Zemana Endpoint Security 

Administration Guide Version 1.9.380 

 

 

 

 

 

 

 

 

 

 

Introduction 5 

What is Zemana Endpoint Security? 5 

What is Zemana Control Center? 5 

How do Endpoint Agents and Control Center communicate with each other? 5 

Features 6 

Support 7 

Getting Started 8 

Server Requirements for Zemana Control Center 8 

Endpoint Requirements for Zemana Endpoint Security Agents 8 

Installation 10 

Step 1: Installing Control Center 10 

Step 2: Deployment of Endpoint Agents 11 

Manual Deployment 11 

Deployment via Group Policy Object 11 

Creating a Machine Startup Script for use with Active Directory 11 

Registering the Machine Startup Script with a Group Policy Object 12 

Mail Deployment 12 

Remote Deployment 13 

Optional Step 3: Installing Failover Server 13 

Administration 15 

Logging into Control Center 15 

Modules 15 

Dashboard 15 

Network 15 

Groups Pane 15 

Endpoints Pane 16 

Endpoints Pane Context Menu 16 

Filters 17 

Endpoint Actions Bar 17 

Endpoint Details Dialog 17 

Tasks 18 

Policies 18 

Quarantine 18 

Reports 18 

Deployment 19 

Setup Packages 19 

Update Servers 19 

How to install an Update Server? 20 

How to check the status of Update Servers? 20 

2 

 

 

How to uninstall an Update Server? 20 

Notifications 20 

Settings 21 

Failover Servers 23 

Failover Server Registration 24 

Failover Server Unregistration 24 

Audit Logs 24 

User Management 24 

User Types 24 

Roles 24 

Policy 27 

General Settings 27 

Anti-Virus Settings 27 

Content Control Settings 28 

Device Control Settings 29 

ID Theft Protection Settings 29 

Frequently Asked Questions 31 

How do I create a backup of Zemana Control Center? 31 

How do I restore Zemana Control Center? 31 

How do I create a support tool output? 31 

How do I enable SSL on Zemana Control Center? 32 

Enabling SSL in IIS Manager 32 

Enabling SSL in Control Center 32 

How do I migrate Zemana Control Center to a new server? 32 

Migrating Control Center to a new server 32 

Forwarding Endpoint Agents to New Control Center 32 

What ports are used by Endpoint Agents and Control Center? 33 

External URLs used by Endpoint Agents and Control Center? 33 

How do I uninstall Endpoint Agents? 33 

How do I uninstall a group of Endpoint Agents? 34 

How do I send feedback about the product? 34 

   

3 

 

 

   

Introduction    

4 

 

 

Introduction 

Thank you for choosing Zemana Endpoint Security.  

This document will guide you through all the features of Zemana Endpoint Security and Control Center. 

What is Zemana Endpoint Security? 

Zemana Endpoint Security is a client-server solution which protects your physical or virtual machines 

against all types of threats including phishing, malware, cryptolocker while providing you with the best 

user experience on managing your entire network.  

 

What is Zemana Control Center?  

Zemana Control Center is a web-based management console for managing endpoint security agents 

installed on your network.  

 

How do Endpoint Agents and Control Center communicate with each 

other? 

Endpoint Agents connect to Zemana Control Center using a one-way communication channel over 

predefined ports which are automatically allowed by the installation packages.  

In case you are using different VLANs for Agents and Control Center, please make sure these ports are 

properly forwarded from Agent VLAN to Control Center VLAN. 

 

 

 

 

 

5 

 

 

Features 

Zemana Endpoint Security combines the following features and lets you manage these features 

through a web-based management console for ease of use: 

● AntiMalware protection (On-Demand and On-Access scans) ● Zero-day malware protection ● Identity Theft Protection ● Cryptolocker protection ● Device Control ● Advanced rootkit and bootkit remediation ● Web Control for blocking access to harmful web sites ● Keyword filtering for blocking access to websites containing provided keywords ● Application blocking ● Search advisor for browsers  ● Policy based centralized management ● Scheduled Scans ● Active Directory integration ● Out-of-box SIEM integration ● Advanced Reporting module ● Internal update mirrors for low-bandwidth usage 

 

 

 

 

 

 

 

 

 

6 

 

 

Support 

Before contacting Technical Support, make sure you have satisfied the system requirements that are 

listed in your product documentation.  

In case you need technical assistance, please contact support@zemana.com with the following 

information available: 

● Product version ● Hardware information ● Available memory, disk space, and NIC information ● Operating system ● Version and patch level ● Network topology ● Router, gateway, and IP address information ● Problem description with the following information: 

○ Error messages and log files (located at C:\zemana_logs) ○ Support tool output (click here for more information about creating a support tool output) ○ Recent software configuration changes and network changes 

 

 

 

 

 

 

 

 

 

7 

mailto:support@zemana.com

 

 

Getting Started 

Server Requirements for Zemana Control Center 

● Supported operating systems: ○ Minimum required server version is Windows Server 2008 R2 (64-bit) 

● Hardware requirements: ○ 64-bit Intel 2 GHz or higher (or equivalent) ○ 8 GB available RAM ○ 40 GB free space on the hard drive ○ Internet connection (required for product activation and some update features) 

 

Endpoint Requirements for Zemana Endpoint Security Agents 

Supported operating systems: 

● Windows Client ○ Windows 10 ○ Windows 8.1(1)(2) 

○ Windows 8(3) 

○ Windows 7 with Service Pack 1 (1)VMware vShield platform (Agentless version) support for Windows 8.1 (32/64-bit) is available 

starting with VMware vSphere 5.5 – ESXi build 1892794 and above. (2)In VMware NSX, the OS version is supported starting with vSphere 5.5 Patch 2. (3)In VMware NSX, the OS version is supported starting with vSphere 5.5. 

● Windows Server ○ Windows Server 2019 ○ Windows Server 2016 ○ Windows Server 2012 R2(1)(2) 

○ Windows Server 2012(3)(4) 

○ Windows Small Business Server (SBS) 2011 ○ Windows Server 2008 R2(4) 

(1)VMware vShield platform (Agentless version) support for Windows Server 2012 R2 (64-bit) is 

available starting with VMware vSphere 5.5 – ESXi build 1892794 and above. (2)In VMware NSX, the OS version is supported starting with vSphere 5.5 Patch 2. (3)In VMware NSX, the OS version is supported starting with vSphere 5.5. (4)VMware NSX does not support the 32-bit versions of Windows 2012 and Windows Server 2008 

R2. 

8 

 

 

 

Hardware requirements: 

● Windows Client ○ Intel Pentium compatible processors, 2 Ghz or higher (or equivalent) ○ 1 GB available RAM ○ 1.5 GB free space on the hard drive ○ Internet connection (required for product activation and some update features) 

 

● Windows Server ○ Minimum 2.4 Ghz single-core CPU, Recommended 1.86 Ghz or higher Intel Xeon 

multi-core CPU 

○ Minimum free RAM 512 MB, Recommended free RAM 1 GB ○ 1.5 GB free space on the hard drive ○ Internet connection (required for product activation and some update features) 

 

 

 

 

 

 

 

 

 

 

   

9 

 

 

Installation 

Installation of Zemana Endpoint Security is divided into two steps. The first step is the “Control Center 

Installation”, which provides you with the endpoint installation packages and continues on the second step 

of installation, which is “Endpoint Agents Installation”. Once the two steps are completed, you will be able 

to login to Control Center and start managing the computers in your network.  

Step 1: Installing Control Center 

1. Download the latest version of Zemana Control Center Installer using the link below: 

https://download.zemana.com/api/products/zescontrolcenter 

2. Double-click on the installer and accept UAC Prompt if prompted so, 

3. Accept the User License Agreement and click “Next”, 

4. Check “Create Desktop Shortcut” for easy access to Zemana Control Center from your desktop 

and click “Next”, 

5. Wait for the installer to extract installation files, 

6. Click “Install Control Center” option and click “Next”, 

7. Choose either “Direct Internet Connection” option or “Use Proxy for Connecting to Internet” 

option, 

8. Enter a valid license for Zemana Control Center. If you don’t have one, please contact 

support@zemana.com, 

9. Provide a Domain Name or a Static IP address for Control Center to use. This is the address you 

will enter into your browser’s address bar. If you use an IP address here, make sure it is static.  

NOTE: For testing purposes, you can use 127.0.0.1 as the IP address but you need to change it 

before starting the deployment of endpoint agents, 

10. Enter Administrator Email and a password for managing Zemana Control Center. This account will 

be used for logging into the Control Center and it will also be set as the Control Center’s System 

Administrator account (most privileged account type), 

11. If you use Active Directory in your company, select “Use Active Directory for managing computers 

in my network” option or skip this step by choosing “Skip Active Directory integration” option. The 

account you provide in this step will *only* be used for synchronization purposes, 

12. Wait for Setup to download packages and complete all the steps, 

IMPORTANT NOTE: This step could take a few minutes due to downloading of endpoint 

installation packages and other installation media. 

13. Once this step is completed, setup will automatically open your browser and direct you to Login 

Page, 

10 

https://download.zemana.com/api/products/zescontrolcentermailto:support@zemana.comhttp://127.0.0.1:55555/http://127.0.0.1:55555/

 

 

14. Click Finish to complete setup and use the Administrator Email and Password you have provided in 

the previous steps to login into Zemana Control Center. 

 

Step 2: Deployment of Endpoint Agents 

Deployment of endpoint agents can be performed in two alternate ways: Manual Deployment and 

Deployment via GPO.  

Manual Deployment 

a. Open the browser in the machine you would like to install endpoint agent to, 

b. Navigate to Deploy Page. This URL doesn’t require authentication to make deployment of 

endpoint agents into your network as easy as possible, 

c. This page will provide you with 32bit and 64bit versions of Endpoint Setup Packages as 

ZIP files, 

d. Download the appropriate package and extract the ZIP archive to a directory. This will 

extract the contents of ZIP file which should contain installer exes and configuration files, 

e. Double click the installer32.exe or installer64.exe to start installation of Agent, 

f. Once installation is completed, you will be able to see the endpoint in Network Page. 

Deployment via Group Policy Object 

Deployment via GPO is composed of two steps. First, you need to create a deployment script 

using Control Center and then you should set this script as a machine startup script by the help 

of GPO. 

1. Creating a Machine Startup Script for use with Active Directory 

a. Navigate to http://127.0.0.1:55555/Deployment page, 

b. You will be provided with 32bit and 64bit versions of Endpoint Setup 

Packages as ZIP files, 

c. Download “both” ZIP files to your computer and extract them to separate 

directories, 

d. Create a shared folder either in one of your Domain Controllers or in a file 

server, 

e. Give “Everyone” read access to this folder and copy installer32.exe and 

installer64.exe into this folder, 

f. Copy the path of shared folder as a UNC path. As an example, if you have 

created a folder named “Shared”, the UNC path should be 

\\SomeServer\Shared 

g. Click “Create Deployment Script” button in Deployment Page, 

h. Paste the shared folder path into “Shared Folder Path” textbox in the 

dialog, 

i. Choose preference for removing competitor products, 

11 

http://controlcenter:55555/Deployhttp://controlcenter:55555/Networkhttp://127.0.0.1:55555/Deployment

 

 

j. Click “Download Script” button in the dialog and save the resulting BAT 

file into your computer. 

