Jump to content

Archived

This topic is now archived and is closed to further replies.

katycomputersystems

Upgrade 6 to 7 No Reboot

Recommended Posts

When upgrading endpoints from v6 to v7, set a reboot, that is a horrible experience for the client.

Has anyone found a way to push out the upgrade command in such a way that on Day 1 the installers are downloaded, then on Day 2 the system is updated and restarted if necessary as part of the install process?

Perhaps we could avoid the Day 2 restart if as part of the logoff sequence, the workstation was programmed to disable all eset services so that the upgrade wouldn't require a reboot.

Share this post


Link to post
Share on other sites

Upgrade to a newer version will always require a reboot at least when drivers have been updated. Otherwise old drivers would remain loaded with the new kernel and dlls which might result in unforeseeable behavior and possible issues.

Share this post


Link to post
Share on other sites

@Marcos, thanks for the reply, but I disagree. Why can't eset 6 be uninstalled on logoff, shutdown the computer, then install eset 7 on login?

If you want to see unforeseeable behavior,  restart an end-users computer when they are in the midst of editing 20 office documents.

 

Share this post


Link to post
Share on other sites

I'm not 100% sure but I reckon that the system is not rebooted automatically after upgrade. The protection status should change and a link to reboot the machine should appear in gui. That said, it is up to the user when he or she reboots the machine after an upgrade. Or does it behave differently?

Share this post


Link to post
Share on other sites

When we use the security management center to push out an update, we are prompted to force a reboot. If we don't force the reboot, my understanding is that the systems are unprotected until they reboot.

What I am suggesting is a third option - uninstall at shutdown, I'm not a programmer, but it seems to me that we could take advantage of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown to uninstall eset6 on shutdown. Then install eset7 upon logon.

There may (and likely are) more robust mechanisms to insure an un-install occurs at shutdown -- but I'll leave that to the programmers, what I desire is an optimal experience for my end-users.

The reason I bring up downloading installers on day 1 is to allow the installation of eset7 to proceed quickly.  The eset repository can be slow, for example, yesterday agent_x64.msi required 6 minutes to download to a computer on a 100M fiber connection. This wouldn't be a problem if it was downloaded to a staging directory prior to the install.

Share this post


Link to post
Share on other sites

That has nothing to do with ESET. You can create a Uninstall V6 GPO (Group Policy) on Shutdown. And a new Install V7 on Start. (Download manualy and install over a own share)

Or you make a script like me which load on start check for a new Version und prompt a user ask for Upgrade AND reboot.

Share this post


Link to post
Share on other sites

ESMCAgentInstaller.bat allows the endpoint to install the management agent, what is the equivalent command to allow the endpoint to install Endpoint Security?

Share this post


Link to post
Share on other sites
10 minutes ago, katycomputersystems said:

ESMCAgentInstaller.bat allows the endpoint to install the management agent, what is the equivalent command to allow the endpoint to install Endpoint Security?

Once you have agent installed, send a software install taks with the appropriate Endpoint product selected. 

Share this post


Link to post
Share on other sites

Wouldn't that require that we pay constant attention to ESMC

Or is there a trigger option I missed that says if computer is in group 1 and has no endpoint protection, install endpoint protection?

Share this post


Link to post
Share on other sites

@katycomputersystems - I agree.

It should be more intelligent and programmable than sitting with ESMC console and looking for stations without agent, re-apply ESMC components update, fail and all over again. The same with product installation. I have 70 workstations and I am unable to upgrade them with one klick and wait for results.

There is another problem - machine restart which is required to install ESET products. Some of my users use computers all the time without reboot what makes impossible to upgrade ESET so there should be an option to remind them or even make them to reboot after some time (not shutdown-start combination).

I've had a lot of work with this upgrade - anyway it's coming to the end what makes me satisfied.

 

Share this post


Link to post
Share on other sites

To make certain the agent is installed, we have included a call to ESMCAgentInstaller. I have inserted these lines on top of the standard batch file:
set _prd=ESET Management Agent
wmic product get name,version /format:csv | findstr /c:"%_prd%"&&(goto :eof)||(echo %_prd% no instance)
 

They check to see if the agent is installed, if so, it exits.

If we had something similar for Endpoint Security, we could easily add it to our login script, making end of day uninstall feasible.

OR a trigger action that says if member of group 1 AND a windows workstation AND no endpoint security, then install endpoint security.

Share this post


Link to post
Share on other sites

You can create a dynamic group with no or older Endpoint security product and bind a software install task on it with the trigger set to "Joined Dynamic Group trigger". When a computer joins this dynamic group, Endpoint will be installed and the computer will leave the dynamic group.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...