Jump to content

How to Upgrade Agent and/or Endpoint AV Versions?


slarkins
 Share

Recommended Posts

Just upgraded ESMC to 7.2 I have a mix of various Windows 7.x endpoint installs and all endpoints have 7.0 agents installed. Do i need to have 2 separate tasks to update the agent and endpoint versions? Should i do one then the other?

 

The biggest question is how to set up the upgrade tasks properly. I have dabbled in using tasks but they never seem to work correctly. Is the a KB article or can someone tell me how to set up upgrade tasks correctly? I would only want to do a few pcs at a time...

Link to comment
Share on other sites

I have got a similar problem.

I upgraded ESMC to 7.2, created a task to do an update ("upgrade of Security Management Center Components"), and let it run for all clients. The report tells me that all went good, but I still have all sorts of versions and some clients tell the users that they are outdated.

I don't understand why it is so difficult to keep the clients up-to-date.  This should be an easy, as-automatic-as-possible process. This micromanagement takes hours to find out what went wrong this time.

Last hour I installed a Windows 10 Pro PC with ESET and the client tells me that it is an outdated version even after I remotely updated it. When I try to update the client locally it tells me that it is up-to-date.

Another thing is the much too inconspicuous warning that the PC should be restarted after the update. None of my colleagues notice the small mark in the icon. Can't you bring a repeating big message?

The recognition quality is excellent, but the operation leaves much to be desired.

Regards
Thomas

 

Link to comment
Share on other sites

9 hours ago, Thomas F. said:

I have got a similar problem.

I upgraded ESMC to 7.2, created a task to do an update ("upgrade of Security Management Center Components"), and let it run for all clients. The report tells me that all went good, but I still have all sorts of versions and some clients tell the users that they are outdated.

I don't understand why it is so difficult to keep the clients up-to-date.  This should be an easy, as-automatic-as-possible process. This micromanagement takes hours to find out what went wrong this time.

Last hour I installed a Windows 10 Pro PC with ESET and the client tells me that it is an outdated version even after I remotely updated it. When I try to update the client locally it tells me that it is up-to-date.

Another thing is the much too inconspicuous warning that the PC should be restarted after the update. None of my colleagues notice the small mark in the icon. Can't you bring a repeating big message?

The recognition quality is excellent, but the operation leaves much to be desired.

Regards
Thomas

 

Totally agreed on all these points! I have clients that need to be rebooted for over a week sometimes after an update...

I'm struggling to figure out why so many of my clients are getting messages about the agent being out-of-date. On my end, it says it's up-to-date. I waited on hold for support for 34 minutes before giving up today.

Link to comment
Share on other sites

  • Administrators

We've started displaying a notification about outdated Endpoint or agent recently. There are several reasons for this; either a problem with SHA-1 code signing being discontinued across the IT industry and the move to SHA-2 for increased security or substantial changes in Windows 10 that are planned with the 21H1 Update by the beginning of 2021 when older products than Endpoint 7.3+ and agent 7.2+ will stop to work.

Unfortunately the notification about outdated product updates delivered through a module may require a computer restart to go away. We will try to improve the user experience in future versions in case we would need to use such notification again at some point in the distant future.

As for automatic agent and Endpoint updates, this will be possible as of ESMC 7.4 and Endpoint v8 which are planned for Q4/2020. An administrator will need just to approve EULA due to legal reasons and Endpoint will update automatically to a newer version after the next computer restart. As of the upcoming version of ESMC, it will be possible to update agent easily from the dashboard.

Link to comment
Share on other sites

Hi Marcos,

Will ESET Endpoint Anti-Virus version 8 be out any time soon? 

We are about to update 1000+ 7.2 clients to 7.3 to support the latest changes and stop our users calling us every minute about the warning but if V8 is around the corner should we hold off spending days rolling out 7.3 updates only to do it all again for V8?

Cheers

Link to comment
Share on other sites

  • Administrators

V8 is planned for Q4/2020 so it may take 1-2 months until it's released. Also I assume that you will not install it immediately on all machines; even though our beta versions run flawlessly and users typically report just some cosmetic issues if any at all, it's a good practice to not upgrade to a newer version immediately on all machines right after the release.

Link to comment
Share on other sites

1 hour ago, slarkins said:

Can we get back to my original question that started this post? How do i set up tasks properly to update agent and/or endpoint version?

Slarkins,

I'll help you if you don't get a response from ESET support. 

Here's their quick guide for upgrading the product version: https://support.eset.com/en/kb7522-update-your-endpoints-remotely-using-the-eset-security-management-center

Here's their quick guide for upgrading the agent: https://support.eset.com/en/kb7465-upgrade-eset-remote-administrator-agents-65-or-eset-management-agents-70-to-the-latest-eset-management-agents-71-using-the-components-upgrade-task

I know from personal experience how painful and difficult this is. Please post here and we'll all learn together.

Link to comment
Share on other sites

  • Administrators

As for updating the agent on clients, you can find the appropriate screen shots with steps here: https://forum.eset.com/topic/25678-eset-management-agent-out-of-date-7x-to-72-updates

In order to update Endpoint, the easiest way is to click "Outdated version" in the dashboard and select "Update installed ESET products". As of the next version of ESMC, it will be possible to update also agent this way:

image.png

Link to comment
Share on other sites

If i choose the route of click the icon and do update installed eset products....will the next screen allow me to pick the endpoints i want to update?..so with 7.2 i can only update endpoints this method?

 

Edited by slarkins
Link to comment
Share on other sites

  • Administrators

On the next screen just put a check on the line pertaining to Endpoint. The clients in the list don't have the most current version of Endpoint installed.

 

image.png

Link to comment
Share on other sites

3 hours ago, speakerbox said:

Hi Marcos,

Will ESET Endpoint Anti-Virus version 8 be out any time soon? 

We are about to update 1000+ 7.2 clients to 7.3 to support the latest changes and stop our users calling us every minute about the warning but if V8 is around the corner should we hold off spending days rolling out 7.3 updates only to do it all again for V8?

Cheers

On a similar note, can I ask why there isn't a way to hide this message on the client via policy? There is an option to disable every other alert message on the client but this one.  In my environment, the end-users need to not worry about the agent/product being out of date as that is handled by IT.  We are actively working on it and don't need users calling and telling us.  

Link to comment
Share on other sites

  • Administrators
1 hour ago, kingoftheworld said:

On a similar note, can I ask why there isn't a way to hide this message on the client via policy? There is an option to disable every other alert message on the client but this one.  In my environment, the end-users need to not worry about the agent/product being out of date as that is handled by IT.  We are actively working on it and don't need users calling and telling us.  

It is an in-product message that could be configurable via the advanced setup but it's delivered via a module update, ie. the product is unaware of the message after installation. And upgrading to the latest version is quite urgent so admins should not hesitate with upgrade for long.

Tomorrow we will be releasing a module that will remove the notification about outdated agent after upgrading it.  It will be removed with the next update attempt.

Link to comment
Share on other sites

  • Administrators
2 hours ago, slarkins said:

ok..your screenshot shows a group of 2..i assume if i click that i can pick and choose which clients i want to update?

Yes, it should work that way. Is there any reason why you don't want to update all clients?

Link to comment
Share on other sites

please stop hijacking my thread...your question (not related to my post) gets answered...not my followup question

 

ok..your screenshot shows a group of 2..i assume if i click that i can pick and choose which clients i want to update?

Link to comment
Share on other sites

1 minute ago, Marcos said:

Yes, it should work that way. Is there any reason why you don't want to update all clients?

I want to do a few test endpoints first....

 

seems like my agent upgrade task worked ...i did my laptop only...agent must not need a restart when upgraded like the actual endpoint

Link to comment
Share on other sites

  • Administrators
1 minute ago, slarkins said:

seems like my agent upgrade task worked ...i did my laptop only...agent must not need a restart when upgraded like the actual endpoint

Tomorrow we will be releasing a module that will remove the notification about outdated agent after upgrading it.  It will be removed with the next update attempt. The module is already on the pre-release update channel for testing.

Link to comment
Share on other sites

SO my initial task to update agent on my laptop with an asap trigger worked......i dont see a way to use the task and modify endpoints and triggers...am i overlooking or do i need to create a duplicate task?

Edited by slarkins
Link to comment
Share on other sites

  • ESET Staff

Hello @slarkins, yes, for mac ESMC Agent, you need to use "component upgrade task" and for the Endpoint client, you need to use "software install task".  Please note that in order to use agent on V7 and never, you first need to upgrade your server to the V7 as well. 

Link to comment
Share on other sites

On 10/6/2020 at 10:14 AM, Marcos said:

It is an in-product message that could be configurable via the advanced setup but it's delivered via a module update, ie. the product is unaware of the message after installation. And upgrading to the latest version is quite urgent so admins should not hesitate with upgrade for long.

Tomorrow we will be releasing a module that will remove the notification about outdated agent after upgrading it.  It will be removed with the next update attempt.

That's not the point.  This was not well executed by ESET.  This message should have been displayed to the admins in the console and not on all endpoints without the ability to control it. 

Link to comment
Share on other sites

  • Administrators
7 hours ago, kingoftheworld said:

This message should have been displayed to the admins in the console and not on all endpoints without the ability to control it. 

That would be ideal if it was possible we would have definitely gone that route. However, we had to deliver a message to users of old versions where a functionality to report a message only to the ESMC was not supported. The only way how to notify administrators in the ESMC console was to change the protection status and report the message on clients. Note that the message does not cause any pop-up notifications and does not draw users' attention until they open the main gui which is something that common users in companies should not do on a regular basis. If we didn't notify users at all, ESET would suddenly stop updating or working and administrators would not realize that before it happened.  That would leave them unprotected and expose them at risk.

Link to comment
Share on other sites

9 hours ago, Marcos said:

Note that the message does not cause any pop-up notifications and does not draw users' attention until they open the main gui which is something that common users in companies should not do on a regular basis. 

This is not accurate.  The current notification causes a Windows notification and alert sound upon logging into the machine which draws attention to the GUI.    

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...