Use the Packager tool to create a Microsoft Installer (MSI) package that can be used to install the Threat Management Agent to an endpoint. Launch the tool and create the package on any computer that can access the Threat Mitigator product console.
The tool prompts you to specify the Threat Mitigator IP address so the agent can identify its parent server. It also prompts you for the port number the agent will use to communicate with Threat Mitigator.
Click Mitigation Settings on the main menu. The drop-down menu displays.
Click Agent Settings from the drop-down menu. The Agent Settings screen displays.
Click the Download link next to Packager Tool.
Click Run twice to launch TMAgentInstallConfig.exe.
Click Extract to copy the files to a temporary folder in the computer. You can also click the button next to the text box to specify a different folder.
The tool’s user interface opens.
Check the folder to which the agent package will be created. To specify a different folder, click Browse.
Specify the IP address of the Threat Mitigator server to allow the agent to identify its parent server.
Type the agent port number. Ensure that you specify a port number that is currently not in use on target endpoints.
(Optional) Choose to hide the agent icon from view. Because Threat Management Agent can be installed silently and does not have settings that users can configure, you may want to enable this option to avoid receiving user inquiries regarding the agent and its functions.
Click OK. The agent package (PEAgent.msi) is created on the folder specified in step 6.
After creating the agent package, deploy it to endpoints:
Through Active Directory
Through Microsoft SMS (or other software deployment applications)
By creating a logon script that automatically installs the agent on endpoints that log on to a domain
By copying the package to a shared folder accessible to users
By launching the package directly on the target computer
Take advantage of Active Directory features to deploy the agent package simultaneously to multiple endpoints. MORE >>
Open the Active Directory console.
Right-click the Organizational Unit (OU) where you want to deploy the package and click Properties.
On the Group Policy tab, click New.
Choose between Computer Configuration and User Configuration, and open Software Settings below it.
Tip: Trend Micro recommends using Computer Configuration instead of User Configuration to ensure successful package installation regardless of which user logs on to the computer.
Below Software Settings, right-click Software installation, and then select New and Package.
Locate and select the agent package.
Select a deployment method and then click OK.
Assigned: The agent package is automatically deployed the next time a user logs on to the computer (if you selected User Configuration) or when the computer restarts (if you selected Computer Configuration). This method does not require any user intervention.
Published: To run the agent package, inform users to go to Control Panel, open the Add/Remove Programs screen, and select the option to add/install programs on the network. When the agent package displays, users can proceed to install the agent.
Deploy the agent package using Microsoft System Management Server (SMS) if you have Microsoft BackOffice SMS installed. MORE >>
The procedure below assumes that the SMS server and agent package are on the same computer. Refer to the Microsoft SMS documentation for other methods of deploying an MSI package.
Known issues when installing with Microsoft SMS:
"Unknown" appears in the Run Time column of the SMS console.
If the installation was unsuccessful, the SMS program monitor may still show that the installation has been completed.
The following instructions apply if you use Microsoft SMS 2.0 and 2003.
Open the SMS Administrator console.
On the Tree tab, click Packages.
On the Action menu, click New > Package From Definition. The Welcome screen of the Create Package From Definition Wizard appears.
Click Next. The Package Definition screen appears.
Click Browse. The Open screen appears.
Browse and select the agent package, and then click Open. The agent package name appears on the Package Definition screen. The package shows "Trend Micro Threat Management Agent" and the program version.
Click Next. The Source Files screen appears.
Click Always obtain files from a source directory, and then click Next. The Source Directory screen appears, displaying the name of the package you want to create and the source directory.
Click Local drive on site server.
Click Browse and select the source directory containing the MSI file.
Click Next. The wizard creates the package. When it completes the process, the name of the package appears on the SMS Administrator console.
On the Tree tab, click Advertisements.
On the Action menu, click All Tasks > Distribute Software. The Welcome screen of the Distribute Software Wizard appears.
Click Next. The Package screen appears.
Click Distribute an existing package, and then click the name of the agent package.
Click Next. The Distribution Points screen appears.
Select a distribution point to which you want to copy the package, and then click Next. The Advertise a Program screen appears.
Click Yes to advertise the package, and then click Next. The Advertisement Target screen appears.
Click Browse to select the target computers. The Browse Collection screen appears.
Click All Windows NT Systems.
Click OK. The Advertisement Target screen appears again.
Click Next. The Advertisement Name screen appears.
In the text boxes, type a name and your comments for the advertisement, and then click Next. The Advertise to Subcollections screen appears.
Choose whether to advertise the package to subcollections. Choose to advertise the program only to members of the specified collection or to members of subcollections.
Click Next. The Advertisement Schedule screen appears.
Specify when to advertise the package by typing or selecting the date and time. If you want Microsoft SMS to stop advertising the package on a specific date, click Yes. This advertisement should expire, and then specify the date and time in the Expiration date and time list boxes.
Click Next. The Assign Program screen appears.
Click Yes, assign the program, and then click Next.
Microsoft SMS creates the advertisement and displays it on the SMS Administrator console.
When Microsoft SMS distributes the agent package to target computers, a screen displays on each target computer. Instruct users to click Yes and follow the instructions provided by the wizard.
Create a logon script that installs PEAgent.msi when an endpoint joins a domain.
For example:
@ECHO OFF
if not exist %windir%\PEAgent\PEAgentMonitor.exe msiexec /i "\\x.x.x.x\PEAgent.msi" /quiet
Copy PEAgent.msi to the Web or file server on the Intranet or a shared folder accessible to users.