Agent deployment using GPO and SCCM

Apart from local deployment, you can also use management tools such as Group Policy Object (GPO), System Center Configuration Manager (SCCM), Symantec Altiris or Puppet for remote deployment of Agent.


For remote deployments, verify all client computers have an internet connection.

Follow the steps below to deploy the ESET Management Agent to clients using GPO or SCCM:

Download the Agent installer .msi file from ESET download page - Standalone installers section.

Click Other Deployment Options in the Quick Links section of the menu bar, pop-up window will open where you can choose Use GPO or SCCM for deployment, click the button Create Script.


Deselect the check box Participate in product improvement program if you do not agree to send crash reports and anonymous telemetry data to ESET (OS version and type, ESET product version and other product-specific information). If the check box is left selected, telemetry data and crash reports will be sent to ESET.

A Peer Certificate and ESET PROTECT Certification Authority are chosen automatically based on the available certificates. If you want to use a different certificate than the one automatically selected, click ESET PROTECT certificate description to see a list of available certificates and choose the one you want to use. If you want to use your Custom certificate click the radio button and upload a .pfx certificate file. See Custom certificates with ESET PROTECT for further details.

Enter Certificate passphrase if needed. For example if you have specified the passphrase during the installation of your ESET PROTECT, or if you are using Custom certificate with a passphrase. Otherwise, leave the Certificate passphrase field blank.


The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.


You can customize the ESET Management Agent installation package:

1.Enter the Name and Description (optional) of the installation package.

2.Click Select tags to assign tags.

3.Parent group (optional) - Select the Parent group where the computer will be placed after installation. You can select an existing static group or create a new static group to which the device will be assigned after the installer is deployed.

4.Initial installer configuration (Optional) - Use this option to apply configuration policy to ESET Management Agent. Click Select under Agent configuration (optional) and choose from the list of available policies. If none of the pre-defined policies are suitable, you can create a new policy or customize the existing ones.

5.Server hostname (optional) - Type the ESET PROTECT Server hostname or IP address. If necessary, you can specify the Port number (default is 2222).

6.If you use an HTTP Proxy, select the check box Enable HTTP Proxy settings and specify the Proxy settings (Host, Port, Username and Password) to download the installer via Proxy and set ESET Management Agent connection to Proxy to enable communication forwarding between ESET Management Agent and ESET PROTECT Server. Read more about Proxy here.


The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work.

Enable Use direct connection if HTTP proxy is not available if you want to allow this fallback option.

7.Click Finish and when a new popup window with install_config.ini file opens, click Save file.

Click the appropriate link below to view step-by-step instructions for two popular ESET Management Agent deployment methods:

1.Deployment of ESET Management Agent using Group Policy Object (GPO) - This Knowledgebase article may not be available in your language.

2.Deployment of ESET Management Agent using System Center Configuration Manager (SCCM)