How to manage avast Endpoint Protection with the Small Office Administration console (SOA)

This article will simplify the installation and configuration for managing the avast Endpoint Protection  using the Small Office Administration console (SOA) avast! Small Office Administration console (SOA) The avast! Small Office Administrator (SOA) is a very easy to use management console that has low impact on system. It is a great tool for networks with less than 200 users to add HIPPA compliancy to the anti-virus system. The SOA does NOT require a server, and does not use conventional SQL (it uses an embedded SQL lite). Ours is running on an older XP SP3 box (dual-core) and I have even loaded on my i3 notebook during avast! console training at avast! HQ in Prague.  It was so light, that I couldn’t even tell it was. The console enables push deployment in a Windows Active Directory environment. Workgroups will not deploy, so installs either occur from users or Administrators. Endpoint Protection SOA Console:  http://files.avast.com/iavs5x/setup_console_ep.exe Endpoint Protection client installer:  http://files.avast.com/iavs5x/setup_av_ep.exe Here is a walk through, screen by screen, of a SOA installation. It is worth taking a few minutes it takes to familiarize yourself with this process prior to installing the console: http://www.advantage77.com/Files/avast_Quick_Guide_ASOA.pdf   Workstations For desktop installation, I recommend to remove all unnecessary modules from the deployment components, so they are not installed on the client (I will assist you with the SOA configuration). It is best to have the system hosting the SOA console to use a fixed IP vs. DNS name.  This will eliminate DNS issues during deployment. Here are the changes we make to the default settings of avast! Endpoint Protection versions (Plus, Suite, and Suite Plus) when managed using the avast! Small Office Administration console (SOA): http://www.advantage77.com/2014/05/09/how-to-configure-avast-endpoint-protection-for-increased-protection-using-the-soa-console/  WORKGROUP VS. ACTIVE DIRECTORY You may push a deployment from the console for a Windows domain using Active Directory. If this is a Workgroup, you will NOT be able to push deploy, as there is no Domain/Administrator account.  Avast! Endpoint client installations will need to be done by an admin or users, as they require a human to click on the installer. ACTIVE DIRECTORY If using Active Directory you can easily create an installation package to push the client remotely through the network using the Domain/Administrator account. The Endpoint client will remove existing installation of avast! 4 only.  Other avast! versions may need to be removed prior to Endpoint deployment, including non-avast! anti-virus engines. NOTE: When you are deploying, you must enable the Admin Shares, Network Discovery and Microsoft File & Printer sharing. If this is a Workgroup, then these settings are not necessary.  WORKGROUP When using a Workgroup you can only  manually install using human intervention (admin or users). We recommend creating the installation package “managed.exe” and send it via email to each client or install it separately using a USB Flash disk, or shared directory. Once the client has been installed only then will it be detected as manageable in the SOA console.  The Endpoint client will remove existing installations of avast! 4 only.  Any other avast! version or other anti-virus may need to be un-installed prior to execution of the avast! Endpoint Protection client.  SOA INSTALLATION STEPS 1. Please make sure the ports listed below are opened in the network on both the client and server side (you can use the GPO to dispatch on all machines, and make sure to reboot the machines for the changes to be applied).  avast! Small Office Administration uses the following ports: Port for Console: 8731 Secure Port for Console: 8732 Port for Client: 25322 2. Install the Small Office Administration console (SOA) with mirror so that the clients will update their anti-virus from console: http://files.avast.com/iavs5x/setup_console_eps_full.exe NOTE: Prerequisites include DotNet 4.0 and Microsoft Silverlight. NOTE: Systems with pre-existing SQL must be dealt with differently 3. Do a discovery task to find all the machines (this occurs automatically during the console install).  Create the necessary groups for each type of system (Workstation, Server, Sharepoint server, unmanaged, etc.) and move the discovered systems into their appropriate group. The unmanaged group is a place to move unmanaged systems and Active Directory ghosts out of the way. 4. Modify the components of the deployment package. avast_soa_comp_ws 5. Start to deploy by group of 10-20 machines at once, make sure to enable the “Reboot the machine” option in the deployment task settings (this is necessary to finalize the installation process). **Important** – Before sending out an installation please be sure the mirror is up to date which you can check by going to view tab in the console and check mirror status. Once it’s up to date then you can send out the installation. (NOTE: SOA can be installed with or without mirror). I have created a new Deployment job under JOBS, Scheduler.  NOTE: verify the correct domain is selected under “Domain” field drop down. Also, the “Username” field is really the domain/administrator. Also, treat  the “Reboot client computer after installation” as “Always” and plan accordingly. The clients NEED to be rebooted for proper protection, and to show up correctly in the console. I have also seen clients reboot no matter what that setting is set to. Sincerely, J.R.  Guthrie President Advantage Micro Corporation 520-290-0595 jr@advantage77.com avast_sig_logo “At this point in time, the Internet should be regarded as an Enemy Weapons System!”

Leave a Reply

Your email address will not be published. Required fields are marked *