Trend Micro ESP Deployment
Trend Micro Endpoint Security Platform (ESP) aims to solve the increasingly complex problem of keeping critical systems updated, compatible, and free of security leaks. It uses patented Fixlet™ technology to identify vulnerable computers and allows you to remediate them across your entire network with a few simple mouse-clicks.
To deploy the agent successfully, ensure that the ESP Client has been deployed to each target endpoint. The ESP Client accesses a collection of Fixlet messages that detects security holes, improper configurations and other vulnerabilities. The ESP Client is then capable of implementing corrective actions received from the ESP Server.
After deploying the agent, the agent reports its status to its parent server and the ESP server. The agent also begins to receive threat mitigation requests from its parent server.
For endpoints that are not up and running during agent deployment, the agent will automatically be deployed when the endpoint is started and if the agent deployment task has not expired. Run the task again if it has expired.
To deploy the agent from the ESP server's console:
Refer to the ESP server documentation for the detailed procedures.
(Recommended) Create a custom analysis that queries endpoints that do not have Threat Management Agent installed. One of the ways to determine the presence of the agent is by checking if the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Policyenforcer\ApplicationPath
Create a task that silently deploys the agent to target endpoints. When you create this task:
Select only the Windows operating systems listed in Agent Deployment Requirements.
To generate an MSI log file that can be used for troubleshooting agent deployment issues, use the following string:
msiexec /i PEAgent.msi /qn ALLUSERS=1 /lv msi.log
The following is a sample script for this task:
Relevance:
(name of it = "Win2000" OR name of it = "WinXP" OR name of it = "Win2003" OR (name of it = "WinVista" and product type of it = nt workstation product type) OR (name of it = "Win2008" or (name of it = "WinVista" and product type of it != nt workstation product type))) of operating system AND TRUE AND (if (exists file "msiexec.exe" of system folder) then true else false) AND (if (exists key "HKEY_LOCAL_MACHINE\Software\TrendMicro\Policyenforcer" whose (exists value "ApplicationPath" of it) of registry) then FALSE else TRUE)
Actions:
download http://x.x.x.x:52311/Uploads/c2790100fb90aba4c9596709586009b590dec4a7/PEAgentmsi.tmp
continue if {(size of it = 4739051 AND sha1 of it = "c2790100fb90aba4c9596709586009b590dec4a7") of file "PEAgentmsi.tmp" of folder "__Download"}
extract PEAgentmsi.tmp
wait "{pathname of system folder & "\msiexec.exe"}" /i "{(pathname of client folder of current site) & "\__Download\PEAgent.msi"}" /qn ALLUSERS=1 /lv msi.log
The download URL is based on the URL used in the ESP Agent Import wizard.
Verify that the agent was installed successfully. For details, see Agent Post-installation.
See also: