GNBC wrote

The task doesn't show up in TM as EAP, but as a Java task. >> please make this clearer in the next version.

Since EAP is a Java application, it always will show up as a Java task. Usually you should not need to interact with task manager to start an application, so probably there are some weird settings on your Windows system causing this error message. -> Windows problem, not EAC-related.

Then when it starts a browser, the browser instantly complains about the Bad Certificate and this does of course make me nervous to override the security messages. >> In the documentation and in the start-up dialogue, it would help to WARN users that they will have to override the security settings.

Browsers don't recognize self-signed certificates unless you permanently accept this cert. Just save the certificate in your browsers certificate control list and the security message should disappear. -> Normal browser behavior on self-signed certs.

If you care, you could create your own certificate and install it into the EAC (you already saw the post). Of course, TP-Link could add a function in EAC to simplify installing own certificates, maybe they will do so in a future version.

In a response to a forum question, Zaizai suggested turning off firewalls and anti-virus, but this too should be noted in the documentation and start-up dialogue, if this is indeed necessary.

AFAIK almost any software recommends to turn of firewall/anti-virus during installation on Windows. Disallowing even basic administrative tasks such as software installation is Microsoft's way of trying to make Windows more "secure". -> Usual Windows weirdness, no EAC problem.

For how long should they be turned off? Is there a way to tell the anti-virus and firewall to accept the EAP Controller?

If you experience problems with EAPs not being able to connect to the EAC, open UDP port 29810 and TCP ports 29811 to 29813. If they are already open in the personal firewall, you can safely turn the firewall on again after installation of the EAC software, since browser access to the EAC should be possible even with an active firewall. -> But this is usual Windows weirdness, no EAC problem.

Now I find that it is running, but has changed the displayed IP address to 127.0.0.0 instead of the static IP that I set for it (10.0.0.x), and again this should be warned in the documentation!

If you access your server using the official IP, it ill show up the 10.0.0.x IP. If you access your server using the localhost IP, it will show up the 127.0.0.1 localhost IP. No need for a warning, since this is expected behavior and it has nothing to do with EAC, except that it fires up a browser with localhost IP if started on the same host the EAC is running on. This is so, b/c you are the one who has to decide which server to connect to and therefore you need to tell the browser to which server it has to connect in order to reach the EAC you want to reach.

These may be small things, but it makes me feel nervous that the EAP Controller is not yet a reliable way to control these APs.

Those "alarm bells", as you call it, are caused by Windows/your browser, b/c the guys at MS think they would know better than the user how their systems have to be used.:) It has nothing to do with the EAC, which not only must run on isolated PCs, but also on public servers or even in a cloud. And on the latter, no such rings & bells appear if you set up the software properly and add the self-signed certificate to your browser's cert control list, which is part of such a setup.

My question: using Edge on my laptop, and 8.1 on that server, what settings should I be putting into the firewalls, antivirus etc so that the EAP Controller doesn't keep triggering alarm bells like this?

See above, you should be able to access the EAP using a browser with firewall turned on if you really need this firewall thing on your system (usually a firewall belongs to the network's router, not to a system inside the network to be protected).