 

2. Registering the Machine Startup Script with a Group Policy Object 

a. Open “Group Policy Management Console” in your Domain Controller, 

b. Create a GPO for deploying Endpoint Agent into your network, 

c. Right click on the created GPO and select “Edit”, 

d. In the opened “Group Policy Management Editor” window, select 

“Computer Configuration > Policies > Windows Settings > Scripts (Startup / 

Shutdown)” section, 

e. In the right pane, double click “Startup” item, 

f. In the opened “Startup Properties” page, click “Show Files” button. This 

will open the startup scripts directory in Explorer, 

g. Copy the Machine Startup Script you have created in the previous step 

into the folder, 

h. Close the Explorer window and click “Add” button in “Startup Properties” 

page. This will bring up “Add Script” dialog, 

i. Click “Browse” in the “Add Script” dialog and select the previously copied 

Deployment Script and click “OK 

j. Machines using this GPO will automatically install Endpoint Agent after 

they are restarted. 

 

Mail Deployment 

a. Open the browser and access Control Center, 

b. Navigate to Deployment Page.  

c. Click “Send via Email” from left menu under Setup Packages, 

d. Add recipient Email addresses to “Email List To Send” box, 

e. Review mail content in the editor and click Send, 

f. Recipients will receive deployment mail which contains Endpoint Agent download links. 

WARNING: This feature requires a configured E-mail Server on Control Center Settings. 

 

 

 

12 

http://controlcenter:55555/Deployment

 

 

Remote Deployment 

a. Find “Zemana Deploy Manager” icon on the desktop of Zemana Endpoint Security Control Center installed machine, double click to execute (Default path : "C:\Program Files\Zemana Control Center\Zemana.EPS.Console.DeployManager.exe"), 

b. To target Active Directory computers click “Deploy using Active Directory”, or to target computers on your network using computer name or IP address click “Deploy using Computer Name / IP Address”, 

c. On current window a computer selection list or a text area to type computer names or IP addresses (each should be entered line by line) is displayed according to your previous choice. Select target machines or type computer name / IP address of target machines then click “Proceed”, 

d. Type local administrator credentials in order to start deployment on your target computers, 

e. Choose preference for removing competitor products, 

f. Click “Start Deployment” to start deployment process. 

g. Deployment will be initiated on target computers remotely. Deployment statuses will be displayed on current window. Deployment process will be conducted silently. 

WARNING: “Administrative Share” and “File Sharing” permissions should be allowed on                     target machines. Remote Deployment uses “135”, “139” and “445” ports, these ports                       should be accessible as well. 

 

Optional Step 3: Installing Failover Server 

1. Download the latest version of Zemana Control Center Installer to a server, which will be used as a 

Failover Server, using the link below: 

https://download.zemana.com/api/products/zescontrolcenter 

2. Double-click on the installer and accept UAC Prompt if prompted so 

3. Accept the User License Agreement and click “Next”, 

4. Check “Create Desktop Shortcut” for easy access to Zemana Control Center from your desktop 

and click “Next”, 

5. Wait for the installer to extract installation files, 

6. Click “Install Failover / Mirror Server” option and click “Next”, 

7. Failover server will be automatically installed, click Finish. 

Failover server management will be explained in detail in “Failover Servers” section of 

Administration chapter. 

13 

https://download.zemana.com/api/products/zescontrolcenter

 

 

   

Administration    

14 

 

 

Administration 

Zemana Control Center is a web-based management console for administering Zemana Endpoint 

Security agents. This chapter will guide you through all the features of Zemana Control Center. 

Logging into Control Center 

You can log in to Control Center using one of the account types below: 

● Local Accounts ● Active Directory Accounts 

At least one local account is created during the installation process but you are free to add any number 

of Local or Active Directory accounts after logging into the Control Center. 

On a fresh installation, login page only allows you to use Local Accounts. You can add Active Directory 

accounts by navigating to “User Management” by clicking the dropdown menu at the topmost right of 

Control Center.  

NOTE: Control Center logins have a session timeout limit which is 30 minutes by default.  

 

Modules 

Dashboard 

Dashboard is the first page you will see after a successful login. This page contains charts for 

endpoints, issues and licensing as well as a Threats Timeline and a list of Critical Endpoints. 

Threats Timeline lets you view the security events which take place on endpoints on a daily basis. 

You can click on a specific day to get a detailed “Threat Report”. Reports will be explained in detail 

in “Reports” section of this chapter.   

Network 

Network page is where you will see all of the endpoints in your network. It contains a “Groups 

Pane” for displaying custom endpoint groups and Active Directory domain groups, and a right 

pane which lists the contents of the selected group. If no endpoint group is selected, right pane 

displays all endpoints. 

Groups Pane 

This pane is located at the leftmost side of Network Page and contains a top level group 

named “Computers” which acts as the default container for individual endpoints which do 

15 

 

 

not belong to any Active Directory Domain. If Active Directory is not set up, this is the only 

top level group you will see in Network Page. After configuring Active Directory 

synchronization from Settings, each domain in Active Directory will be another top level 

group in this pane. Active Directory synchronization feature will mirror the exact same 

structure of your domains including organizational units and groups and computers. 

Endpoints Pane 

This is the pane which displays the contents of selected Group in your network. Endpoints 

are listed in a grid alongside some useful information such as the issues and online status 

of endpoint.  

