Jump to content

Best way to mass update v6 clients without AV to install agent/antivirus windows domain?


Recommended Posts

I'm curious what everyone is doing to update their clients to Eset v6.x?

 

As of now, i've just gone through the interface and pushed out agents on machines that are listed in my workstations OU group.. however, this only works if those machines are online..

 

I saw that the agent could be pushed in gpo via software installation policy.. but i'd rather not force that out, especially if a client already has the agent (unless it stays silent as with the manual process)..

 

Then on top of this.. once the agent is installed, i have just been checking everyday and doing a re-push on the Antivirus Endpoint client, which is also tedious..

 

At this point i'm guessing the only real way to ensure client workstations have AV is to push these out via software installation GPO or run a batch file at login, short of manually continuing to check and install?

 

Thanks in advance

Link to post
Share on other sites

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation?  There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab.  In here you can create a new tasks that will run the install once the machine connects to the console.  I have one task that I use for each group within the network.  The task will deploy Eset AV usually within minutes of connecting after the agent install.  Attached are two screens that show the admin location and one for additional details on the task itself.  Hope this is helpful for you.

post-7762-0-17208500-1441136077_thumb.jpg  post-7762-0-16598900-1441136220_thumb.jpg

Link to post
Share on other sites

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation?  There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab.  In here you can create a new tasks that will run the install once the machine connects to the console.  I have one task that I use for each group within the network.  The task will deploy Eset AV usually within minutes of connecting after the agent install.  Attached are two screens that show the admin location and one for additional details on the task itself.  Hope this is helpful for you.

attachicon.gifEset Tasks1.JPG  attachicon.gifEset Tasks2.JPG

 

Ah ok, so creating a task that basically says, if client agent is installed, a few minutes later fire off the client antivirus install?

 

How bout on the agent install itself.. do you define yours in gpo somehow..

 

maybe a software installation package that has this for the command?

 

  msiexec /qr /i "\\servershare\agents\Agent_x64.msi" ALLUSERS=1 REBOOT=ReallySuppress P_CONNECTION_CHOSEN=Host P_HOSTNAME=ServerName P_PORT=2222

Link to post
Share on other sites

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation?  There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab.  In here you can create a new tasks that will run the install once the machine connects to the console.  I have one task that I use for each group within the network.  The task will deploy Eset AV usually within minutes of connecting after the agent install.  Attached are two screens that show the admin location and one for additional details on the task itself.  Hope this is helpful for you.

attachicon.gifEset Tasks1.JPG  attachicon.gifEset Tasks2.JPG

 

Actually, i cant seem to find the option you have for first connect to console etc..

 

I click my OU for workstations.. then new tasks.. task software install.. the only option for the static group "workstations" lists trigger type static group and Execute asap once then join the "workstations group"..

 

I even tried creating a dynamic group, though one for "no agent installed" and set the parent group to be "workstations", for some reason it didnt populate the machines not installed, but all machines pretty much that had an agent.. something is amiss

Edited by theskyisthelimit99
Link to post
Share on other sites

I deployed the agent using Admin - Server Tasks - All Task Types - Agent Deployment.  You can create a task to deploy the agent to devices within your network.  If the computers to deploy to are on a domain and you have added a group from your Domain with admin capabilities to access/manage the ERA console you can use that account in the Username/password fields when creating the Agent deployment task.  Otherwise you can use a local admin account for the username/password.

 

I have seen GPO used for the deployment as well but the agent deployment worked well for our environment.

Link to post
Share on other sites
  • Administrators

Using GPO for deployment is a recommended way of deploying agent. Deploying it via the agent deployment tasks requires a quite lot conditions to be fulfilled, otherwise the task will fail.

Link to post
Share on other sites

 

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation?  There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab.  In here you can create a new tasks that will run the install once the machine connects to the console.  I have one task that I use for each group within the network.  The task will deploy Eset AV usually within minutes of connecting after the agent install.  Attached are two screens that show the admin location and one for additional details on the task itself.  Hope this is helpful for you.

attachicon.gifEset Tasks1.JPG  attachicon.gifEset Tasks2.JPG

 

Actually, i cant seem to find the option you have for first connect to console etc..

 

I click my OU for workstations.. then new tasks.. task software install.. the only option for the static group "workstations" lists trigger type static group and Execute asap once then join the "workstations group"..

 

I even tried creating a dynamic group, though one for "no agent installed" and set the parent group to be "workstations", for some reason it didnt populate the machines not installed, but all machines pretty much that had an agent.. something is amiss

 

Yes, those options for the new task are OK.  Once you complete all the settings in the task and save it any device that is either in that group or gets placed in the that group will have that task run against it.  This assumes that the agent is already installed on the PC.  I have found that if the task fails it will run the task again at a later time.  Not sure if the time is hours later, next time it checks in based on your agent connection interval or if it is once a day.  If you want to adjust the Expiration date select the static group by checking the box in the target list and click the Assign Trigger button.

Link to post
Share on other sites

Using GPO for deployment is a recommended way of deploying agent. Deploying it via the agent deployment tasks requires a quite lot conditions to be fulfilled, otherwise the task will fail.

I agree there are a multitude of requirements and I was just offering up an alternate solution to deploying the agent outside of using GPO.  In our environment with the number of nodes and testing we did prior to full deployment we had little to no downtime and minimal interruption to our users by using the agent deployment task, assigning the EEAV software install task to a group, to deploy once the agent was installed, we had about a 95% success rate.  We also had great success running the software uninstall task to remove our old AV using the Third-party antivirus software (Built with OPSWAT).  It literally wiped the old AV out.  Files and registry settings were completely gone!  I was impressed with that process.

Link to post
Share on other sites

 

 

If I understand correctly you are trying to get the AV installed once the agent is deployed to the workstation?  There are a few ways to create this but if you go navigate to Admin - Groups - select a group in the right hand pane there is a Tasks Tab.  In here you can create a new tasks that will run the install once the machine connects to the console.  I have one task that I use for each group within the network.  The task will deploy Eset AV usually within minutes of connecting after the agent install.  Attached are two screens that show the admin location and one for additional details on the task itself.  Hope this is helpful for you.

attachicon.gifEset Tasks1.JPG  attachicon.gifEset Tasks2.JPG

 

Actually, i cant seem to find the option you have for first connect to console etc..

 

I click my OU for workstations.. then new tasks.. task software install.. the only option for the static group "workstations" lists trigger type static group and Execute asap once then join the "workstations group"..

 

I even tried creating a dynamic group, though one for "no agent installed" and set the parent group to be "workstations", for some reason it didnt populate the machines not installed, but all machines pretty much that had an agent.. something is amiss

 

Yes, those options for the new task are OK.  Once you complete all the settings in the task and save it any device that is either in that group or gets placed in the that group will have that task run against it.  This assumes that the agent is already installed on the PC.  I have found that if the task fails it will run the task again at a later time.  Not sure if the time is hours later, next time it checks in based on your agent connection interval or if it is once a day.  If you want to adjust the Expiration date select the static group by checking the box in the target list and click the Assign Trigger button.

 

 

So are you saying that i basically click admin.. Groups.. then in the middle tabs.. Tasks.. New Client Tasks at the bottom..

Task Category ESET Security Product..

 

Task.. Software Install

 

Target (default, all workstations)

 

Settings.. antivirus in my case

 

Under Target.. if i check off Static Group, i get the option to assign a trigger, 

 

I think what you are saying is that, if i leave it alone, "as soon as possible", it will NOT try to install the client AV software if its already installed?  That is, i dont see a way to get it to say like yours does, trigger first time joins the group (i'm assuming this is just your description)?

Link to post
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...