Offline installation scenario for ESET PROTECT

In some cases, you may want to install ESET PROTECT and its components in environments without access to the internet. To do so, follow our high-level installation instructions:

note

Note

See also our Knowledgebase article Best practices for using the ESET PROTECT in an offline environment.

For instructions to upgrade ESET PROTECT, see Upgrade ESET PROTECT components in offline environment.

1.Install ESET PROTECT on Windows using the All-in-one installer. Choose Activate later during installation and activate ESET PROTECT later with an offline license.

2.Create a local repository using Apache Tomcat already installed with ESET PROTECT.

1.Navigate to the folder:

C:\Program Files\Apache Software Foundation\[ Tomcat folder ]\webapps\

2.Create a new subfolder for your local repository, for example, protect_repository.

3.Visit the ESET.com downloads page to download installation packages.

4.Copy installation packages into the repository.

5.Access installation packages using this address (Agent_x64.msi is an example):
https://tomcat_server/protect_repository/Agent_x64.msi

 
hmtoggle_plus0 Other options how to create local repository

 

3.Deploy ESET Management Agent to computers in your offline environment via agent live installer. Modify the installation script to use the new URL to access the agent installation package from the local repository. Alternatively, you can deploy ESET Management Agent using GPO/SCCM.

4.Deploy ESET Endpoint products to workstations using a Software Install task. Select <Choose package> and provide a custom URL for the installation package from the local repository.

5.Activate your endpoints with an offline license.

6.Disable ESET LiveGrid®.

7.Create an update mirror – there are 2 scenarios:

Closed network
In a closed network without internet access, the Administrator must create a custom update server – a "mirror" folder where update files for clients are stored:

If Apache HTTP Proxy/Apache Tomcat is used as the update server, configure clients to use a custom update server (not proxy).

If ESET Endpoint for Windows is used as the mirror server, configure clients to download from the client mirror.

Internet access
If at least one computer has internet access:

Set up a mirror using ESET Endpoint for Windows and configure clients to download from the client mirror.

Use Tomcat as update server and configure clients to use a custom update server.

Use Apache HTTP Proxy and configure clients to use the proxy.

important

Important

Apache HTTP Proxy works as a mirror, but Apache Tomcat needs to be reconfigured to run without SSL, because the connection to the ESET PROTECT Web Console will be insecure due to the update mirror.

 

8.We highly recommend that you update modules on a regular basis. If modules are not updated, the ESET PROTECT Web Console flags computers as Not updated. To mute this Web Console warning, click the computer in the list and select Mute from the context menu.