The avast! Enterprise Administrator (AEA) managing the avast Endpoint Protection Plus
The AEA console is the desired platform when managing 200+ systems. This Enterprise console is one of the most powerful anti-virus management tools in the industry, and does NOT have to be loaded on a server. Supported O.S. include Server 2003, 2008, and 2012 R2, as well as Windows XP, 7, and 8.1. During installation, you are prompted for choice of SQL 2008 R2 Express (to be installed with AEA), or use an existing installation of SQL. If you have SQL 2005, 2008 or 2012 on your target system, you then can use the same SQL by creating a new instance “avast”
NOTE: IT IS PREFFERED TO HAVE SQL FULLY INSTALLED PRIOR TO INSTALLING THE AVAST! ENTERPRISE ADMINISTRATOR (AEA).
If any other version of avast! or other anti-virus is present, then these products will need to be removed prior to an avast! deployment. The Endpoint client will require a reboot after installation, so be prepared for this. The avast! AEA console can support tens of thousands of clients. This is achieved through support of multiple avast! Enterprise Administration Servers (AEAS). The AEAS is a mirror of an avast! update server, and each AEAS can manage up to 4000 systems. The AEA console then can manage many AEAS. However, full SQL is required for the “Replication Service” to support multiple AEAS (to support 4000+ clients)
avast! Enterprise Administration console (AEA) installation Guide – http://www.advantage77.com/Files/avast_Quick_Guide_AEA.pdf
Enterprise Administration Console + Client – http://files.avast.com/iavs5x/setup_enterprise_epsp.exe
Enterprise Administration Console User Manual – http://files.avast.com/files/documentation/enterprise-administration-user-guide.pdf
Endpoint Protection Plus Stand Alone Client – http://files.avast.com/iavs5x/setup_av_epsp.exe
1) The very 1st step is to install and configuring the Microsoft SQL Server (SQL 2005, 2008, 2012 or Express). This is one of the “gotcha’s” when AEA is installed prior to SQL. AEA will install SQL, but will NOT always make the correct settings to validate your SQL, leaving your installation non-functional. So installing SQL prior to installing AEA is preferred –
2) Please make sure the ports listed below are opened in the network on both the client and server side (you can use the GPO to dispatch on all machines, and make sure to reboot the machines for the changes to be applied). Other prerequisites include File & Printer sharing, plus Network Discovery to be enabled. The avast! Enterprise Administration Console uses the following ports: Service Port Numbers: Mirror 16135 Client communication port 16136 Client communication port, push requests 16139 SSL communication port console 16138 UDP information port 16133 Standard RPC, NETBIOS and SMB TCP ports for remote deployment 135, 139, 445 Standard NETBIOS UDP ports for remote deployment 137, 138 When installing the Enterprise Administration Console please make sure to have SQL pre-installed, and do not rely on the auto installer in the AEA console installer. Later, in your “CUSTOM” installation, you can select and connect the AEA to your SQL (best practice)
I prefer the anti-spam at the Outlook level instead of the Exchange server level (both are included). End users are truly the only ones that know what is solicited, and unsolicited email (spam). This way user’s can look for themselves what they are not receiving, by the contents of their Junk Mail folder, and can adjust accordingly. Please see the article below on “How to properly use the avast! Anti-Spam Filter for Outlook”
For desktop installation, I recommend to remove all the server protection modules from the deployment components, so they are not installed on the client. Note: When creating an installation package please be sure to select the server name / address in the installation package for the clients to communicate with the console after deployment. It is best to have the system hosting the AEA console to use a fixed IP vs. DNS name. This will eliminate DNS issues during deployment (there are always DNS issues)
The DEFAULT PASSWORD for the EA Console is ADMIN. This of course can be changed after installing.
WORKGROUP VS DOMAIN (ACTIVE DIRECTORY).
A. If using Active Directory you can easily create an installation package to push the client remotely through the network with Network Administrating password and in the Deploying Group.
B. If using a Workgroup you can only DEPLOY Remotely and ONLY With the EA Console to one computer at a time. You will need to use the local administrative password to have rights to push the deployment. We recommend to create the installation package manually and send it via email to each client or install it separately via USB Flash disk (manually install it on each client). Once the client has been installed only then will it be detected in the Enterprise Console.
NOTE: It is a requirement to reboot all systems after Deployment, to finalize installation / protection. I have seen systems reboot on their own even when selecting the option to reboot later, so plan accordingly!