Agent installation

Available methods

There are various installation and deployment methods available for ESET Management Agent installation on Windows workstations:

Method

Documentation

Description

GUI based installation from the .msi installer

This chapter

KB

The standard installation method.

This method can be executed as server-assisted or offline installation.

Use this method when installing Agent on ESMC Server machine.

ESET Remote Deployment Tool

Online Help

Recommended for mass-deployment over local network.

Can be used to deploy All-in-one installer (Agent + ESET security product)

All-in-one Agent installer

Create an All-in-one Agent installer

KB

The installer can include also a security product and embedded policy.

The size of the installer is several hundreds of MBs.

Agent live installer

Create a Agent live installer

KB

The installer is an executable script. It has a small size but it needs access to location of .msi installer.

The script can be edited to use local installer and HTTP Proxy.

SCCM and GPO deployment

SCCM

GPO

KB

Advanced method of remote mass-deployment.

Using a small .ini file.

Server task - Agent Deployment

Online Help

KB

An alternative to SCCM and GPO.

It is not viable through HTTP Proxy.

Executed by ESMC Server from the ESMC Web Console.

validation-status-icon-warning IMPORTANT

The communication protocol between Agent and ESMC Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESMC Server that requires authentication will not work.

If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.

GUI based installation

To install the ESET Management Agent component locally on Windows, follow these steps:

1.Visit the ESET Security Management Center download section to download a standalone installer for ESMC components.

2.Run the ESET Management Agent installer and accept the EULA if you agree with it.

3.Deselect the check box next to Participate in product improvement program if you do not agree to send crash reports and telemetry data to ESET. If the check box is left selected, telemetry data and crash reports will be sent to ESET.

4.Enter the Server host (hostname or IP address of your ESMC Server or ERA Proxy) and Server port (the default port is 2222, if you are using a different port, replace the default port with your custom port number).

validation-status-icon-warning IMPORTANT

Make sure the Server host matches at least one of the values (ideally be FQDN) defined in the Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". Using the wildcard (*) in the Server certificate Host field, will allow the certificate to work with any Server host.

5.If you use proxy for Agent - Server connection, select the check box next to Use Proxy. When selected, the installer will continue with offline installation.

details_hoverNOTE

This proxy setting is only used only for (replication) between ESET Management Agent and ESMC Server, not for the caching of updates.

Proxy hostname: hostname or IP address of the HTTP Proxy machine.

Proxy port: default value is 3182.

Username, Password: enter the credentials used by your proxy if it uses authentication.

You can change proxy settings later in your policy. Proxy must be installed before you can configure an Agent - Server connection via Proxy.

6.Select one of the following installation options and follow the steps from the appropriate section below:

Server assisted installation - You will need to provide ESMC Web Console administrator credentials. The installer will download the required certificates automatically.

Offline installation - You will need to provide an Agent certificate and a Certification authority. Both can be exported from ESET Security Management Center. Alternatively, you can use your custom certificate.

Command line installation

MSI installer can be run locally or remotely. Download the ESET Management Agent from the ESET website.

Parameter

Description and allowed values

P_HOSTNAME=

Hostname or IP address of ESMC Server.

P_PORT=

Server port for Agent connection (optional; if not specified the default port 2222 is used).

P_CERT_PATH=

Path to the Agent Certificate in Base64 format in .txt file (exported from ESMC Web Console).

P_CERT_AUTH_PATH=

Path to the Certification Authority in Base64 format in .txt file (exported from ESMC Web Console).

P_LOAD_CERTS_FROM_FILE_AS_BASE64=

YES; Use this parameter when you refer to Agent certificate and Certification Authority stored in .txt files.

P_CERT_PASSWORD=

Use this parameter to provide a password for Agent certificate.

P_CERT_CONTENT=

Agent certificate string in Base64 format (exported from ESMC Web Console).

P_CERT_AUTH_CONTENT=

Certification Authority string in Base64 format (exported from ESMC Web Console).

P_ENABLE_TELEMETRY=

1 - enabled (default option); 0 - disabled. Sending of crash reports and telemetry data to ESET (optional parameter).

P_INSTALL_MODE_EULA_ONLY=

1; Use this parameter for semi-silent ESET Management Agent installation. You can see Agent installation window and you are prompted to accept the EULA and enable/disable the telemetry (P_ENABLE_TELEMETRY is ignored when specified). Other Agent installation settings are taken from the command line parameters. You can see the completion of Agent installation process.

P_USE_PROXY=

1; Use this parameter to enable using of HTTP Proxy (which is already installed in your network) for replication between ESET Management Agent and ESMC Server (not for caching of updates).

P_PROXY_HTTP_HOSTNAME=

Hostname or IP address of HTTP Proxy.

P_PROXY_HTTP_PORT=

HTTP Proxy port for Agent connection.

Examples of command line installation

Replace the orange code below as necessary.

Silent installation (/q parameter) with default port connection, enabled telemetry and Agent certificate and Certification Authority stored in files:

Agent_x64.msi /q P_HOSTNAME=10.20.30.40 P_ENABLE_TELEMETRY=1 P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES

Silent installation with provided strings for Agent certificate and for Certification Authority and Agent certificate password and HTTP Proxy parameters:

Agent_x64.msi /q P_HOSTNAME=esmc_server_name P_ENABLE_TELEMETRY=1 P_CERT_CONTENT=CJfXtf1kZqlZKAl9P48HymBHa3CkW P_CERT_PASSWORD=abcd1234EFGH P_CERT_AUTH_CONTENT=45hvkpqayzjJZhSY8qswDQYJKoZIhvc P_USE_PROXY=1 P_PROXY_HTTP_HOSTNAME=proxy_server P_PROXY_HTTP_PORT=3128

Semi-silent installation:

Agent_x64.msi P_INSTALL_MODE_EULA_ONLY=1 P_HOSTNAME=10.20.30.40 P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES