Updating from the Mirror

There are two basic methods to configure a Mirror, which is essentially a repository where clients can download update files. The folder with update files can be presented as a shared network folder or as an HTTP server.

Accessing the Mirror using an internal HTTP server

This is the default configuration specified in the predefined program configuration. To allow access to the Mirror using the HTTP server, navigate to Advanced setup > Update > Profiles > Mirror and select Create update mirror.

In the HTTP Server section of the Mirror tab you can specify the Server port where the HTTP server will listen as well as the type of Authentication used by the HTTP server. By default, the Server port is set to 2221. The Authentication option defines the method of authentication used for accessing the update files. The following options are available: None, Basic, and NTLM. Select Basic to use base64 encoding with basic username and password authentication. The NTLM option provides encoding using a safe encoding method. For authentication, the user created on the workstation sharing the update files is used. The default setting is None, which grants access to the update files with no need for authentication.



If you want to allow access to the update files via the HTTP server, the Mirror folder must be located on the same computer as the ESET Endpoint Security instance creating it.

SSL for HTTP Server

Append your Certificate chain file, or generate a self-signed certificate if you want to run HTTP server with HTTPS (SSL) support. The following certificate types are available: PEM, PFX and ASN. For additional security, you can use HTTPS protocol to download update files. It is almost impossible to track data transfers and login credentials using this protocol. Private key type is set to Integrated by default, which means that the private key is a part of the selected certificate chain file.



An error Invalid Username and/or Password will appear in the Update pane from the main menu after several unsuccessful attempts to update the detection engine from the Mirror. We recommend that you navigate to Advanced setup > Update > Profiles > Mirror and check the Username and Password. The most common reason for this error is incorrectly entered authentication data.


After your Mirror server is configured, you must add the new update server on client workstations. To do this, follow the steps below:

Access Advanced setup (F5) and click Update > Profiles > Basic.

Disengage Choose automatically and add a new server to the Update server field using one of the following formats:
https://IP_address_of_your_server:2221 (if SSL is used)

Accessing the Mirror via system shares

First, a shared folder should be created on a local or network device. When creating the folder for the Mirror, you must provide “write” access for the user who will save update files to the folder and “read” access for all users who will update ESET Endpoint Security from the Mirror folder.

Next, configure access to the Mirror in Advanced setup > Update > Profiles > Mirror tab by disabling Provide update files via internal HTTP server. This option is enabled by default in the program install package.

If the shared folder is located on another computer in the network, you must enter authentication data to access the other computer. To enter authentication data, open ESET Endpoint Security Advanced setup (F5) and click Update > Profiles > Connect to LAN as. This is the same setting used for updating, as described in the Connect to LAN as section.

To access the mirror folder, this needs to be done under the same account as the one used for logging into the computer the mirror is created on. In case the computer is in a domain, "domain\user" username should be used. In case the computer is not in a domain, "IP_address_of_your_server\user" or "hostname\user" should be used.

After the Mirror configuration is complete, on client workstations set \\UNC\PATH as the update server using the steps below:

1.Open ESET Endpoint Security Advanced setup and click Update > Profiles > Updates.

2.Disengage Choose automatically next to Module updates and a new server to the Update server field using the \\UNC\PATH format.



For updates to function properly, the path to the Mirror folder must be specified as a UNC path. Updates from mapped drives may not work.



Creating the Mirror using Mirror Tool

The Mirror tool creates a structure of folders different from what Endpoint mirror does. Each folder holds update files for a group of products. You have to specify the full path to the correct folder in the update settings of the product using the mirror.

For example, to update the ESMC 7 from the mirror set the Update server to (according to your HTTP server root location):


The last section controls program components (PCUs). By default, downloaded program components are prepared to copy to the local mirror. If Program component update is activated, there is no need to click Update, because files are copied to the local mirror automatically when they are available. See Update mode for more information about program component updates.