ESET Online Help

Search English
Select the category
Select the topic

Agent installation - Windows

Available methods

There are various installation and deployment methods available for ESET Management Agent installation on Windows workstations:




GUI based installation from the .msi installer

This chapter


The standard installation method.

This method can be executed as server-assisted or offline installation.

Use this method when installing Agent on ESET PROTECT Server machine.

ESET Remote Deployment Tool

Online Help

Recommended for mass-deployment over local network.

Can be used to deploy All-in-one installer (Agent + ESET security product)

All-in-one Agent installer

Create an All-in-one Agent installer


The installer can include also a security product and embedded policy.

The size of the installer is several hundreds of MBs.

Agent script installer

Create Agent script installer


The installer is an executable script. It has a small size but it needs access to location of .msi installer.

The script can be edited to use local installer and HTTP Proxy.

SCCM and GPO deployment




Advanced method of remote mass-deployment.

Using a small .ini file.

Server task - Agent Deployment

Online Help


An alternative to SCCM and GPO.

It is not viable through HTTP Proxy.

Executed by ESET PROTECT Server from the ESET PROTECT Web Console.

Use this method to deploy the ESET Management Agent to the computers synchronized from the Active Directory.


The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work.

If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.

GUI based installation

Follow the steps below to install the ESET Management Agent component locally on Windows:

1.Visit the ESET PROTECT download section to download a standalone installer for this ESET PROTECT component (agent_x86.msi or agent_x64.msi or agent_arm64.msi).

2.Run the ESET Management Agent installer and accept the EULA if you agree with it.

3.Select the Participate in product improvement program check box to send anonymous telemetry data and crash report to ESET (OS version and type, ESET product version and other product-specific information).

4.Type the Server host (hostname or IP address of your ESET PROTECT Server) and Server port (the default port is 2222, if you are using a different port, replace the default port with your custom port number).


Ensure the Server host matches at least one of the values (ideally be FQDN) defined in the Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". Using the wildcard (*) in the Server certificate Host field, will allow the certificate to work with any Server host.

5.If you use proxy for Agent - Server connection, select the check box next to Use Proxy. When selected, the installer will continue with offline installation.


This proxy setting is used only for (replication) between ESET Management Agent and ESET PROTECT Server, not for the caching of updates.

Proxy hostname: hostname or IP address of the HTTP Proxy machine.

Proxy port: default value is 3128.

Username, Password: type the credentials used by your proxy if it uses authentication.

You can change proxy settings later in your policy. Proxy must be installed before you can configure an Agent - Server connection via Proxy.

6.Select one of the following installation options and follow the steps from the appropriate section below:

Server assisted installation - You will need to provide ESET PROTECT Web Console administrator credentials. The installer will download the required certificates automatically.


You cannot use a user with two-factor authentication for server-assisted installations.

Offline installation - You will need to provide an Agent certificate and a Certification Authority. Both can be exported from ESET PROTECT On-Prem. Alternatively, you can use your custom certificate.

Command line installation

MSI installer can be run locally or remotely. Download the ESET Management Agent from the ESET website.


Description and allowed values


Hostname or IP address of ESET PROTECT Server.


Server port for Agent connection (optional; if not specified the default port 2222 is used).


Path to the Agent Certificate in Base64 format in .txt file (exported from ESET PROTECT Web Console).


Path to the Certification Authority in Base64 format in .txt file (exported from ESET PROTECT Web Console).


YES; Use this parameter when you refer to Agent certificate and Certification Authority stored in .txt files.


Use this parameter to provide a password for Agent certificate.


Agent certificate string in Base64 format (exported from ESET PROTECT Web Console).


Certification Authority string in Base64 format (exported from ESET PROTECT Web Console).


Password for the uninstallation of a password-protected Agent.


0 - disabled (default option); 1 - enabled. Sending of crash reports and telemetry data to ESET (optional parameter).


1; Use this parameter for semi-silent ESET Management Agent installation. You can see Agent installation window and you are prompted to accept the EULA and enable/disable the telemetry (P_ENABLE_TELEMETRY is ignored when specified). Other Agent installation settings are taken from the command line parameters. You can see the completion of Agent installation process.


1; Use this parameter to enable using of HTTP Proxy (which is already installed in your network) for replication between ESET Management Agent and ESET PROTECT Server (not for caching of updates).


Hostname or IP address of HTTP Proxy.


HTTP Proxy port for Agent connection.

Examples of command line installation

Replace the orange code below as necessary.

Silent installation (/q parameter) with default port connection, enabled telemetry and Agent certificate and Certification Authority stored in files:

Agent_x64.msi /q P_HOSTNAME= P_ENABLE_TELEMETRY=1 P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES

Silent installation with provided strings for Agent certificate and for Certification Authority and Agent certificate password and HTTP Proxy parameters:


Semi-silent installation:

Agent_x64.msi P_INSTALL_MODE_EULA_ONLY=1 P_HOSTNAME= P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES