Agent installation - Windows
Available methods
There are various installation and deployment methods available for ESET Management Agent installation on Windows workstations:
Method |
Documentation |
Description |
|||
|---|---|---|---|---|---|
GUI based installation from the .msi installer |
•KB |
•The standard (offline) installation method. •Use this method when installing Agent on ESET PROTECT Server machine.
|
|||
ESET Remote Deployment Tool |
•Recommended for mass-deployment over local network. •Can be used to deploy All-in-one installer (Agent + ESET security product) |
||||
All-in-one Agent installer |
•Create an All-in-one Agent installer •KB |
•The installer can include also a security product and embedded policy. •The size of the installer is several hundreds of MBs. |
|||
Agent script installer |
•Create Agent script installer •KB |
•The installer is an executable script. It has a small size but it needs access to location of .msi installer. •The script can be edited to use local installer and HTTP Proxy. |
|||
SCCM and GPO deployment |
•SCCM •GPO •KB |
•Advanced method of remote mass-deployment. •Using a small .ini file. |
|||
Server task - Agent Deployment |
•KB |
•An alternative to SCCM and GPO. •It is not viable through HTTP Proxy. •Executed by ESET PROTECT Server from the ESET PROTECT Web Console. •Use this method to deploy the ESET Management Agent to the computers synchronized from the Active Directory. |
|
The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work. If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail. |
GUI based installation
|
ESET Management Agent 12.0 and later no longer supports the server-assisted installation. |
Follow the steps below to install the ESET Management Agent component locally on Windows:
1.Visit the ESET PROTECT download section to download a standalone installer for this ESET PROTECT component (agent_x86.msi or agent_x64.msi or agent_arm64.msi).
2.Run the ESET Management Agent installer and accept the EULA if you agree with it.
3.Select the Participate in product improvement program check box to send anonymous telemetry data and crash report to ESET (OS version and type, ESET product version and other product-specific information).
4.Type the Server host (hostname or IP address of your ESET PROTECT Server) and Server port (the default port is 2222, if you are using a different port, replace the default port with your custom port number).
|
Ensure the Server host matches at least one of the values (ideally be FQDN) defined in the Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". Using the wildcard (*) in the Server certificate Host field, will allow the certificate to work with any Server host. |
5.If you use proxy for Agent - Server connection, select the check box next to Use Proxy. Provide the Proxy hostname, Proxy port (the default port is 3128), Username and Password and click Next.
|
This proxy setting is used only for (replication) between ESET Management Agent and ESET PROTECT Server, not for the caching of updates. •Proxy hostname: hostname or IP address of the HTTP Proxy machine. •Proxy port: default value is 3128. •Username, Password: type the credentials used by your proxy if it uses authentication. You can change proxy settings later in your policy. Proxy must be installed before you can configure an Agent - Server connection via Proxy. |
6.Click Browse and navigate to the location of your Peer certificate (this is the Agent certificate you exported from ESET PROTECT On-Prem). Leave the Certificate password text field blank as this certificate does not require a password. You do not need to browse for a Certification Authority - leave this field empty. The Agent certificate and a Certification Authority can be exported from ESET PROTECT On-Prem.
|
If you are using a custom certificate with ESET PROTECT On-Prem (instead of the default ones that was automatically generated during ESET PROTECT On-Prem installation), use your custom certificates accordingly. |
|
•The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during Agent initialization. •The password must contain at least 10 characters in three categories: lowercase letters, uppercase letters, digits or special characters. We recommend using a password with no less than 12 characters. |
7.Click Next to install to the default folder or click Change to choose another folder (we recommend that you use the default location).
8.Click Next and Install to finish the Agent installation.
Command line installation
MSI installer can be run locally or remotely. Download the ESET Management Agent from the ESET website.
Parameter |
Description and allowed values |
|---|---|
P_HOSTNAME= |
Hostname or IP address of ESET PROTECT Server. |
P_PORT= |
Server port for Agent connection (optional; if not specified the default port 2222 is used). |
P_CERT_PATH= |
Path to the Agent Certificate in Base64 format in .txt file (exported from ESET PROTECT Web Console). |
P_CERT_AUTH_PATH= |
Path to the Certification Authority in Base64 format in .txt file (exported from ESET PROTECT Web Console). |
P_LOAD_CERTS_FROM_FILE_AS_BASE64= |
YES; Use this parameter when you refer to Agent certificate and Certification Authority stored in .txt files. |
P_CERT_PASSWORD= |
Use this parameter to provide a password for Agent certificate. |
P_CERT_CONTENT= |
Agent certificate string in Base64 format (exported from ESET PROTECT Web Console). |
P_CERT_AUTH_CONTENT= |
Certification Authority string in Base64 format (exported from ESET PROTECT Web Console). |
PASSWORD= |
Password for the uninstallation of a password-protected Agent. |
P_ENABLE_TELEMETRY= |
0 - disabled (default option); 1 - enabled. Sending of crash reports and telemetry data to ESET (optional parameter). |
P_INSTALL_MODE_EULA_ONLY= |
1; Use this parameter for semi-silent ESET Management Agent installation. You can see Agent installation window and you are prompted to accept the EULA and enable/disable the telemetry (P_ENABLE_TELEMETRY is ignored when specified). Other Agent installation settings are taken from the command line parameters. You can see the completion of Agent installation process. |
P_USE_PROXY= |
1; Use this parameter to enable using of HTTP Proxy (which is already installed in your network) for replication between ESET Management Agent and ESET PROTECT Server (not for caching of updates). |
P_PROXY_HTTP_HOSTNAME= |
Hostname or IP address of HTTP Proxy. |
P_PROXY_HTTP_PORT= |
HTTP Proxy port for Agent connection. |
Examples of command line installation
Replace the orange code below as necessary.
•Silent installation (/q parameter) with default port connection, enabled telemetry and Agent certificate and Certification Authority stored in files:
Agent_x64.msi /q P_HOSTNAME=10.20.30.40 P_ENABLE_TELEMETRY=1 P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES |
•Silent installation with provided strings for Agent certificate and for Certification Authority and Agent certificate password and HTTP Proxy parameters:
Agent_x64.msi /q P_HOSTNAME=protect_server_name P_ENABLE_TELEMETRY=1 P_CERT_CONTENT=CJfXtf1kZqlZKAl9P48HymBHa3CkW P_CERT_PASSWORD=abcd1234EFGH P_CERT_AUTH_CONTENT=45hvkpqayzjJZhSY8qswDQYJKoZIhvc P_USE_PROXY=1 P_PROXY_HTTP_HOSTNAME=proxy_server P_PROXY_HTTP_PORT=3128 |
•Semi-silent installation:
Agent_x64.msi P_INSTALL_MODE_EULA_ONLY=1 P_HOSTNAME=10.20.30.40 P_CERT_PATH=C:\Users\Administrator\Desktop\certificate.txt P_CERT_AUTH_PATH=C:\Users\Administrator\Desktop\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES |