Quick Start: Avast Business On-Premise Console

With the Avast Business On-Premise Console, adding critical protection to every PC, Mac, and server has never been easier. Flexible management provides the most convenient way to protect businesses. The On-Premise Console provides:

  • Complete control over the behavior of Antivirus on endpoint devices
  • Centralized management of multiple devices, situated locally
  • A complete overview of the current status of entire environment with immediate alerts
  • Automatic and seamless updates

Avast Business On-Premise Console integrate seamlessly with Avast Business Antivirus to:

  • Leverage virtualization to protect confidential information
  • Protect multiple platforms - PCs, Macs, and servers
  • Update to the latest version automatically or manually
  • Add extra firewall protection for remote endpoints
  • Provide complete server protection
  • Secure your e-mail client

When you install Avast Business Antivirus on devices through the Avast Business On-Premise Console, you can control Avast Business Antivirus on those devices remotely. You can change and apply settings to each device individually, without having to visit each device or recall them from the field.

Setting Up the On-Premise Console

Verify Console System Requirements

Avast Business On-Premise Console

Windows:

  • 11, 10, 8.x, 7 SP1 — x64, x86
  • Server 2022, 2019, 2016, 2012, 2008 R2 SP1 — any edition — x64
  • Small Business Server 2011, 2008 — x64
  • Exchange Server 2022, 2019, 2016, 2013, 2010, 2007 — x64
  • Exchange Server 2003 (up to Antivirus version 18.8) — x86
  • SharePoint Server 2019, 2016, 2012, 2010, 2007, 2003 — x64

Mac or Linux (Docker):

  • Any MacOS that can run Docker, prefer MacOS 10.10 or newer
  • Any Linux OS that can run Docker, prefer CentOS 7
  • Docker Engine 1.10.0 or higher
  • Docker Compose 1.6.0 or higher

Avast Business Antivirus Endpoints

Windows:

  • 11 — x64, x86
  • 10 — all versions except Mobile and IoT Core Edition — x64, x86
  • 8/8.1 — all versions except RT and Starter Edition — x64, x86
  • 7 SP1 — requires KB3033929 — x64, x86
  • Server 2022, 2019, 2016, 2012 — any edition with latest service pack excluding Server Core — x64
  • Server 2008 R2 — requires KB3033929 — x64
  • Small Business Server 2011 — x64
  • Microsoft Exchange Server 2022, 2019, 2016, 2013, 2010 SP2 — x64
  • Microsoft SharePoint Server 2010/SharePoint Services 3.0 and higher

Mac:

  • MacOS 10.11 (El Capitan or later with at least 500MB free disk space), prefer 11.x Big Sur or later

Linux:

  • CentOS 7 and above
  • Debian 8 and above
  • Red Hat Enterprise Linux 7.4 and above
  • Ubuntu LTS 16.04 and above

Verify Console Firewall Requirements

For overall functionality, and to enable the Antivirus clients and/or the Management Consoles to authenticate/update, you must allow certain ports and URL addresses through your Firewall or Proxy Server.

Ports (TCP & UDP)

  • 53 – Secure DNS services (only if using Real Site component)
  • 80 – Internet vulnerability checks and feature updates
  • 443 – Encrypted communication
  • 8080, 8090 – Communication between console and clients within local network (only for On-Premise Console)
  • 4158 – Mirror, for local updates within local network
  • 7074 – Remote Deployment within local network

URLs

  • *.avast.com
  • *.avcdn.net

Setting Up the Console

  1. Navigate to https://www.avast.com/installation-files
  2. Under the Business tab, click on one of the following to download:
    • Console Installer for Windows (recommended for Microsoft Windows Server operating systems)
    • Console Image for Docker (recommended for all other server operating systems, such as MacOS X or Linux)

For the On-Premise Console, follow the installation process for your operating system as detailed in Console Management in the Avast Business On-Premise Console.

Activating Licenses in the On-Premise Console

An activation code is part of your confirmation of purchase. It contains information about the edition you purchased. Your code is the license used to activate your software.

