Introduction

This article provides some insight on how we release and maintain new versions of our endpoint agent and recommends best practices for deploying agents using a either an RMM, MDM, or GPO deployment tool. 

Field Effect MDR does automatically upgrade our endpoint agents, so long as they are online and using a version that has yet to expire. By design, and to ensure a strong cyber security posture, the certificates for our endpoint agent installers will eventually expire. This takes place approximately 6 months after the release of a major version of Field Effect MDR, and we will notify you via email and in-app notifications about new version releases.

If you are using a deployment tool (RMM/MDR/GPO) to manage deployments, this may pose a challenge, as you will need to periodically update the installer package(s) that your deployment tool is using to release the software. Fortunately, we have alternative deployment methods, outlined in this article, that can remove the need to replace expired installer packages for every new release. The methods below allow for a "one time" deployment that will always have the current installer, and certificate for future releases. 

An important note on legacy installers:

While we have the ability to "force" agent updates, we can only do so if the endpoint agent has come online. So, in scenarios where the endpoint agent was installed that has an expired certificate, we have no way of communicating with these offline agents to force an update, because the expired certificate will not allow it to come online. 

Agents installed with an expired installer must be reinstalled manually, unless you used an RMM/MDM/GPO tool with an expired agent. In that case, update the installer packages in your RMM/MDM/GPO tool. It is possible to install a new version of Field Effect MDR over top of these legacy versions.

With v3.2 of the agent or earlier, the installation will still complete, which can cause confusion, since it appears to have installed successfully, but is not online and communicating with our servers. With v3.3 or later, the installation will fail and inform you that it was unsuccessful. So, please remove any legacy installation packages you are using for your deployment tool and use one of the following methods below, which serve two distinct use cases having to do with which networks the appliance and endpoint agents are connected to.

1: Use automated script for installations

If you have endpoint devices that are not connected to the same network as the appliance, we have a PowerShell script that manages the installation/uninstallation of our Field Effect MDR endpoint agent for Windows. This script works for both on-prem and cloud-based deployment tools.

This script leverages our API calls to create a simplified and automated process for users leveraging an automated deployment solution, as well as create the necessary log files our Support team may require for future troubleshooting or investigations.

Unlike Best Practice #2 below, the agent and appliance do not need to be on the same network. 

Visit our Help Center article to get the script.

2: Use appliance-hosted installers

Our network appliances self-host the most recent version of our installers, and since they are hosted on Field Effect's equipment, we can update these installers whenever a new version becomes available. This method works for only on-prem deployment tools.   

If your network appliance and all endpoint agents are connected to the same network, we recommend using the appliance's installer location within your automated deployment tool. With this method, your tool will be referencing the latest version of the installer on your appliance with every new install, circumventing the need to update installers with new certificates.

To learn more about appliance-hosted installer, see our Help Center article.