This type of Agent deployment is useful when the remote and local deployment options do not suit you. You can distribute the Agent script installer via email and let the user deploy it. You can also run the Agent script installer from removable media (a USB flash drive, for example).
|
|
The client machine needs to have an internet connection to download the Agent installation package and to connect to ESET PROTECT On-Prem.
|
You can create Agent script installer for Windows/macOS/Linux in several ways:
•Quick Links > Deploy Agent
•Installers > Create Installer > Windows/macOS/Linux > Deploy Agent first (Agent script installer)
•ESET PROTECT On-Prem Tour
1.Select the Participate in product improvement program check box to send anonymous telemetry data and crash report to ESET (OS version and type, ESET product version and other product-specific information).
2.Parent group - Select the Parent group where the ESET PROTECT Web Console will place the computer after an Agent installation.
•You can select an existing static group or create a new one to which the device will be assigned after the installer is deployed.
•Selecting a Parent group will add all policies applied to the group to the installer.
•Selecting the Parent Group does not affect the installer location. After you create the installer, it is placed in the current user's Access Group. Access Group sets the object's Static Group and access to the object based on the user's access rights.
• The parent group is mandatory if you use ESET Business Account with sites or ESET MSP Administrator and optional if you use ESET Business Account without sites.
3.Server hostname (optional) - Type the ESET PROTECT Server hostname or IP address. If necessary, specify the Port number (default is 2222).
|
|
The Server hostname field does not support special characters—for example, letters with diacritics.
|
4.Peer certificate:
•ESET PROTECT certificate - A Peer Certificate for Agent installation and ESET PROTECT Certification Authority are selected automatically. To use a different certificate, click the ESET PROTECT Certificate Description to select from a drop-down menu of available certificates.
•Custom certificate - If you use a custom certificate for authentication, click Custom Certificate > Select , upload the .pfx certificate and select it when installing the Agent. For more information, see Certificates.
Certificate passphrase - Type the certificate passphrase if needed - if you have specified a passphrase during ESET PROTECT Server installation (in the step where you created a Certification Authority) or you use a custom certificate with a passphrase. Otherwise, leave the Certificate passphrase field blank.
|
|
•The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during Agent initialization.
•The password must contain at least 10 characters in three categories: lowercase letters, uppercase letters, digits or special characters. We recommend using a password with no less than 12 characters. |
5. Customize more settings
•Type the Installer name and Description (optional).
• Click Select tags to assign tags.
• Initial configuration (optional) - Use this option to apply a configuration policy to ESET Management Agent. Click Select under Agent configuration and choose from the list of available policies. If none of the pre-defined policies are suitable, you can create a new policy or customize the existing ones.
• If you use an HTTP Proxy (we recommend using ESET Bridge), select the check box Enable HTTP Proxy settings and specify the Proxy settings (Host, Port, Username and Password) to download the installer via Proxy and set ESET Management Agent connection to Proxy to enable communication forwarding between ESET Management Agent and ESET PROTECT Server. The Host field is the address of the machine running the HTTP Proxy. ESET Bridge uses port 3128 by default. You can set a different port if needed. Ensure to set the same port also in the HTTP Proxy configuration (see ESET Bridge Policy).
|
|
The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work.
|
The Use direct connection if HTTP proxy is not available check box is pre-selected. The installer wizard enforces the setting as a fallback—you cannot deselect the check box. You can disable the setting using an ESET Management Agent policy:
oDuring the installer creation—include the policy in the Initial Configuration
oAfter the ESET Management Agent installation—assign the policy to the computer |
6.Click Save & Download.
7.Extract the downloaded archive file on the client computer where you want to deploy ESET Management Agent.
8.Run PROTECTAgentInstaller.bat (Windows) or PROTECTAgentInstaller.sh script (Linux or macOS) to install the Agent. Follow the detailed Agent installation instructions:
•Agent deployment - Windows
•Agent deployment - Linux
•Agent deployment - macOS
Deployment from a custom remote location
To deploy the Agent from a location other than the ESET repository, modify the install script to specify the new URL where the Agent package is located. You can also use the IP address of the new package.
