With the acquisition of AVG last year, all Avast & AVG Business versions are utilizing the Avast Business A/V client with a new NEX-GEN Behavior Shield. Avast and AVG had independently been working on this shield for several years, and using the Avast’s Hardened Mode (whitelisting module), significantly increases protection against Crypto / Ransomware. These components are not available in the legacy Endpoint Protection versions. Also, Microsoft Windows 10 Spring Update (released) is not compatible with the legacy Endpoint clients. The user is prompted to uninstall Avast or the update will simply fail to install. Additionally, Endpoint has an End of Life for December 31st, 2018 where VPS updates will cease. I want to make sure that we get started on a migration, as this is included in your subscription at no charge, and the increase in protection is dramatic! I will assist you in creating groups and templates for testing using J.R’s best practices. You will be able to continue using Avast Endpoint Protection on those systems for your license term.
- Make sure that your devices are online and have internet access. An offline version of the client is in the works now, but today it is required for activation
- Make sure that your Avast Enterprise Administrator (AEA) or Avast Small Office Administrator SOA) console are updated to the current (AEA 8.0.405 or SOA 188.8.131.52)
- Make sure that your Avast Endpoint Protection program version is on .1609 on the managed clients.
- If you using a LAN Gateway firewall, it is recommended that you whitelist *.avast.com & *.avcdn.net. Port requirements: http/80 (updates) https/443 (FFL encryption key negotiation) TCP, UDP/ 8080, 8090, 443, 5222
- NOTE: Each device will download the 300MB Avast installer file silently, so please be patient as this may take some time.
- Devices may request multiple reboots. This is usually due to restarts that are previously pending.
- Some devices may stay in “Pending” status for some days even though they are online. They are still protected, but unmanaged at that point.
You will need an Avast Business Management Console that is live, either the Cloud or an On-Premise version (Cloud is recommended)
a. For the Cloud Management Console, go to https://id.avast.com/?target=https%3A%2F%2Fbusiness.avast.com%3A443%2F#register to register and receive your account activation email..
b. For On-Premise Management Console, go to https://www.avast.com/download-software and download the Console Installer for Windows. You can install on the same Windows device where your existing AEA / SOA resides. And follow the instructions.
c. Next, search for the file export.xml on your existing AEA / SOA console.
d. With AEA, the file is located in: C:\Program Files\AVAST Software\Enterprise Administration\DATA\log
e. With SOA, the file is located in: C:\ProgramData\AVAST Software\Administration Console
Now open your Avast Business Management Console (On-Premise or Cloud), go to: “General settings” (console, not template, lower left), then “Transfer From Other Console” and choose “Import file”.
Import the XML file (from step d. / e. above) and you will now get an overview of how many groups and devices you’re able to transfer. The Settings/Policies will also be transferred alongside the devices.
NOTE: The xml file has to be less than 1MB to work, which is approximately 1000 seats.
Once successfully imported, devices from the AEA/SOA console will start to appear in the Avast Business console in the Devices section. This may take a while and when they appear, they will have the status “Pending”. On the Devices page, manually select the groups or devices you want to transfer by clicking the Transfer button:
The device’s status will change from Pending to Transferring. The legacy Endpoint Protection clients will be replaced (reinstalled) with Avast Business clients (EP, EPP, EPS to ABA and EPSP to ABAP)
Avast Business consoles will support multiple editions (we call them licenses) in the Licenses section. You may have to activate devices manually, if you have more than one license.
Once devices are fully transferred they will have the status Safe, Vulnerable, or In Danger, depending on the health of the device. NOTE: If above fails, do the following.
Manual Transfer from Avast Endpoint Protection to Avast Business Antivirus
If you wish to carry out a manual transfer due to a complex network, multiple proxies or that you wish to use Group Policy to deploy, please follow these steps:
a. Create your Avast Business console, and acquire your migration license and insert into the console under the “Licenses” tab, and click “Enter license code”
b. Uninstall Endpoint Protection from your devices
c. NOTE: If you are using the AEA or SOA consoles to manage your clients, you should first attempt to push out the uninstall using your Management Console.
How to Uninstall Endpoint Protection from your console
d. If you are using the AEA or SOA consoles to manage your installed devices, you should first attempt to push out the uninstall using your Management Console.
i. In the SOA console you can do this using a job by going to JOBS > Scheduler > Create new job > Details > Job type, then set Deployment and Job selected: Uninstall Avast Protection.
ii. In the AEA console you can do this using a job by going to Client-side tasks > Auxiliary tasks, then right click Auxiliary tasks and create a new task. Select to create an Uninstall managed product(s) task type, set the reboot settings, then select which computers to apply the task to and run the task.
Using the MSI Installer for Enterprise
i. If you have Active Directory in your environment it is possible to download a Full MSI installer in addition to selecting which license tier and settings template to apply to newly installed devices so that they automatically activate after installation without requiring a reboot.
ii. To do this you will need to configure a GPO that deploys the MSI installer in your environment. Please see Microsoft’s documentation regarding deploying MSI files for installation via GPO for the version of Active Directory you are using in order to set this up.
iii. The MSI installers is created from the dashboard, and will require being able to remotely configure your devices to run a startup script as a system level process. For this purpose we recommend using an Active Directory’s Group Policy Object. The correct configuration for this GPO depends largely on which version of Active Directory your domain uses. We recommend reading the following Microsoft TechNet articles as guides when writing your own GPO:
vi. NOTE: When using the MSI installer via GPO, both the script and MSI files should be located in the same directory of a network drive share accessible to all computers and your GPO should reference these files by UNC file path.
When all else fails, Remove Avast for CLEAN Installation
The AVASTCLEAR.EXE removal tool works for all versions of Avast: http://www.avast.com/en-us/uninstall-utility NOTE: “AVASTCLEAR.EXE” must be used in safe mode
UNINSTALL the existing Avast, reboot, and delete the (4) Avast Software folders above. Microsoft uninstaller always leaves the old directories for the purpose of System Restore. Go look, every program you have ever uninstalled is still there! Revo Uninstaller will delete directories automatically. These are the Avast Software folders that MUST BE REMOVED for a clean installation:
C:\Program Files\Avast Software
C:\Program Files\common Files\Avast Software
C:\Program Files(x86)\Avast Software
Please let me know what I can do to help, and have a great day!