Jump to content

Deploying preconfigured msi packages 6.X How ?


Recommended Posts

Hi,

 

I am looking for a way to deploy ESET Endpoint Antivirus 6.X preconfigured with the ERA Agent.

 

We use Novell Zenworks to deploy our bundles.

 

For the 5.X version, we are able to create preconfigured msi installers and then use these for deployments.

 

For the moment, i am able to install the ERA Agent with Zenworks using the batch file that was generated with the ERA 6 Appliance.

 

Is this a downside of using the appliance ?

 

Is this feature of creating customized msi still available with the Windows Server version ?

 

Thank you :)

Link to post
Share on other sites
  • Administrators

Msi packages cannot be pre-configured. Simply deploy the agent on clients and use a policy for the "Lost and found group" or for the dynamic group Not activated security products that will be applied as soon as the clients appear in the appropriate group.

Link to post
Share on other sites

Msi packages cannot be pre-configured. Simply deploy the agent on clients and use a policy for the "Lost and found group" or for the dynamic group Not activated security products that will be applied as soon as the clients appear in the appropriate group.

 

Is there a command-line command that can be used to import an XML file post installation ?

 

We could use this method to reduce the delay before the AV gets configured.

 

Thank you Marcos !

Link to post
Share on other sites
  • Administrators

Is there a command-line command that can be used to import an XML file post installation ?

We could use this method to reduce the delay before the AV gets configured.

 

Basically that's not possible for security reasons. Only server products support importing a configuration from the command line using eshell.exe (only signed batch files can be imported for security reasons).

 

EEA / EES should be configured immediately after installation as the ERA agent running on a client will detect the product and apply the appropriate policy to it.

Link to post
Share on other sites

The problem we have is that there is a delay before the policies are applied to the workstation...

 

We use Novell Zenworks to deploy the ESET End Point Antivirus msi installer silently but when the setup is complete a popup is displayed on the current user session asking for a serial key to activate.

Note that only 3-5 minutes after, the Antivirus is activated automatically with the help of the ERA agent installed on the workstation.

 

Can we have a msi parameter that we can add to skip activation and wait for the ERA Agent to do his job ?

 

something like this :  msiexec.exe /i eea_nt32_frc.msi /qn SkipStartupActivation=1

 

This was for the new installations.

 

Now for the upgraded installations :

We would also like to tweak the upgrade process from 5.X to 6.X.

 

When we use Zenworks to deploy the new version 6.X (msi) on the workstations that already have the 5.X version.

The problem is that we would like to be able to deploy a configured solution.  For the moment, we deploy the 6.X and there is a time-laps of about 30 minutes before the 6.X policies are applied.

As a result the 6.X have the old policies from the 5.X for a moment and some of them are not compatible.

 

Any idea ?

Link to post
Share on other sites
  • Administrators

That's ok, however, you should first push an Agent Live Installer (batch file created via ERAS). Only when the agent is installed on clients, install Endpoint (via ERA, Zenworks, GPO, etc.). As soon as it gets installed, it will start to communicate with the agent which will push the appropriate policy to it (e.g. can activate it automatically).

The order is important - pushing Endpoint msi first would install only non-activated Endpoint itself and no communication with ERAS would be possible until the agent is installed. Unlike Endpoint v5 which communicates with ERAS directly, Endpoint v6 doesn't communicate with ERAS at all but the communication is performed via the agent only (which brings several advantages over the older approach).

Link to post
Share on other sites

That is exactly how we scripted the Zenworks installation

1st step : Install the ERA Agent on the workstation with the certificates provided by the batchfile

- Copy the files locally on the workstation ( modified version of the provided script because we don't want every workstation to go get the agent online )

  ( set url=hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v6/6.1.365.0/Agent_x86.msi ) = We don't want this

- Copy the files ( era.ca.der.b64 and era.peer.pfx.b64 on a temp folder )

- Run this command : msiexec.exe /qr /i Agent_x86.msi /l*v %temp%\ra-agent-install.log ALLUSERS=1 REBOOT=ReallySuppress P_CONNECTION_CHOSEN=Host P_HOSTNAME=10.148.XX.XX P_PORT=2222 P_CERT_PATH=C:\tempfolder\ESET\era.peer.pfx.b64 P_CERT_PASSWORD="" P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES P_CERT_AUTH_PATH=C:\tempfolder\ESET\era.ca.der.b64

 

2nd Step :

After the ERA agent is installed, we launch the MSI installer of the ESET Endpoint Antivirus.

Link to post
Share on other sites
  • Administrators

This is really strange and definitely something that our engineers should comment on. They will be able to reply on Monday at earliest.

Link to post
Share on other sites
  • ESET Staff

To suppress any dialogs shown by EEA or EES after installation, you can use INSTALLED_BY_ERA=1 msi parameter.

 

To apply policies faster during upgrade, I would suggest to deploy Agent, let it replicate all necessary policies from a server - this depends on replication interval. And then install EEA 6.x using Zenworks. Agent should detect the upgrade and in a minute it will start managing EEA by applying policies.

Link to post
Share on other sites

Thank you!

 

This msi parameter fixed the issue where we had a popup asking for activation. 

 

About the replication interval, can we set a server parameter for this ?

 

For the moment, i know we can assign a policy with more frequent refresh.  The problem is for the 1st refresh ( before that any policies have been applied )....

Link to post
Share on other sites

I don't know if this is a coincidence but with this msi parameter, my product never gets activated by the ERA agent.  i've waited 2 hours without rebooting... then i tried rebooting if it would change anything... but its not getting activated.

 

I have a general policy that activate all the products that connects to the ERA server...

Link to post
Share on other sites

I don't know if this is a coincidence but with this msi parameter, my product never gets activated by the ERA agent.  i've waited 2 hours without rebooting... then i tried rebooting if it would change anything... but its not getting activated.

 

I have a general policy that activate all the products that connects to the ERA server...

 

 

I have run 3-4 more simulations and the product did activate. so you may forget about this previous message.  :)

Link to post
Share on other sites

Ok... i have been able to reproduce the problem...

 

Still another product not being activated...

 

See what the console says :
post-6605-0-62860100-1426088162_thumb.png

 

We can see that the message is received and that there is no product to activate...  but this is not true... There is an Endpoint Antivirus installed on this machine.

 

Any idea how to fix this issue ?

Link to post
Share on other sites
  • ESET Staff

The problem is that the agent does not yet know that EEA is installed - it is not communicating with the security product. It takes about a minute for the agent to detect installed EEA. The best way to automatically activate product is to use dynamic group called "Not activated security product". This group will be joined only by agents that are already connected to EEAs without activation.

Link to post
Share on other sites
  • 3 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...