To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to install WithSecure EDR and EPP on Citrix Server ?

Hi !
I have a citrix catalogs with 9 servers which each one morning rebooting from the snapshot of golden image.
How i needs to install WithSecure on the golden image ?
I guess it's not just run the .exe file of WithSecure intall.
Thank you for your help !

Tagged:

Best Answer

  • gloglo99
    gloglo99 W/ Partner Posts: 4 Security Scout
    Solved

    Hi Guys !

    I tested it following the user guide and it seems to work without a hitch in my non-persistent environment.
    Since my servers restart every morning on the same checkpoint, the server has to register every morning.
    This means using --use_ad_guid instead of --use_smbios_guid.

    In my case, I had to run the following command via GPO on the servers when they were restarted: "%ProgramFiles(x86)%\F-Secure\PSB\fs_oneclient_logout.exe" --keycode <subscription-key>

    I've still got the server performance tests to do with WithSecure, but that's not the subject of this post.

    Thank you all for your help!

    I'll now close this topic.

Answers

  • MrBoer
    MrBoer W/ Partner Posts: 1 Security Scout

    Hi,

    I would suggest to follow the guide below and if you are using windows Active Directory then use the following installation parameter for msi UNIQUE_SIGNUP_ID=adguid or for exe --use_ad_guid:
    https://www.withsecure.com/userguides/product.html#business/psb-portal/latest/en/concept_698756A2ED8C4C709F8D82B93332958D-psb-portal-latest-en

  • gloglo99
    gloglo99 W/ Partner Posts: 4 Security Scout
    edited February 15

    Hi @MrBoer,

    First of all, thanks for your answer !

    I tried to follow the documentation and it's seem it's working but a question persist.

    My citrix environnement is a non-persistent VDI and the documentation is for persistent VDI.

    I am searching for the same documentation for non-persistent VDI. Maybe you know where i can fin it ?

    Thank you for your help !

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 508 Moderator

    Hi @gloglo99 ,

    For non-persistent VDI that does not keep the SMBIOS GUID, subscription need to be freed up every time that a VDI shuts down. Potential workaround is to use the automatic removal feature to delete the inactive devices, to free up the subscription usage. 


    https://www.withsecure.com/userguides/product.html#business/psb-portal/latest/en/task_A9F9892066424129A0DF4E8AE5F1FB09-psb-portal-latest-en

  • gloglo99
    gloglo99 W/ Partner Posts: 4 Security Scout

    Hi @JamesC,

    In fact, i have tested with the parameter given by @MrBoer that is to use --use_ad_guid. I don't how to check that WithSecure use AD GUID well but i've tried to reboot my catalog and it's working well.

    I will continu to follow the documention and add a GPO to execute the command each morning on each server and i will give a feedback here.

  • Boer
    Boer W/ Partner, W/ Staff Posts: 1 W/ Staff

    Hi @JamesC and @gloglo99,

    The AD GUID parameter works for persistent and non-persistent VDI since the agent create the unique id based on the active directory ID and this will prevent duplicates in the WithSecure Elements portal.

    If you are not able to use successfully AD GUID or SMBIOS GUID at all (mostly when you are using workgroup or Azure AD) and you want to cleanup installation right after after closing the machine you can use the following commando at shutdown or at user logout.
    "%ProgramFiles(x86)%\F-Secure\PSB\fs_oneclient_logout.exe" --nokeycode

    That commando will remove the client from the portal (that only works when you don't use the AD or SMBIOS GUID parameters at installation)

    So if you want to complete the whole thing then you need to follow step 1 and 2 in the document below and then replace step 3 and 4 with:
    Step 3: Run the following command at user logoff or system shutdown to prevent duplicates in the portal.
    "%ProgramFiles(x86)%\F-Secure\PSB\fs_oneclient_logout.exe" --nokeycode