ESET PROTECT Components Upgrade task

Recommendations before upgrading

We recommend using the ESET PROTECT Components Upgrade task in the ESET PROTECT Web Console to upgrade your ESET PROTECT infrastructure. Carefully review the directions here before upgrading.


If the components upgrade fails on a machine running the ESET PROTECT Server or Web Console, you may not be able to log into the Web Console remotely. We recommend that you configure physical access to the server machine before performing this upgrade. If you cannot arrange for physical access to the machine, make sure you can log onto it with administrative privileges using a remote desktop. We recommend that you back up your ESET PROTECT Server and Mobile Device Connector databases before performing this operation. To back up your Virtual Appliance, create a snapshot or clone your virtual machine.

Are you upgrading from ESMC Virtual Appliance?

arrow_down_business The ESET PROTECT Server instance is installed on a failover cluster?

arrow_down_business Important instructions before upgrading Apache HTTP Proxy on Microsoft Windows

arrow_down_business Important instructions before upgrading Apache HTTP Proxy on Virtual Appliance



You can upgrade to ESET PROTECT 9.0 only from ESMC version 7.0 and later.

ESET PROTECT 9 automatically notifies you when a new version of the ESET PROTECT Server is available.

Back up the following data before running the upgrade:

All certificates (Certificate Authority, Server Certificate and Agent Certificate)

Export your Certification Authority Certificates from an old ESET PROTECT Server to a .der file and save them to external storage.

Export your Peer Certificates (for ESET Management Agent, ESET PROTECT Server) and private key .pfx file from an old ESET PROTECT Server and save them to external storage.

Your ESMC/ESET PROTECT database. If you have an older unsupported database installed (MySQL 5.5 or MS SQL 2008/2012), upgrade your database to a compatible database version before upgrading the ESET PROTECT Server.


Make sure that you have a supported operating system before upgrading to ESET PROTECT 9.0.

ESET PROTECT Server component version 9.0 is not compatible with 32-bit machines (x86 architecture). Upgrading a 32-bit Server machine from version 7.0 to 9.0 will fail.

If you have already run the upgrade and your system is not working, reinstall manually all ESET PROTECT components to the original version.

Before the upgrade, migrate your current ESET PROTECT to a 64-bit machine, and after successful migration, you can run the upgrade task.

ESET PROTECT 9.0 uses LDAPS as the default protocol for Active Directory synchronization. If you upgraded from versions 7.0-7.1 on a Windows machine to ESET PROTECT 9.0 and used the Active Directory synchronization, synchronization tasks will fail in ESET PROTECT 9.0.

To upgrade ESET security products, run the Software Install task using the latest installer package to install the latest version over your existing product.

Recommended upgrade procedure

1.Upgrade the ESET PROTECT Server - Select only the machine with the ESET PROTECT Server as the target for the ESET PROTECT Components Upgrade task.

2.Select some client computers (as a test sample - at least one client from each operating system and bitness) and run the ESET PROTECT Components Upgrade task on them.

We recommend that you use Apache HTTP Proxy (or any other transparent web proxy with caching enabled) to limit the network load. The test client machines will trigger the download/caching of the installers. When the task runs again, the installers will be distributed to client computers directly from the cache.

3.After the computers with upgraded ESET Management Agent are successfully connecting to the ESET PROTECT Server, proceed with upgrading the rest of the clients.


To upgrade ESET Management Agents on all managed computers in the network, select the Static Group All as the target for the ESET PROTECT Components Upgrade task. The task will skip computers that already run the latest ESET Management Agent.

ESET PROTECT 9.0 supports the automatic upgrade of ESET Management Agent on managed computers.

Components upgraded automatically:


ESET Management Agent

ESET PROTECT Web Console - only applies when Apache Tomcat was installed to its default installation folder in both Windows and Linux distributions, including ESET PROTECT Virtual Appliance (for example: /var/lib/tomcat8/webapps/, /var/lib/tomcat7/webapps/, /var/lib/tomcat/webapps/).


Web Console upgrade limitations

oApache Tomcat is not upgraded during the ESET PROTECT Web Console upgrade via the Components Upgrade task.

oESET PROTECT Web Console upgrade does not work if Apache Tomcat was installed in a custom location.

oIf a custom version of Apache Tomcat is installed (manual installation of the Tomcat service), the future ESET PROTECT Web Console upgrade via the All-in-one installer or Components Upgrade Task is not supported.

ESET PROTECT Mobile Device Connector.

Components that require manual upgrade:

Apache Tomcat (we strongly recommend that you keep Apache Tomcat up-to-date, see Upgrading Apache Tomcat)

Database Server

Apache HTTP Proxy (can be achieved using All-in-one installer, see Upgrading Apache HTTP Proxy)

ESET Rogue Detection Sensor - Use the Software Install task for the upgrade. Alternatively, install a newer version over the older version (follow the installation instructions for Windows or Linux). If you installed RD Sensor with ESMC 7.2 and later, you do not need to upgrade it, as there are no new RD Sensor releases.


Verify whether you can access the ESET PROTECT repository from an upgraded computer.

Re-running the ESET PROTECT Components Upgrade task will not work if there is at least one component already upgraded to the newer version.

If there is no clear reason for the failure, you can upgrade components manually. See our instructions for Windows or Linux.

For more suggestions to resolve upgrade issues, see general troubleshooting information.