How to apply GFI EndPointSecurity auto-updates in an offline environment

Answer

Applies to:

• GFI EndPointSecurity 2013
• GFI EndPointSecurity 2012
   

This article describes how to apply auto-updates to an installation that cannot access GFI's auto-update servers via the internet directly.

1. On a host that can access the internet, download the required patches from the following location: http://update.gfi.com/dw/
   • If prompted for a user ID and password, please contact GFI Support for these credentials
2. Download and extract the update script from http://ftp.gfisoftware.com/support/ESEC/Scripts/EndPointSecurityUpdates.zip
3. In the EndPointSecurity installation directory, create a folder named Patches
   • If the folder already exists, make sure it's empty
4. Copy the update zip files downloaded in step 1 and InstallUpdates.vbs downloaded in step 2 to the ..\GFI EndPointSecurity\Patches folder
5. Close the GFI EndPointSecurity console
6. Stop the GFI EndPointSecurity service
7. Run InstallUpdates.vbs
8. Once the update is complete, start the GFI EndPointSecurity service
9. Clear the contents of the Patches folder

Notes:

• The script will not work if UAC is enabled, as it won't be able to modify the necessary files in the endPointSecurity installation folder
• When applying updates manually, toolcfg_updatehistory.xml will not be updated with the patches that have been applied. Therefore if the EndPointSecurity server is connected to the internet later on, the auto-update will detect patches that have been applied manually as missing.
• Patches with ESEC2012 in the name should only be applied to EndPointSecurity 2012 installations while patches with ESEC2013 in the name only apply to EndPointSecurity 2013 installations