Deploy ESET Protect Management Agent and ESET Endpoint Antivirus together with an All-in-one installer using Microsoft Endpoint Manager

How to deploy ESET Protect Management Agent and ESET Endpoint Antivirus together with an All-in-one installer using Microsoft Endpoint Manager

Table of Contents

1. Create ESET Protect All-in-one installer package

What is the ESET All-in-one installer?

• The ESET Protect all-in-one installer package includes both the ESET Protect management agent, and ESET Endpoint protection (Antivirus) combined together in a single executable.
  
  
• When creating an all-in-one installer, you can specify the ESET license, configuration policy, device parent group and ESET Protect server settings.
  

Create All-in-one installer package from the ESET Protect Web console

Sign in to the ESET Protect web console

https://eset.domain.com/era/webconsole

Installers - Create installer - All-in-one Installer

Untick Participate in product improvement program (optional)

Package contents:
Tick Management Agent
Tick Security Product

Continue

Select Configuration policy
Accept the End User license agreement

Leave other settings as the defaults

Continue

Certificate
Leave the default settings (unless you are using a custom certificate for ESET Protect)

Advanced settings

Name ESET Antivirus All-in-one
Select Parent group

Server hostname and port
eset.yourdomain.com
2222

Finish

Download 64 bit version

2. Silent install command line options for ESET Antivirus all-in-one

--silent
Silent install, no user interaction

--accepteula
Accept the end-user license agreement

Example: silent install ESET Protect all-in-one package
PROTECT_Installer_x64_en_US.exe --silent --accepteula

Script to silent install ESET Endpoint Antivirus

install.cmd
PROTECT_Installer_x64_en_US.exe --silent --accepteula
 

3. Create .intunewin Windows app package for ESET Antivirus using IntuneWinAppUtil.exe

Download Microsoft Win32 Content Prep Tool

Download the Microsoft Win32 Content Prep Tool and extract to Extract to C:\Temp

Microsoft Win32 Content Prep Tool
https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

IntuneWinAppUtil.exe options

-c setup folder containing the files that will be packaged into and .intunewin file
-s setup file e.g. setup.exe or PROTECT_Installer_x64_en_US.exe
-o output folder for the .intunewin file

Create Windows app package for ESET Endpoint Protection using IntuneWinAppUtil.exe

Copy the ESET Protect all-in-one installer package and install.cmd file to folder C:\Temp\ESET Endpoint Antivirus

Open Command Prompt (run as Administrator)

cd C:\Temp\Microsoft-Win32-Content-Prep-Tool-master

IntuneWinAppUtil.exe -c "C:\Temp\ESET Endpoint Antivirus" -s "C:\Temp\ESET Endpoint Antivirus\PROTECT_Installer_x64_en_US.exe" -o "C:\Temp\ESET Endpoint Antivirus-Intune"
 

4. Create test device group for ESET Endpoint Intune deployment

Why create a device group for deployment?

We can add computers to the group for testing the application deployment to make sure everything works OK.
Once the new package installation has been tested, we can assign the package to all devices.

Create device group using Endpoint Manager admin center 

Endpoint Manager
Groups - New Group

Group type: Security
Group name: Endpoint Manager Test Devices
Membership type: Assigned

Create

Add a device to the group for testing 

Endpoint Manager
Groups - Endpoint Manager Test Devices - Members - Add members
Search for and select test computer

5. Deploy ESET Antivirus All-in one installer using Microsoft Intune

Add a Windows app (Win32)

Endpoint Manager
Apps - Windows 

Add
App type: Windows app (Win32)
Select

Add App - Select app package file

Select app package file - browse for the .intunewin app package
PROTECT_Installer_x64_en_US.intunewin
Click OK

Add App - App information 

Name: ESET Antivirus v9
Description: ESET Antivirus v9 and ESET Management Agent v9
Publisher: ESET
App version: 9.0.2046.0

Leave other settings as the defaults

Add App - Program

Install command: install.cmd
Uninstall command: install.cmd
Install behavior: System
Device restart behavior: No specific action

Leave other settings as the defaults

Add App - Requirements

Operating system architecture: 64-bit
Minimum operation system: Windows 10 1607

Add App - Detection rules

Rules format: Manually configure detection rules
Add

Rule type: File
Path: C:\Program Files\ESET
File or folder: ESET Security
Detection method: File or folder exists

Click OK 

Click Next

Add App - Dependencies

In this example, we are not configuring any dependencies
Next Click 

Add - App Supersedence

In this example, we are not configuring supersedence
Next Click 

Add App - Assignments

Required - Add group - Endpoint Manager Test devices

End user notifications

End user notifications
Click - Show all toast notifications

End user notifications: Hide all toast notifications
Click OK

Click Next

Click Create

6. Check Intune app package deployment status

Check deployment status from Endpoint Manager admin center

Apps - Windows - ESET Antivirus v9 - Overview

Check deployment status from client computer

To check the status of the application package deployment from the client computer. Open the Intune Management Extension Log using Configuration Manager log file viewer cmtrace.exe

C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log

The IntuneManagementExtension log file contains status messages and information about the application deployment.

7. Deploy ESET Endpoint Antivirus to all devices

After the application deployment has been tested, change the required assignment to "All devices".