  1. When running the Console for the first time, the screen will prompt you to enter your license code.
  2. Enter your license code.
  3. Click Activate license code.

Activating Additional Licenses

  1. Navigate to the Subscriptions page
  2. Do one of the following:
    • If you have a license code, click Got activation code?, enter the code, then click Activate
    • Beside the subscription you would like to purchase, click Buy, then complete the transaction

Assigning Licenses to Devices

You can only perform this action after you have added a device to your network.

This procedure requires the device to restart.

  1. On the Devices page, do one of the following:
    • To include all devices in a group, click the More button next to the group name. Then click Edit group.
    • To include multiple devices, select the check boxes of the devices. Then click Actions Change subscription.
    • For a single device, click the More button next to a device, then click Change subscription.
  2. Select the license you would like to use from the drop-down menu(s).
  3. Click Apply for the license you want to change to, or Save group if you are changing the subscription for an entire group of devices.

Adding Devices via the Installer File or Shareable Link

Via console

Downloading Installer

  1. Select which type of installer you need:
    • Windows .exe (for workstations and servers)
    • Windows .msi (for deployment using GPO)
    • MacOS X .dmg
  2. Select the subscription products
  3. Click Advanced Settings to view the following options
  4. Choose the Group and Policy the device will use
    1. If desired, you can activate your devices and select the subscriptions to use after installation by checking the box with that option.
  5. Choose whether to automatically remove competitive antivirus products on the device
    1. The option to remove competitive antivirus products is checked by default. We recommend that you leave this option checked when installing the Antivirus service. 
  6. Select the installer size (Light vs Full)
    1. If you select Light, the other services will be downloaded upon installation of the Antivirus agent. This option is not recommended if you are installing Antivirus on multiple devices at the same, as each machine will individually contact Avast servers to download the other services. 
  7. Ensure you have defined the correct Proxy Server, if any, in the policy you are applying to the device
  8. Click Download now and specify where to save the installation package–such as on a flash drive or network drive

You can also send a download link from this page by clicking Share download link beneath the Download now button. You can then copy and send the private download URL to any desired recipients.

Sending Download Link via Email

Before you can send download links from the On-Premise Console, you will need to define your SMTP server.

  1. Enter the email addresses for the target users in the Send To box, separated by commas
  2. If desired, alter the Subject line of the email that will be sent
  3. To configure the message you send in the email, check Include your custom message and type a message in the space provided
  4. Select the subscription products
  5. Click Advanced Settings to view the following options
  6. Choose the Group and Policy the device will use
    1. If desired, you can activate your devices and select the subscriptions to use after installation by checking the box with that option.
  7. Choose whether to automatically remove conflicting antivirus products on the device
    1. The option to remove competitive antivirus products is checked by default. We recommend that you leave this option checked when installing the Antivirus service. 
  8. Select the installer size (Light vs Full)
    1. If you select Light, the other services will be downloaded upon installation of the Antivirus agent. This option is not recommended if you are installing Antivirus on multiple devices at the same, as each machine will individually contact Avast servers to download the other services. 
  9. Ensure you have defined the correct Proxy Server, if any, in the settings template you are applying to the device
  10. Click Send

Installing on the Local Client

Once you have an installer file or download link from the Avast Business Management Console, you need to install Avast Business Antivirus to the end device(s).

  1. Copy the installer file to a location accessible by the end device
  2. Double-click on the installer file to run it
  3. If asked to allow the application to make changes to your device, click Yes
  4. Wait while Avast Business Antivirus is installed on the device
  5. When prompted, restart the device
  6. The device should now be visible in your Console

Adding Devices via Remote Deployment

Remote Deployment Requirements

  • Administrator credentials to the computer or Windows domain. If using domain credentials, include the domain name: (e.g., YOUR_DOMAIN\username).
  • Network information about the devices you are deploying to. You need this information to locate the devices on your network.
  • Prepare computers for the client installation. Uninstall any other Antivirus software if installing Avast Business Antivirus.