At any given time, an endpoint could be in one of the three management states: 

1. Managed: Endpoint is managed by the Control Center and it is ready to accept 

tasks and policies. 

2. UnManaged: Endpoint is discovered through the Active Directory but it hasn’t got 

Endpoint Security Agent installed yet.  

3. Deploy Failed: Endpoint Security Agent installation failed on this endpoint. This 

could be due to a number of reasons such as the failure to uninstall a competitor 

AntiVirus solution and etc. These type of endpoints require manual installation and 

inspection. 

In normal cases, endpoint should not have any issues but in case something goes wrong 

in an endpoint, you will see the issues in this pane as well. Issue types for endpoints are as 

listed below: 

1. Update Failed: Endpoint can not get product or signature updates. 

2. Outdated: Endpoint’s last update time is older than 3 days which can be changed 

in Settings. 

3. Feature Status Mismatch: Status of protection modules on endpoint does not 

comply with the policy applied to the endpoint. 

4. Infected: Endpoint is infected with a malware and it was not possible to clean the 

endpoint. 

5. Scan Failed: Scheduled or on demand scan task failed to complete. 

6. Reboot Required: Endpoint agent requires reboot to perform some tasks such as 

boot deleting malware or completing an update. 

7. Unreachable: Endpoint didn’t connect to Control Center for more than 7 days 

which can be changed in Settings. 

Endpoints Pane Context Menu 

This is the right click context menu which lets the Administrator perform endpoint related 

tasks and set labels for endpoints. Tasks listed here can also be found in Quick Actions 

bar in Endpoint Details Dialog.  

16 

 

 

Filters 

This buttons brings up a dialog in which you can change the settings related to viewing of 

endpoints in Endpoints Pane. Normal behavior of Endpoints Pane is displaying the 

contents of the selected group without including the endpoints which reside in sub-groups 

of the selected group. You can change this behavior by choosing a Group and then 

selecting “All Groups Recursively” option in Filter dialog. Default behavior of Endpoint 

Pane when no group is selected is displaying all endpoints in all groups including Active 

Directory domains and Computers top level group. This is why, when no group is selected, 

Filters dialog will not have “All Groups Recursively” option until you select a Group from 

the Groups Pane. You can also provide a computer name for filtering all computer names 

containing the provided string. After setting the required filter options, you should click 

“Save” for activating the filter options.  

Endpoint Actions Bar 

This bar is located at the upper side of Groups Pane and it lets the IT Admin perform 

endpoint and group related tasks such as creating a new group, renaming an already 

existing group and deleting an endpoint. Please note that, group related actions in this bar 

are only applicable to groups created beneath “Computers” top level group and they will 

be disabled when an Active Directory Domain group is selected. This is because Active 

Directory Domain groups are synchronized directly from the provided domain and IT 

Admin has to make changes in the domain itself (in domain controller) and click “Sync 

Active Directory” button in this bar to fetch updated domain structure.  

In order to use “Sync Active Directory” feature, you should configure Control Center to use 

Active Directory from Settings page. 

Endpoint Details Dialog 

Endpoints Pane displays a summary of information about each endpoint. In case you need 

to get more information about the endpoint, you should click on the name of the endpoint 

which will bring up Endpoint Details Dialog. This dialog contains detailed information about 

the selected endpoint and it also provides you with a “Quick Actions” bar for performing 

endpoint related tasks. Tabs in this dialog are as follows:  

1. General Tab: Displays most of the information about the Endpoint.  

2. Endpoint Tab: Displays the status of protection modules. 

3. Policy Tab: Displays the last assigned policy of endpoint and assignment status / 

type of the policy. Assignment type of policy can either be “Inherited” or “Direct”. 

Inherited indicates that endpoint inherited its policy from its parent group so no 

direct assignment is made by the IT Admin. 

4. Events Tab: Displays all type of events which was sent by the Endpoint Agent. 

17 

 

 

Tasks 

Tasks are the main unit of work for Endpoint Agents. Tasks are assigned to Endpoint Agents by the 

Control Center in response to Administrator's actions. They can be assigned to a single or multiple 

endpoint agents and lets the administrator view status of the task on each endpoint.  

Tasks module keeps a record of each assigned task and sets the status of task to “Pending” until 

the all the endpoints connects to the Control Center and gets the task. In this case, task status is 

switched to “In Progress”. After the task completes in all endpoints, task will be marked as 

“Completed”.  

For further inspection about the status of task on each endpoint, you can click on the numbers in 

the “Status” column. 

Policies 

Policy is a group of settings which can be applied to a single or a group of endpoints.  

Policies include all types of settings an endpoint should comply with. Control Center is shipped 

with a default / optimized policy which is called “First Policy” and this policy is set as “Default 

Policy” so any endpoint which joins into the managed group of computers receives this policy as 

their active policy.  

You can create any number of policies using “Create Policy” button in the actions toolbar and you 

can also create a copy of the policy by selecting the source policy and clicking the “Clone Policy” 

button. 

NOTE: Please refer to Policy Section for more information. 

Quarantine 

This module lists the files which are quarantined by Endpoint Agents and provides you with the 

following options: 

● Restore: Restore the quarantined file to the endpoint. This is what Administrator should do to revert the quarantine action and let the user use the file in question.  

● Delete File: This option deletes the file from quarantine. ● Delete Record: This options removes the quarantine entry from Control Center and 

doesn't do anything on the endpoint side. This is useful for deleting quarantine entries 

which are submitted from unreachable endpoints. 

Reports 

This module allows you to create instant or scheduled reports from the Control Center. Main grid 

of this page lists the previously registered Scheduled Reports. You can edit or delete a previously 

18 

 

 

created report by highlighting the report and clicking the appropriate action button in the action 

toolbar. 

Report types are: 

1. Threat Report: Displays all detections including malware detections and content control 

detections. This report type is a merged view of "Malware Detection Report" and "Content 

Control Report". 

2. Malware Detection Report: Displays malware detection events on all endpoints. 

3. Content Control Report: Displays content control related detections on all endpoints such 

as blocked web pages and keywords. 

4. Endpoint Protection Status Report: Displays the protection status of each endpoint with 

latest scan results. 

5. Endpoint Feature Status Report: Displays the ON/OFF status of each protection module 

for endpoints. 

6. Endpoint Update Status Report: Displays the update status of each endpoint. 

7. Endpoint Policy Report: Displays the policy name of each endpoint. 

8. Endpoint Issue Report: Displays all types of issues encountered on each endpoint. 

9. Endpoint Management Status Report: Displays the management status of each endpoint. 

10. Device Control Report: Displays device exclusion configuration events on all endpoints. 

Specifying e-mail addresses while creating Scheduled Reports lets report content to be sent to                           specified e-mail addresses upon creation of periodic reports. 

WARNING: In order to receive scheduled reports with e-mail, E-mail Server should be configured on Control Center settings. 

Deployment 

Deployment page lets you download setup packages for Endpoint Agents and Update Servers.  

This page also has a separate tab named “Update Servers” which let’s you view the currently in 

use update servers. This page is only for viewing active update servers for information purposes.  

Setup Packages 

Endpoint Agent and Update Server packages can be downloaded by clicking the 

appropriate link in this section. Setup packages are archive files which contain an installer 

and a configuration file. 

Update Servers 

This section lists the active Update Servers of Control Center for information purposes 

only. Uninstalling an Update Server will automatically delete its entry from this list. 

Internal Update Servers are separate setup packages which can be used by Zemana 

Control Center to centralize delivery of signature and product updates.  

19 

 

 

Control Center automatically loads balances update servers and distributes them to 

endpoints in a round robin manner. Each Update Server can handle 600-1000 endpoints. 

Once this limit is exceeded, Control Center notifies Administrator to install more update 

servers. 

How to install an Update Server? 

In order to install an internal update server, please follow the steps below: 

1. Set a static IP address to the server which will be used as an update 

mirror, 

2. Open your preferred browser and navigate to Deployment page, 

3. Download the appropriate update server package by clicking either 32-bit 

or 64 bit links, 

4. Extract the Update Server Setup Package contents to a directory, 

5. Run installation file and follow the on-screen prompts. 

Upon installation, update server will automatically connect to Control Center and 

register itself as an active update server. 

How to check the status of Update Servers? 

1. Navigate to Deployment page and click "Update Servers" tab, 

2. You can see the active update servers and their statuses here. 

How to uninstall an Update Server? 

Update Servers are normal installation packages which can be uninstalled using 

"Control Panel > Programs And Features" panel.  

Upon uninstallation, Update Server entry will be removed from the Control Center 

automatically and endpoint agents will be notified to use other Update Servers by 

using this Update Server as their Update Source  

NOTE: If there are no update servers left in the Control Center, the system will 

automatically set Update Source settings to "Internet" in all policies. 

Notifications 

This module lists the notifications about Control Center and informs the Administrator about 

important events.  

Currently supported notifications are:  

● Active Directory Synchronization Failed ● Backup Failed ● Email Notification Failed due to SMTP settings 

20 

 

 

● New Control Center Update is available ● Update Server Capacity Exceeded ● License Related Notifications 

Settings 

This module contains all configurations for Zemana Control Center to function properly and it is the 

most critical part of the system. 

● Control Center ○ General 

■ Control Center Address: Address of Control Center which should be either an IP Address or a domain name. 

■ Control Center Language: User interface language for Control Center management console. 

■ Endpoint Language: User interface language for endpoint agents. ■ Timezone: Timezone information for the Control Center. All the 

information in Control Center database is saved in UTC+0 by default and 

converted to the timezone you provide in this field.  

○ Proxy: Proxy configuration for Control Center. ○ Email Server: SMTP server settings which will be used for sending critical events 

to Administrators via email. 

○ Advanced ■ Use SSL: Endpoint agents will use HTTP by default. Enabling this option 

forces endpoint agents to use HTTPS for connecting to Control Center. 

IMPORTANT: You should add an SSL certificate to Control Center before 

enabling this option. Please check this section for more information. 

■ Submit error reports automatically: Submits error reports to Zemana automatically when enabled. 

■ Enable Debug Logging for trouble shooting: Reserved for Zemana support personnel's use. 

■ Treat endpoints as outdated after days: Indicates how many days should pass before marking an endpoint as “Outdated”. 

■ Treat endpoints as unreachable after days: Indicates how many days should pass before marking an endpoint as “Unreachable”. 

■ WARNING I wish to change troubleshooting settings: It is recommended to contacting your product manager before changing these settings.  

Troubleshooting Settings is used to resolve unexpected situations 

encountered in Zemana Endpoint Security. It is not recommended to 

change these settings for other purposes. 

21 

 

 

■ Allow update task assignments: Enables or disables notifying endpoints regarding new update versions. 

■ Allow version update downloads for clients: Enables or disables setting up new version packages on the endpoints. 

■ Allow client event requests: Enables or disables notifying the control center regarding all events performed by endpoint agents. 

■ Allow client settings requests: Once this option is switched off, future changes regarding control center will not be sent to endpoint agents. 

Endpoint agents will appear offline since will not receive any notification 

after this process. 

■ Allow sending events to administrator: Enables or disables sending e-mails to system administrator regarding all events performed by 

endpoint agents. Even if Email events to System Administrator option, 

which is located under Event Alert Settings tab, is on e-mails will not be 

sent. 

■ Allow sending events to SysLog and SIEM: Enables or disables sending events to Syslog / SIEM products regarding all events occurred on 

endpoints. Even if Send events to Syslog / SIEM option, which is located 

under Event Alert Settings tab, is on events will not be sent. 

■ Allow Installation Success Requests: Once this option is switched off, agents, which will be setup on an endpoint for the first time, will not notify 

the control center after a successful installation. The agent’s status will 

remain as unmanaged since the control center will not receive any 

notification. 

■ Allow Installation Failed Requests: Once this option is switched off, agents, which will be setup on an endpoint for the first time, will not notify 

the control center after a failed installation. 

■ Allow Uninstallation Success Requests: Once this option is switched off, the notification regarding successful uninstallation of the agent will not be 

sent to the control center. The agent’s status will not change since the 

control center will not receive any notification. 

■ Allow Endpoint Id Changed Requests: Once this option is switched off, the notification regarding Id changes will not be sent to the control center.   

■ Allow Endpoint Command Processor Job: Enables or disables notifications regarding Installation Success Requests, Installation Failed 

Requests, Uninstallation Success Requests and Endpoint Id Changed 

Requests to be processed by the control center. 

■ Allow All API Requests: Enables or disables the communication between the control center and our products, such as all servers and endpoint 

agents that have a connection with the control center.  

22 

 

 

■ Endpoint client event interval (minute): Indicates how many minutes should pass before notifying the control center regarding the events 

performed by an agent on the endpoint. 

■ Endpoint check settings interval (minute): Indicates how many minutes should pass before sending request to the control center regarding 

changed endpoint settings. 

■ Concurrent Setup Package Download Limit: Indicates the simultaneous distribution limit of setup update packages that are sent to all update 

servers and endpoint agents via the control center. 

■ ProductStatusEvent Process Capacity Per Job: Indicates how many notifications regarding endpoint agents will be handled by the control 

center. 

■ Top Priority Event Process Capacity Per Job: Indicates how many notifications regarding event processors defined under Event Processor 

Filters title will be handled by the control center. 

■ Endpoint Command Process Capacity: Indicates how many notifications regarding Installation Success Requests, Installation Failed Requests, 

Uninstallation Success Requests and Endpoint Id Changed Requests will 

be handled by the control center. 

■ Event Processor Filters: Enables or disables notifying the control center regarding event processors defined under Event Processor Filters title: 

Product Update, Assigned Task Completed, Scan Failed, Scan 

Completed, Quarantine Item Change, Malware Detected, Product Status 

○ Backup: Options for automatic backup creation. Current version supports file system shares and FTP upload options. In order to create a manual backup, 

please refer to this section.  

● Active Directory: When enabled, Control Center connects to the provided Active Directory domain and synchronizes the directory structure as well as computers directly into the 

network module. This is performed with a background job which fires once in three hours. 

● License: Provides information about the currently in use license. 

● Event Notifications: Provides configuration for sending events to System Administrator via 

E-mail and SIEM and Syslog. When enabled, Control Center sends the selected events to 

System Administrator’s E-mail and/or provided SIEM server. 

WARNING: In order to receive event notifications with e-mail, E-mail Server should be configured on Control Center settings. 

Failover Servers 

This module allows user to register, unregister and overview Zemana Failover Servers. If Control 

Center has one or more failover servers registered, Endpoint Agents will connect those servers in 

case their connection to Control Center fails. 

23 

 

 

Failover Server Registration  

To register a failover server, navigate to Failover Servers Page, click “Add Failover Server” and 

type failover server address then click “OK”. If targeted failover server is eligible it will be added to 

failover servers list. 

IMPORTANT: Registration requires a server with Zemana Failover Server installed. 

Failover Server Unregistration  

To unregister a failover server, navigate to Failover Servers Page, hover over an existing failover 

server and click “Delete” then click “Yes”. Targeted failover server will be deleted from failover 

servers list. 

Audit Logs 

This module lets you view all of the important activities performed by Control Center users. It is 

viewable by Administrators and System Administrator only. 

User Management 

User Types 

● Local Users: This account type is for customers who do not use Active Directory in their network.  

● Active Directory Users: Active Directory provided users which will be used for managing Control Center. Since, Active Directory user passwords are managed by Active Directory 

itself, Control Center doesn't need any password information for this type. Creating an 

Active Directory user only approves the user as a valid Control Center account. 

Roles 

1. System Administrator: This role can be applied to a single user only and defines the most 

privileged user in Control Center. This user is the sole owner of the system and there are 

no restrictions for this role.  

2. Administrator: This is a less privileged administrator role which is capable of managing 

the Control Center. The only restriction is that this role cannot change the Control Center 

settings. 

 

3. Report Manager:  

a. View only access to Network page, 

b. View only access to Tasks page, 

c. View only access to Quarantine page. 

d. Full access to Reports page. 

4. Maintenance Manager:  

a. View only access to Network page, 

24 

http://controlcenter:55555/Failoverhttp://controlcenter:55555/Failover

 

 

b. Ability to manage endpoints, 

c. View only access to Tasks page, 

d. View only access to Policy page, 

e. Full access to Quarantine page, 

f. Limited access to Reports page (can create instant reports and view scheduled 

reports) 

g. Full access to Deployment page,  

5. Monitoring Engineer 

a. View only access to Network page, 

b. View only access to Reports page. 

In case a user forgets account password, “Forgot your password?” button on Login page                           can be used to retrieve user credentials to their e-mail address. 