Find and modify following lines:
Windows:
set url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent_x64.msi
set url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent_x86.msi
set url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent_arm64.msi
Linux:
eraa_installer_url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent-linux-i386.sh
eraa_installer_url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent-linux-x86_64.sh
macOS:
eraa_installer_url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent_macosx_x86_64.dmg
eraa_installer_url=http://repository.eset.com/v1/com/eset/apps/business/era/agent/v11/.../agent-macosx-x86_64_arm64.dmg
|
Deployment from a local shared folder
You can deploy the ESET Management Agent using Agent script installer from your local shared folder without the ESET Repository Download Server:
•If the ESET Management Agent installer and Agent script installer are in the same folder:
a)Create the Agent script installer for Windows/Linux/macOS.
b)Open the Agent script installer in a text editor and find the ESET repository URL download link for ESET Management Agent installer (see Deployment from a custom remote location above).
c)Download the ESET Management Agent installer from the ESET repository.
d)Place the Agent script installer and the ESET Management Agent installer in the same folder.
e)Agent script installer automatically detects the ESET Management Agent installer located in the same folder.
|
|
Use the same ESET Management Agent installer version and filename (.msi, .dmg, .sh) as referenced in the Agent script installer.
|
•If the ESET Management Agent installer and Agent script installer are in different folders, follow the steps below:
Windows:
1.Copy the .msi Agent installer(s) to a local directory.
2.Edit the PROTECTAgentInstaller.bat file to use the local Agent installer.
•agent_x64.msi
a)Change the line set url=%installDirectory%\agent_x64.msi to point to the local download file.
b)Add a command copy /y \\server\share\agent_x64.msi %installDirectory% before the line set url=%installDirectory%\agent_x64.msi
•agent_x86.msi
a)Change the line set url=%installDirectory%\agent_x86.msi to point to the local download file.
b)Add a command copy /y \\server\share\agent_x86.msi %installDirectory% before the line set url=%installDirectory%\agent_x86.msi
•agent_arm64.msi
a)Change the line set url=%installDirectory%\agent_arm64.msi to point to the local download file.
b)Add a command copy /y \\server\share\agent_arm64.msi %installDirectory% before the line set url=%installDirectory%\agent_arm64.msi
The original file looks like:
See the updated file below. Use your own URL (local shared folder), but do not change the %installDirectory%:
|
|
Agent script installer verifies the integrity of installation files based on their checksum. This is a unique string generated for each file. If the file changes, its checksum changes as well.
|
|
|
Ensure that the user account under which the installation package is executed has write permission to the local shared folder. The path can contain spaces, for example \\server\share\Agent_x64.msi (do not use quotation marks "").
|
3.Replace the line:
" echo.packageLocation = DownloadUsingHTTPProxy^("!url!", "!http_proxy_hostname!", "!http_proxy_port!", "!http_proxy_username!", "!http_proxy_password!"^) "
with: echo.packageLocation = "!url!"
4.Save the file. |
macOS:
1.Open the PROTECTAgentInstaller.sh script in a text editor.
2.Delete lines: 62-69 and 73-86.
3.Replace the lines highlighted below with the path to your local installer (Use your own local shared folder path):
local_dmg= "/path_to_local_agent/agent_macos_x86_64.dmg"
4.Save the file. |
Linux:
1.Open the PROTECTAgentInstaller.sh script in a text editor.
2.Delete lines: 32 and 33:
3.Insert the following line with the paths to your local installer.
4.Replace lines 36–54 with the path to your local agent_linux_x86_64.sh installer. See the highlighted area in the image. Use your own URL (local shared folder), instead of the one shown below.
5.Delete lines 49–70.
6.Save the file. |
|