Jump to content
TheMartin

Automate updates

Recommended Posts

I am finding doing updates to be a major pain.  I'd love if I could automate it to just push a new agent and AV product any time a new version is available.  Or bare minimum have a task I can just run that updates both.  Currently I click on each computer, then in the bottom right where it says "outdated version" I click there, then click "update ESET products".  I do this for every computer.  I know there are ways to create tasks, but in the past I've had to manual make the task every time there is a new version.  Can I automate this "button push" for all systems in a group?  Seems simple, but I can't find the appropriate task.

I'm sure this is simple stuff, but I work at a small company and only fiddle with this interface once a year or so, and find it incredibly obtuse.  Searching help provides loads of irrelevant articles.  The old remote administrator was so much easier to use.

 

Thanks for the help.

Share this post


Link to post
Share on other sites

There is a task called Update Modules, though I am finding that it does not consistently work. 

I am creating a new task to see if it will update our computers from earlier versions of Endpoint AV to the latest version (7.2.2055.0).  (I never get to select the version, so I'm hoping it will find the latest version in the repository.)  I'm guessing a bit on creating this task, but it seems like it should work.  Having said that, my previous attempt several months ago was hit or miss. 

My navigation in ESMC Web Console 7.1.393.0 is: 

Tasks > ESET Security Product > Modules Update 

Click NEW... button + Client Task 

Name: Update Modules 

Description: Update Modules 

Task Category: ESET Security Product 

Task: Modules Update 

Click CONTINUE button 

Check the Clear update cache checkbox 

Click the CONTINUE button 

Verify your information (what little there is.) 

Click the FINISH button. 

Create a trigger 
Name: Update Modules ASAP 
Select Group: Computers with outdated modules 
Click OK button 
Click CONTINUE button 
Trigger type: As Soon As Possible 
Click FINISH button. 

I'll let you know if it works.  (That is if I'm completely pissed off that we renewed our license.) 

Share this post


Link to post
Share on other sites

I found this additional Help documentation, which basically says the same thing that I did, https://help.eset.com/esmc_admin/71/en-US/client_tasks_virus_db_update.html

End result: still pissed off! 

Only a small number (12 of 800) computers were in Computers with outdated modules,  Most of the 800 computers/servers are on 7.0 and several on are earlier versions.  And of those in Computers with outdated modules, the job finished on 7 of the 12.  And none of those that it completed on received the latest agent or Endpoint AV or File Security software.  They are on 7.0 still. 

Edited by Morris B

Share this post


Link to post
Share on other sites

Just for clarification, the "Module update" task forces an update of modules (engine, archive module, advanced heuristics, etc.) to the latest version available on update servers. The "ESMC component upgrade taks" upgrade ESMC components, ie. the ESMC server and ESMC agent on clients from ESET's repository by default. In order to upgrade the security product on clients (Endpoint security or server security products), it's necessary to use the Software install task. Some time soon Endpoint should upgrade to newer version fully automatically, depending on the product update settings, while leveraging so-called micro PCU updates.

Share this post


Link to post
Share on other sites

Thanks!  Is the automatic update product option coming sooner rather than later?  I was told by support maybe a year ago that it would be coming with ESMC 7.0.  

Share this post


Link to post
Share on other sites

So the answer is, no there is no easy way to automate this?  That's disappointing.  Do large companies just have someone constantly managing outdated machines, or do they just let them run with old versions?

Share this post


Link to post
Share on other sites

This is a good point for discussion. In general, the long term goal is to move towards fully automated architecture, with opt-out option to be able to keep software running on specific version. That´s what we are working on. 

In general, keeping ESET software on the latest version do consist from two tasks, that should be executed: 

  1. Security Management Center Components Upgrade that upgrades components of the management server network (server, console, agents) 
  2. Software install task, that brings in the new version of the installed security product (like Endpoint Security). 

The first one, as it touches various components is not recommended to be automated as a whole. Once the server is updated, you can automate update of agents by utilizing dynamic group templates, where you utilize condition of "installed software name" and "installed software version", where you utilize condition "not in". You however need to do this separately for Linux, Mac and Windows machines, as each and every one of them has a different build number (also possibly different release cycle). 

Please note that we are planning to remove the need of manual agent upgrade for future versions.  In ESET Cloud Administrator, you can update agents using one click action from the dashboard (status overview tab, and installed applications tab) 

Second one, is related to the upgrade of the security software. Security software upgrade requires reboot of the machine, meaning it´s not recommended to be randomly executed, rather being scheduled for specific time (off work hours, maintenance hours for servers).  You can automate it as well, using dynamic group templates https://help.eset.com/esmc_admin/71/en-US/?dg_example_3.html. Alternatively you can utilize simple actions from the dashboard (status overview & installed software tabs), where when you click on the outdated chart component it will show you list of all possible apps / versions to be updated. You can choose the one, where you want to execute the task momentarily. 

We would eventually release (hopefully in next few months) the option to utilize micro PCU (automatic Endpoint updates) for Endpoint version 7.2. This would / should also streamline the upgrade procedures and will be announced in advance. 

Hope that this helps.

Michal 

Share this post


Link to post
Share on other sites

Thanks Michal, I guess what would be nice at this point is a simple tutorial how to keep the agent and security product up to date on a group of systems.  So I have a server group I deal with manually, but for workstations I just tick the "do not reboot if required" box and let the user reboot when they see the message.  I'd just like to automate for all of them.  I have found the "outdated applications" panel so I've been using that for the week, which I guess is the simplest method at this point. 

Looking forward to micro PCU and auto agent updates in the future.

Share this post


Link to post
Share on other sites

@TheMartin Thanks for the feedback / suggestion. I will contact our documentation team, and ask them to prepare the tutorial (video / documentation) with the topic "how to update my ESET environment on the latest version in the simplest way". I agree, it would be a helpful content, which should be more actively promoted in documentation and KB. 

Share this post


Link to post
Share on other sites
8 minutes ago, TheMartin said:

Thanks Michal, I guess what would be nice at this point is a simple tutorial how to keep the agent and security product up to date on a group of systems.  So I have a server group I deal with manually, but for workstations I just tick the "do not reboot if required" box and let the user reboot when they see the message.  I'd just like to automate for all of them.  I have found the "outdated applications" panel so I've been using that for the week, which I guess is the simplest method at this point. 

Looking forward to micro PCU and auto agent updates in the future.

I have realized that , even shutdown doesn't replace the restart , I mean if I do shutdown the PC that got the update and started it again , it will not show that it's up-to-date it's still waiting for the restart , can't ESET installer do the job when it's going to shutdown and while it starts again?

Or it's always necessary to make the restart?

Share this post


Link to post
Share on other sites
3 minutes ago, Rami said:

Or it's always necessary to make the restart?

A full shutdown can be used instead of a reboot. However, you'd need to have fast startup disabled in Windows, otherwise it won't shutdown completely.

Share this post


Link to post
Share on other sites
On 11/28/2019 at 6:56 PM, Marcos said:

A full shutdown can be used instead of a reboot. However, you'd need to have fast startup disabled in Windows, otherwise it won't shutdown completely.

I understand , thank you.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...