspace name on the left side menu and you’ll see a little pin icon. Click that to pin your workspace permanently to your menu for quick access.
Edit global protection policies for groups of devices
We recommend the use of device groups that reflect your internal organization structure, e.g. your marketing team may require to exclude specific work related programs from protection for best performance; or your customer support team may require silent operation of the Emsisoft protection to avoid any kind of popups during work.
Instead of changing the configuration for each device individually, you can save a lot of time by simply creating groups and applying specific settings either globally or for selected sub-groups, as required.
The ‘Protection Policies’ panel allows you to edit and re-arrange the hierarchy of groups on the left, and modify the policy settings of the selected group on the right.
The panel includes all software settings as they are displayed on the endpoint. Additionally, you can modify some customization properties, e.g. to hide news popups or to redirect the purchase links to a custom website. See ‘UI Customization‘ settings.
Policy groups with inheritance
The highest hierarchy is always your Workspace root group. Any changes you apply there will automatically be inherited to all sub-groups. Click ‘Add’ and drag&drop a group to the desired hierarchy level.
Assign devices to groups
Click the ‘Devices in this group’ tab on the right top to see all devices in the selected group. Drag&drop a device to a different group to re-assign the device.
Newly added devices will automatically be added to the ‘New devices’ group that comes with more restricted default settings.
Modify group settings
Select a group on the left and switch to the ‘Group settings’ tab on the right to see all protection settings.
Note that all settings that are different to the next higher hierarchy level are printed in bold, have a light grey background and a blue handle on the left. Click the ‘Reset’ icon on the right to restore inheritance of a particular setting.
Settings are saved in real-time and typically applied to your devices within the minute.
Please see our Best practices for Managed Service Providers (MSPs) for details on applying policy templates to multiple workspace policies.
Edit local user permission policies for groups of devices
Similar to the Protection Policies you can define default permissions for user accounts. Select a user group on the left and switch to the ‘Users’ tab on the right to see the assigned users.
Users can either be local user accounts on your devices or Active Directory Domain users in your network. Click ‘Add’ to specific a new user.
For simplification we recommend working with default groups though. The protection software on the endpoint can automatically assign permissions based on available local account permissions.
- Administrators have ‘Full access‘ and can view and edit all software settings.
- All other users have ‘Basic access‘ which allows them to view settings but not change them. They can also run malware scans, decide what to do on alerts and quarantine found objects. Recommended for users with a basic understanding of protection software.
Alternatively, you can change the default permissions to one of the following:
- ‘Read-only access‘ can view settings, but can’t change them. All alerts and events are handled automatically by the software. Recommended for non-experienced users.
- ‘No access‘ can’t view the program interface. All alerts and events are handled automatically by the software. Recommended if your users shouldn’t be distracted by the malware protection at all.
Receive infection notifications
Go to the bottom of the workspace settings panel to set up new notification triggers. When adding new notifications, you can select the real time protection components which you want to receive notifications from.
- Email: Specify one or more recipients for email notifications.
- Webhook: For automated incident processing, specify a web-API endpoint that receives notifications in real-time.
Device overview: Protection status and quick access
The content of the device overview panel matches what users see locally on those devices when they open the protection software.
The first tile shows the current protection status. The background color of the tile provides basic information about potential issues:
- Green: All real-time protection components are enabled and the latest updates are installed.
- Orange: One or more real-time protection components are disabled or the latest updates are missing. Please investigate and fix the issue.
- Red: All real-time protection components are off. Please investigate and fix the issue.
- Grey: The device is currently offline. You can still edit the settings which will be synchronized as soon as the device gets online again, but you can’t start malware scans or change quarantined objects.
The Device Health section provides a quick overview on security relevant parameters of the device. Add custom notes for future reference here.
The Device Details section displays general hard and software details.
Protection settings of a device
While it is strongly recommended to work with protection policies and groups, you can also change software settings on individual devices if required. Such changes override any inherited policies.
Once your edits are completely synchronized with the device (usually within the minute) they will be printed in bold with a grey background and a blue handle on the left on the actual devices in their Settings panel. Hover the setting and click the ‘Reset’ icon on the right to restore the inherited setting value.
Scan for malware
We recommend to run a manual malware scan right after installing the protection software, or at any time when you suspect an infection. It makes sure that the system hasn’t been compromised and the real-time protection components can reliably do their job.
The following scan types are available:
- Quick Scan – Scans only active programs and checks for malware traces. Run a Quick Scan if you are sure that the system is clean (e.g. if you have a freshly installed or otherwise trustworthy operating system available.)
- Malware Scan – Scans all places that malware typically infects. A Malware Scan is the best choice for most users. It’s fast and thoroughly examines the whole computer for any active malware infections.
- Custom Scan – All scanner settings can be manually set. This is particularly useful if you want to scan additional drives for any inactive Malware files. Default settings represent a full system scan, including all drives.
Manage quarantined objects
All findings of the on-demand scanner and the real-time protection are first put in quarantine instead of deleting them right away. That security measure allows to restore potentially wrongly detected objects later.
Emsisoft Anti-Malware automatically re-scans quarantined objects after each online update and offers to restore the data to its original location if it turns out the detection was wrong. You can run a manual quarantine re-scan at any time by hitting the ‘Re-scan all’ button on the right bottom corner.
If you suspect a wrong detection, tick the checkbox in front of the object in question and hit the ‘False detection’ button at the bottom. That submits the quarantined item to the Emsisoft Lab for further investigation.
Select an object and click ‘Restore’ to get the file and its settings restored to their original locations. By clicking ‘Delete’ the data will be permanently removed and can not be restored any longer.
Logs of a device
Emsisoft protection software logs a number of events, such as the date and time of online updates, malware scans, real-time protection alerts, and more. Use those logs to investigate issues or to verify proper use of the software.
By default, local machine Windows administrator logins have full access. To restrict this, changes need to take place in two places in Emsisoft Management Console:
- Select one of the permission policy groups to use, or click the “workspace” permission policy group and then click “new group” to create a permissions policy restricting access to the level desired.
- Add any users required to this policy by clicking the three-horizontal-line icon in the list of users below the permission policy groups.
- Create or use a pre-existing protection policy in the same way, with an administrator password enabled. Add any computers required to this protection policy.
It is recommended to create an administrator password and restrict permissions on the workspace level as described in step 1 above rather than in protection policies nested within the workspace. Move users or computers to less restricted permission and policy groups from there as needed.
The endpoint(s) must be restarted for this to take effect completely. Permissions are applied only during initial connection of Emsisoft Anti-Malware to Emsisoft Management Console when the program starts.