Differences between Apache HTTP Proxy, Mirror Tool and direct connectivity

ESET product communication involves detection engine and program module updates as well as the exchange of LiveGrid data (see the table below) and license information.

ESET Security Management Center downloads the latest products for distribution to client computers from the repository. Once distributed, the product is ready to be deployed on the target machine.

Once an ESET security product is installed, it must be activated, meaning the product needs to verify your license information against the license server. After activation, detection engine and program modules are updated on a regular basis.

ESET LiveGrid® Early Warning System helps ensure that ESET is immediately and continuously informed of new infiltrations in order to quickly protect our customers. The system allows new threats to be submitted to the ESET Threat Lab, where they are analyzed and processed.

Most network traffic is generated by product module updates. In general, an ESET security product downloads approximately 23.9 MB of module updates in a month.

ESET LiveGrid® data (approximately 22.3 MB) and the update version file (up to 11 kB) are the only distributed files that cannot be cached.

There are two types of updates – level and nano updates. See our Knowledgebase article for more information about update types.

There are 2 ways to decrease network load when distributing updates to a network of computers, Apache HTTP Proxy or Mirror Tool.

details_hoverNOTE

Read this Knowledgebase article to set up Mirror Tool chaining (configure Mirror Tool to download updates from another Mirror Tool).

 

ESET communication types

Communication Type

Communication Frequency

Network traffic impact

Proxy-forwarded communication

Proxy Caching Option1

Mirroring Option2

Offline Environment Option

Agent Deployment (Push / Live Installers from repository)

One time

Approximately
50 MB per client

YES

YES3

NO

YES (GPO / SCCM, edited live installers)4

Endpoint Installation (Software Install from repository)

One time

Approximately
100 MB per client

YES

YES3

NO

YES (GPO / SCCM, installation by package URL)4

Detection engine module / Program Module Update

6+ times a day

23.9 MB per month5

YES

YES

YES

YES (Offline Mirror Tool & Custom HTTP Server)6

Update version file update.ver

~8 times a day

2.6 MB per month7

YES

NO

-

-

Activation / Licensing check

4 times a day

negligible

YES

NO

NO

YES (Offline files generated on ESET Business Account)8

LiveGrid Cloud Based Reputation

On-the-fly

11 MB per month

YES

NO

NO

NO

1.For proxy caching impact / benefits see When to start using Apache HTTP Proxy?

2.For mirroring impact see When to start using Mirror Tool?

3.Once per installation / upgrade we recommend that you deploy one agent (one per specific version) / endpoint initially so that the installer is cached.

4.To deploy the ESET Management Agent across a large network, see Agent deployment using GPO and SCCM.

5. Your Initial detection engine update may be larger than normal depending on the age of the installation package, because all newer detection engine updates and module updates will be downloaded. We recommended to install one client initially, and let it update, so the needed detection engine and program module updates are cached.

6.Without an internet connection, Mirror Tool cannot download detection engine updates. You can use Apache Tomcat as an HTTP server to download updates to a directory available to the Mirror Tool.

7.When checking for detection engine updates, the update.ver file is always downloaded and parsed. By default, ESET endpoint product's scheduler is querying for a new update each hour. We assume a client workstation is turned on 8 hours a day. The update.ver file contains approximately 11 kB.

8.Download offline license files as a License Owner or Security Admin.

 

details_hoverNOTE

You cannot cache updates for version 4 and 5 products using Apache HTTP Proxy. To distribute updates for these products, use the Mirror Tool, or use a particular version of endpoint product as a mirror server.