   

25 

 

 

   

Policy    

26 

 

 

Policy 

General Settings 

These are general settings which affect the way endpoints work.  

● Details ○ Policy Name: Name of the policy 

● Product Settings ○ Settings 

■ Display alert pop-ups: Displays alerts to a user and asks for user's decision. If unchecked, endpoint agents will automatically choose the best possible action 

without asking the user anything. 

■ Display notification pop-ups: Displays informational pop-ups such as update notifications. 

■ Show product icon in System Tray: Displays Endpoint Agent icon in Windows System Tray. 

○ Update Server Settings: Endpoint Agents require either an active Internet connection or an update mirror address for grabbing product and signature updates from. By default all 

endpoints use Internet for their update source but you can install an Internal Update Mirror 

anytime and instruct the endpoints to use this mirror. Control Center maintains a list of 

active update mirrors and distributes these to the endpoints in an optimized way.  

○ Uninstall/Repair Password: This is the password which will be asked from a user in case a manual repair or uninstall operation is initiated by the user manually. Remote tasks ignore 

this password and do not need any user interaction. 

● Proxy Settings: Endpoint proxy settings for connecting to the Internet. 

Anti-Virus Settings 

Anti-virus related settings for endpoints. 

● On-Access Scannin: Enables or disables real time protection module of Zemana Endpoint Security Agent. This switch acts as a master switch for all of the settings below. 

○ Limit File Size: Sets the maximum size limit for real time malware scanning. Unchecking this option removes the size limit and enables real time scanning of all files. 

○ Scan Archives ■ Archive maximum size limit: Enables or disables scanning or Archive files. ■ Archive maximum depth: Level of recursion in archive content scanning. 

○ Miscellaneous ■ Scan Boot Sectors: Enables/disables scanning of boot records such as MBR and 

VBRs. 

27 

 

 

■ Scan Network Traffic: Scans the network traffic against malicious files and blocks the content before it is delivered to the requesting application. 

■ Scan Potentially Unwanted Applications (PUA): Enabling this option activates scanning of not harmful but potentially unwanted applications such as sticky 

toolbars in browsers.  

● On-Demand: Enables or disables scan settings for removable devices such as USB drives, CD ROMs etc. as well as providing support for scheduled scans. 

■ Scan Tasks: Scheduled scans with Quick and Full scan options. Scan tasks registered here start at the provided time at endpoint's local time zone. 

■ Device Scan Settings ● Scan CD/DVD ROM: Enable/disable scanning of CD/DVD ROM devices. ● Scan Network Devices: Enable/disable scanning of network devices such 

as network file shares. 

● Scan Removable Devices: Enable/disable scanning of removable drives such as USB sticks. 

● Heuristics: Configures the level of Zemana Heuristic Threat Control. Currently 4 levels are supported: Paranoid, Aggressive, Default, Permissive. Setting this option to a level above 

Default will increase the heuristics based protection against unknown files but may lead to 

false positives. 

● Exclusions: Excludes the specified Directory, File or Extensions from all AntiMalware modules including On-Access, On-Demand, Heuristic. 

● Quarantine Settings: Configures the amount of days a quarantined file is kept on an endpoint. 

Content Control Settings 

Configures content based protection options such as URL filtering and keyword filtering. 

● Settings ○ General 

■ Enable Anti-Phishing and Anti-Fraud Protection: Enables/disables scanning of web content against possible phishing attempts. 

■ Scan SSL Traffic: Enables/disables scanning of SSL protected pages. ○ Web Access Control: Functions as a master switch for enabling/disabling web access 

control related settings. 

■ Blocked Web Addresses: Blocks the access to provided web addresses on endpoints. Access blocking is not specific to browsers and covers all type of 

applications trying to access the blocked web site. 

■ Blocked Keywords: Blocks the web content which contains the provided keywords. 

■ Blocked Processes: Blocks the specified processes by name. ● Exclusions: Excludes specified URL, IP Address or Process Names from content control 

access restrictions. 

28 

 

 

Device Control Settings 

Settings for enabling/disabling, allowing/blocking and adding exclusions for Device Control Module. 

● Settings 

○ Device Control 

■ Enable Device Control: Functions as a master switch for enabling/disabling device control related settings. 

○ Bluetooth Devices: Allows/blocks Bluetooth devices. 

○ CD ROM Drives: Allows/blocks CD ROM drives. 

○ Disk Drives: Allows/blocks disk drives. 

○ Imaging Devices: Allows/blocks still-image capture devices, digital cameras, and scanners. 

○ Modems: Allows/blocks modems. 

○ USB: Allows/blocks USB devices. 

○ Lpt/Com Ports: Allows/blocks Lpt/Com ports. 

○ Printers: Allows/blocks printers. 

○ Internal Storage: Allows/blocks internal hard drives or gives read-only access. 

○ External Storage: Allows/blocks external hard drives or gives read-only access. 

● Exclusions 

○ Device Control Exclusions: Excludes specific devices from device control restrictions. Exclusions can be added in two ways:  

■ From Device Control Exclusions click on the “plus” button, type device ID and product ID, then pick an action for the device. 

■ From Network tab click on computer name, then click on “events” from the popped up window. From “details” click on “add to exclusion”. Then choose an action for the device. 

ID Theft Protection Settings 

Settings for enabling/disabling ID Theft Protection Module. 

● Settings ○ Enable ID Theft Protection: Enables/disables KeyCrypt Techology that encrypts keyboard actions

against keyloggers.

 

29 

 

 

   

Frequently Asked Questions 

   

30 

 

 

Frequently Asked Questions 

How do I create a backup of Zemana Control Center? 

