katycomputersystems 1 Posted August 25, 2018 Share Posted August 25, 2018 When upgrading endpoints from v6 to v7, set a reboot, that is a horrible experience for the client. Has anyone found a way to push out the upgrade command in such a way that on Day 1 the installers are downloaded, then on Day 2 the system is updated and restarted if necessary as part of the install process? Perhaps we could avoid the Day 2 restart if as part of the logoff sequence, the workstation was programmed to disable all eset services so that the upgrade wouldn't require a reboot. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted August 25, 2018 Administrators Share Posted August 25, 2018 Upgrade to a newer version will always require a reboot at least when drivers have been updated. Otherwise old drivers would remain loaded with the new kernel and dlls which might result in unforeseeable behavior and possible issues. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 26, 2018 Author Share Posted August 26, 2018 @Marcos, thanks for the reply, but I disagree. Why can't eset 6 be uninstalled on logoff, shutdown the computer, then install eset 7 on login? If you want to see unforeseeable behavior, restart an end-users computer when they are in the midst of editing 20 office documents. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted August 26, 2018 Administrators Share Posted August 26, 2018 I'm not 100% sure but I reckon that the system is not rebooted automatically after upgrade. The protection status should change and a link to reboot the machine should appear in gui. That said, it is up to the user when he or she reboots the machine after an upgrade. Or does it behave differently? Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 26, 2018 Author Share Posted August 26, 2018 When we use the security management center to push out an update, we are prompted to force a reboot. If we don't force the reboot, my understanding is that the systems are unprotected until they reboot. What I am suggesting is a third option - uninstall at shutdown, I'm not a programmer, but it seems to me that we could take advantage of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown to uninstall eset6 on shutdown. Then install eset7 upon logon. There may (and likely are) more robust mechanisms to insure an un-install occurs at shutdown -- but I'll leave that to the programmers, what I desire is an optimal experience for my end-users. The reason I bring up downloading installers on day 1 is to allow the installation of eset7 to proceed quickly. The eset repository can be slow, for example, yesterday agent_x64.msi required 6 minutes to download to a computer on a 100M fiber connection. This wouldn't be a problem if it was downloaded to a staging directory prior to the install. Link to comment Share on other sites More sharing options...
HSW 9 Posted August 27, 2018 Share Posted August 27, 2018 (edited) That has nothing to do with ESET. You can create a Uninstall V6 GPO (Group Policy) on Shutdown. And a new Install V7 on Start. (Download manualy and install over a own share) Or you make a script like me which load on start check for a new Version und prompt a user ask for Upgrade AND reboot. Edited August 27, 2018 by HSW Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 27, 2018 Author Share Posted August 27, 2018 ESMCAgentInstaller.bat allows the endpoint to install the management agent, what is the equivalent command to allow the endpoint to install Endpoint Security? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted August 27, 2018 Administrators Share Posted August 27, 2018 10 minutes ago, katycomputersystems said: ESMCAgentInstaller.bat allows the endpoint to install the management agent, what is the equivalent command to allow the endpoint to install Endpoint Security? Once you have agent installed, send a software install taks with the appropriate Endpoint product selected. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 27, 2018 Author Share Posted August 27, 2018 Wouldn't that require that we pay constant attention to ESMC? Or is there a trigger option I missed that says if computer is in group 1 and has no endpoint protection, install endpoint protection? Link to comment Share on other sites More sharing options...
Pan Bambaryla 3 Posted August 27, 2018 Share Posted August 27, 2018 @katycomputersystems - I agree. It should be more intelligent and programmable than sitting with ESMC console and looking for stations without agent, re-apply ESMC components update, fail and all over again. The same with product installation. I have 70 workstations and I am unable to upgrade them with one klick and wait for results. There is another problem - machine restart which is required to install ESET products. Some of my users use computers all the time without reboot what makes impossible to upgrade ESET so there should be an option to remind them or even make them to reboot after some time (not shutdown-start combination). I've had a lot of work with this upgrade - anyway it's coming to the end what makes me satisfied. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 27, 2018 Author Share Posted August 27, 2018 To make certain the agent is installed, we have included a call to ESMCAgentInstaller. I have inserted these lines on top of the standard batch file: set _prd=ESET Management Agent wmic product get name,version /format:csv | findstr /c:"%_prd%"&&(goto :eof)||(echo %_prd% no instance) They check to see if the agent is installed, if so, it exits. If we had something similar for Endpoint Security, we could easily add it to our login script, making end of day uninstall feasible. OR a trigger action that says if member of group 1 AND a windows workstation AND no endpoint security, then install endpoint security. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted August 27, 2018 Administrators Share Posted August 27, 2018 You can create a dynamic group with no or older Endpoint security product and bind a software install task on it with the trigger set to "Joined Dynamic Group trigger". When a computer joins this dynamic group, Endpoint will be installed and the computer will leave the dynamic group. Link to comment Share on other sites More sharing options...
katycomputersystems 1 Posted August 27, 2018 Author Share Posted August 27, 2018 @marcos that is beautiful - I'm feeling the eset love! Link to comment Share on other sites More sharing options...
Recommended Posts