Configure the following on each device:

Remote Deployment Details

The Remote Deployment option is only available after you have added at least one device to your network using another install method. You must also designate a Master Agent thus, it is best if the first device you add to your network is the device you will use as the Master Agent. Below is a summary of the remote deployment process:

Deploying Installers Remotely

Policy Configuration and Components

The main way you manage your devices is through policies, which are groups of security rules that determine how Avast Business Antivirus works on the endpoints. Any changes to a policy are applied to the devices and groups assigned to it.

The Avast Business Management Consoles include a default template that has already been set up with the suggested configuration. You can apply this template, or create your own by duplicating the default to customize it or by creating a new template altogether. The default template cannot be deleted until another policy has been created.

Antivirus Components by Product License

Component Avast Business Antivirus Avast Business Antivirus Pro Avast Business Antivirus Pro Plus
File Shield X X X
Web Shield X X X
Mail Shield X X X
Behavior Shield X X X
Remote Access Shield     X
Wi-Fi Inspector X X X
Real Site X X X
Firewall X X X
Sandbox X X X
Exchange   X X
Sharepoint   X X
Webcam Shield     X
SecureLine VPN     X
Data Shredder   X X
Passwords     X
Password Protection     X
Software Updater X X X
Browser Cleanup     X
Rescue Disk X X X

Enabling and Disabling Components

Nearly all the shields and tools available in Avast Business Antivirus can be enabled or disabled in the policy. This is especially useful if you are trying to install only a few of the components on a server, or just keeping your number of tools to a minimum. Some tools, however, can only be installed or uninstalled entirely, such as Sandbox and Rescue Disk.

  1. In the policy you are configuring, select the Active Protection tab
  2. Select the relevant OS tab (Windows Workstation, Windows Server, or MacOS X)
  3. Beside the components you want to alter, do one of the following:
    • To enable the component, move the slider to On
    • To disable the component, move the slider to Off

Installing and Uninstalling Components

Most Active Protection features are installed with Avast Business Antivirus, but these components can be uninstalled and reinstalled as needed via the policy. MacOS X protection components cannot be installed or uninstalled but can be turned off.

  1. In the policy you are configuring, select the Active Protection tab
  2. Select the relevant OS tab (Windows Workstation, Windows Server, or MacOS X)
  3. Beside the components you want to alter, do one of the following:
    • If the component is not yet installed, click Install this component. Then click I understand, install component
    • If the component is already installed, click the More button beside the component, then click Uninstall this component. Then click I understand, uninstall component

For more details on configuring the various components available in the Policies of the Avast Business Management Consoles, see Configuring Settings and Policies in the Business Hub and Avast Business Management Consoles.

Configuring Exclusions

Wildcards

Many of the Shields and other components included in Avast Business Antivirus, as well as the main Antivirus itself, enable you to configure exclusions or block specific paths. Wildcards help when you do not know the exact file path or file name of files you want to include or exclude, or if you want to indicate multiple files in one path. Not all file paths allow the use of wildcards.

Character Meaning
?

Replaces a single character

For example: ab?.html matches the files abc.html, abd.html, abe.html, etc. It will not match the file abc.htm.

*

Replaces zero or more characters

For example: *mtl matches the files abc.html and d.html. *txt matches the files abc.txt, x.txt, and xyztxt.

Exclusions

You can configure exclusions that will propagate across all of the various Shields and components of Avast Business Antivirus in the Exclusions or Antivirus Settings tab of your policies. If you would like to configure exclusions that only apply to one component, see Configuring Component-Specific Exclusions.

Any changes made to exclusions within policies will propagate across your network every 5-10 minutes. Console policies override local settings.

  1. Navigate to the Antivirus Settings tab for the desired OS
  2. In the Exclusions section, do one of the following:
    • Click File paths, enter a file path you would like to exclude, then click Add
    • Click URL addresses, enter a URL you would like to exclude, then click Add
  3. Click Apply changes when you are finished

If you have multiple OS types using the same policy, be sure to add the exclusions to this section under the Windows Workstation and/or Windows Server tabs.

Configuring Automatic Updates

You can set your devices to automatically update the Avast Business Antivirus program and virus definitions.

Configuring Updates

Avast Business On-Premise Console

  1. Click the policy you would like to change
  2. Select the OS you are adding automatic update settings for
  3. Click the General Settings tab
  4. In the When to update section, choose an update option for both Virus definition updates and Program updates from the following options:
    • Automatically when new update is available (Recommended)
    • Manually
  5. Click Apply changes

Updates are sent either directly via Avast servers or any configured Master Agents/Local Update Servers on your network. If you have selected manual updates, you will need to manually update via the Devices page to ensure all devices on your network remain up to date with the latest protection.

Creating and Configuring Scans

You can configure the types of files and programs that are scanned by Avast Business Antivirus when you set up the scan task, assuming you selected an Advanced Scan type (Custom, Boot-time). Therefore, the main details for what will be scanned are not configured in policies, though exclusions are.

Types of Scans

  • Quick Scan—Scan for common threats
  • Full System Scan—Run a detailed scan of every file on the device
  • Custom Scan—Run a scan where you choose the file types, sensitivity of the scan, performance, actions, and whether compressed files are included.
  • Boot-time Scan (MS Windows only)—Run a scan when the device boots up.

Creating Scan

  1. Click Scan device
  2. Select a type of scan:
    • Quick Scan—Scans for common threats
    • Full System Scan—Runs a detailed scan of every file on the device
    • Removable Media Scan—Scans USBs and portable media connected to the device
    • Custom Scan—Runs a scan where you choose the file types, sensitivity of the scan, performance, actions, and whether compressed files are included.
    • Boot-time Scan (MS Windows only)—Runs a scan when the device boots up.
    • If you chose Custom or Boot-time Scan, select the additional configuration options for your scan.
  3. If you would like the task to be recurring, select Schedule the scan and set the Frequency (one-time, daily, weekly, or monthly) and Schedule start date and time
  4. Type a Custom name for the scan
  5. Click Start Scan

Any threats that are detected during this scan are usually sent to the device's Virus Chest. You can view and manage these detections in Device Details.

Scan Configuration

Configuring Boot-Time Scans

Boot-time scans are only available for Microsoft Windows devices, and will scan your device when it is just beginning to "boot up".

Windows locations to scan: you can select preset locations to scan from the drop-down menu, which are then added to the list. If desired, you can also type the path to a specific location to be included in the scan. Any locations you do not want included in the scan can be removed from the list by clicking the delete button.

Restart the device now: immediately restart the device in order to perform a boot-time scan. If you do not check this, the boot-time scan will run the next time the device restarts.

Notify users with a message before the restart: enter a message to be displayed to the end user notifying them the device will restart shortly

Specify when the above message will be displayed: select when the message will be displayed, between 1 minute, 10 minutes, 30 minutes, or 1 hour before restart.

Heuristics: heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware.

PUP and suspicious files: choose whether or not to scan for Potentially Unwanted Programs (PUPs)

Unpack archive files: choose whether or not to unpack archive file types during scanning, which is slower but more extensive

When a threat is found: choose what action Avast takes when a threat is detected, between Clean automatically, move to chest, repair, delete, or no action.

Cancel the scan on the workstation: choose whether or not the scan can be canceled on the workstation while it is running

Configuring Custom Scans

Custom scans provide the most control over what specific types of files, folders, programs, and processes are included in the Avast Business Antivirus scan.

Configuring Locations

You can select preset locations to scan from the drop-down menu, which are then added to the list. If desired, you can also type the path to a specific location to be included in the scan. Any locations you do not want included in the scan can be removed from the list by clicking the delete button.

File Types Tab

You can choose whether or not to scan all files (or just the most common areas for threats). Additionally, you can configure the scan to recognize file types by their content, which requires scanning the entire file, or by their name extension which will only scan the files with the extensions you enter in the text box that appears when that option is selected. You can also select whether or not to extract and scan packer files (.zip, etc).