In order to create a manual backup of Zemana Control Center, please follow the steps below: 

1. Open "Explorer" in the Zemana Control Center server machine, 

2. Navigate to "C:\Program Files\Zemana Control Center\utils" folder, 

3. Run "Backup Zemana Control Center" as Administrator, 

4. Choose a folder for saving the backup file, 

5. Click OK. 

This will create a snapshot of all the database and settings of Zemana Control Center and save them as a 

ZIP file to the selected folder. 

How do I restore Zemana Control Center? 

In order to restore Zemana Control Center from a backup, please follow the steps below: 

1. Open "Explorer" in the Zemana Control Center server machine, 

2. Navigate to "C:\Program Files\Zemana Control Center\utils" folder, 

3. Run "Restore Zemana Control Center" as Administrator, 

4. Choose a previously created backup file, 

5. Click OK. 

How do I create a support tool output? 

Before contacting the support, please follow the steps below and create a support tool output which will be 

saved to your desktop: 

1. Open Explorer in your computer, 

2. Navigate to "C:\Windows\zestools" folder, 

3. Run "SupportTool.exe" and follow the on-screen prompts. 

 

 

 

31 

 

 

How do I enable SSL on Zemana Control Center? 

Control Center uses HTTP as its default communication protocol but you can change this behaviour any 

time by adding an SSL certificate to the Control Center. 

Here are the steps you should follow for activating SSL on Control Center and Endpoint Agents: 

1. Enabling SSL in IIS Manager i. Click "Start Menu", 

ii. Type "IIS" and click "Internet Information Services (IIS) Manager", 

iii. Expand the directory view at the left side of IIS Manager, 

iv. Right click to "Sites > ZemanaControlCenter" 

v. On the "Site Bindings" dialog, select second entry "HTTPS" and click "Edit", 

vi. On the "Edit Site Bindings" dialog choose an SSL Certificate, 

vii. Click OK to save changes. 

2. Enabling SSL in Control Center i. Once SSL is enabled in IIS Manager, navigate to Settings > Advanced Settings, 

ii. Enable "Use SSL" feature, 

iii. Click "Save" to apply settings. 

How do I migrate Zemana Control Center to a new server? 

Migrating an already running instance of Control Center requires two steps: 

1. Migrating Control Center to a new server i. Create a backup of Zemana Control Center by following the steps described in 

FAQ, 

ii. Install Zemana Control Center to a new server, 

iii. Navigate to "C:\Program Files\Zemana Control Center\utils" folder on the new 

server, 

iv. Run "Restore Zemana Control Center" as Administrator, 

v. Choose the backup file you have created in the step 1, 

vi. Click OK. 

2. Forwarding Endpoint Agents to New Control Center i. Once migration is done, you will have an exact copy of old Control Center in your 

new server, 

ii. Make sure old instance can access the new Control Center. If not, configure 

Firewall settings to allow access from old instance's to new instance's address, 

iii. Disable Active Directory Synchronization on the old instance, 

iv. Navigate to Settings page on old instance,  

v. Set "Control Center Address" to new instance's IP or Domain name, 

vi. Save settings.  

32 

 

 

IMPORTANT NOTE: Disabling Active Directory synchronization is required to detect endpoints which are 

still using the old instance. Endpoints will report to the old instance that they started using the new server 

which will delete them from the endpoints list on the old instance. This way, you can see endpoints waiting 

for migration and once all the endpoints are migrated, you can shutdown the old Control Center instance. 

 

What ports are used by Endpoint Agents and Control Center? 

- TCP 55555: Default HTTP port for agent to control center connections. 

- TCP 55556: HTTPS port. Only usable if “Enable SSL” setting is ON. 

- TCP 7074: Signature and product update port. 

- 135, 139, 445 : Remote deployment 

- 80 : License check (HTTP) 

- 443 : License check (HTTPS) 

- 389, 636, 3268, 3269 : (LDAP) Active Directory authentication 

 

External URLs used by Endpoint Agents and Control Center? 

- http://oem.zemana.com/ControlCenterLicenseAPI.ashx 

- https://www.zemana.com/en-US/WhatsNew?ProductId=12 

- http://mscloud.zemana.com/api/endpoints/settings 

- http://zescloud.zemana.com 

- http://dl13.zemana.com 

 

How do I uninstall Endpoint Agents? 

Setup packages are basically windows installation files and they can be uninstalled just like any other 

application. The important thing to note about the uninstallation is that each setup package may install a 

few other additional packages. Deciding which package to uninstall plays an important role for the 

complete uninstall. In order to completely uninstall an endpoint agent, please follow the steps below: 

1. Click Start button and type “Programs and Features”, 

2. Find “Zemana Endpoint Security Agent” entry in the list, 

3. Right click on the entry and select “Uninstall” option, 

4. Enter the uninstall password if requested so, 

5. Follow the on-screen instructions. 

 

33 

http://oem.zemana.com/ControlCenterLicenseAPI.ashxhttps://www.zemana.com/en-US/WhatsNew?ProductId=12http://mscloud.zemana.com/api/endpoints/settingshttp://zescloud.zemana.com/http://dl13.zemana.com/

 

 

How do I uninstall a group of Endpoint Agents? 

Please follow the steps below for uninstalling a group of computers: 

1. Go to Network page, 

2. Right click on the group you would like to uninstall, 

3. Choose “Tasks > Uninstall Agent” from the context menu, 

4. Assign a descriptive name to the uninstallation task, 

5. Click ‘OK’. 

 

How do I send feedback about the product? 

In order to send a feedback about the product, please scroll down in any page and click “Send Feedback” 

link at the footer.  

 

34