Sensitivity Tab

Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware. Code emulations unpack and test suspected malware in an emulated environment where the file cannot cause damage to devices. Use code emulation is enabled by default.

Sensitivity: choose to test whole files, which will cause the scan to be slower but more extensive.

PUP and suspicious files: choose whether or not to scan for Potentially Unwanted Programs (PUPs)

Links: choose whether any links within files are followed during the scan, which will cause the scan to be slower but more extensive.

Performance Tab

Priority: choose the priority of the scan on the end device(s). A higher priority will lead to a quicker scan, but will use more resources.

Persistent cache: choose whether to speed up the scan by using the persistent cache, and/or to store data about scanned files in the persistent cache which will slow down the scan.

File access: choose whether to speed up the scan by reading files in the order they are stored on the disk, which is only effective on NTFS volumes.

Actions Tab

Apply an action: choose whether or not actions are automatically taken during the scan when a virus, potentially unwanted program (PUP), or suspicious file is detected. The options are Clean Automatically, Move to chest, Repair, Delete, and No Action.

If, for whatever reason, Avast cannot complete the main action, it will attempt the action selected under If the action fails, use

Options: choose whether to perform the selected action upon restart.

Processing of infected archives: choose whether to only remove the packed file from the archive (and if that fails, do nothing), remove the packed file from the archive (and if that fails, remove the entire archive), or to remove the entire archive.

Configuring Custom Scans

Custom scans provide the most control over what specific types of files, folders, programs, and processes are included in the Avast Business Antivirus scan. You can select different scan options for Windows Workstations, Windows Servers, and MacOS X Devices within the same scan task.

Configuring Locations

You can select preset locations to scan from the drop-down menu, which are then added to the list. If desired, you can also type the path to a specific location to be included in the scan. Any locations you do not want included in the scan can be removed from the list by clicking the delete button.

File Types Tab

You can choose whether or not to scan all files (or just the most common areas for threats). Additionally, you can configure the scan to recognize file types by their content, which requires scanning the entire file, or by their name extension which will only scan the files with the extensions you enter in the text box that appears when that option is selected.

Sensitivity Tab

Heuristics Sensitivity: Heuristics enable Antivirus to detect unknown malware by analyzing code for commands that may indicate malicious intent. The default setting is Normal. With higher sensitivity, Antivirus is more likely to detect malware, but also more likely to make false-positive detections that incorrectly identify files as malware. Code emulations unpack and test suspected malware in an emulated environment where the file cannot cause damage to devices. Use code emulation is enabled by default.

Sensitivity: choose to test whole files, which will cause the scan to be slower but more extensive.

PUP and suspicious files: choose whether or not to scan for Potentially Unwanted Programs (PUPs)

Links: choose whether any links within files are followed during the scan, which will cause the scan to be slower but more extensive.

Performance Tab

Priority: choose the priority of the scan on the end device(s). A higher priority will lead to a quicker scan, but will use more resources.

Persistent cache: choose whether to speed up the scan by using the persistent cache, and/or to store data about scanned files in the persistent cache which will slow down the scan.

File access: choose whether to speed up the scan by reading files in the order they are stored on the disk, which is only effective on NTFS volumes.

Actions Tab

Apply an action: choose whether or not actions are automatically taken during the scan when a virus, potentially unwanted program (PUP), or suspicious file is detected. The options are Clean Automatically, Move to chest, Repair, Delete, and No Action.

If, for whatever reason, Avast cannot complete the main action, it will attempt the action selected under If the action fails, use

Options: choose whether to perform the selected action upon restart.

Processing of infected archives: choose whether to only remove the packed file from the archive (and if that fails, do nothing), remove the packed file from the archive (and if that fails, remove the entire archive), or to remove the entire archive.

Packers Tab

Choose whether or not to extract all archive files for scanning.

There are many more features and options available in the Avast Business Management Consoles. For more information, please see the rest of our Knowledge Base.