To prevent latest agent build upgrade, users can configure Apex One Security Agent Policy to block program upgrades from server.

1. Login to Apex One as a Service console.
2. Configure the relevant Apex One Security Agent policies > Privilege and Other Settings > Update Settings > Security Agents only update the following components: Patterns Files.

   

    

   ^{Click the image to enlarge.}

3. After maintenance, security agents will stay on previous build.
4. At this point, user can perform MSI install/upgrade on group of test machines.

   Note: MSI install/upgrade package can be downloaded from Apex Central Console:

    

   

   ^{Click the image to enlarge.}

5. Make sure the new package has the same filename and place on the same directory as the last installed package.

   For example: Last installed package filename was “agent_cloud_x64.msi” installer, launched under C:\download\
   Please rename new package as “agent_cloud_x64.msi” and put it under C:\download\ folder

    

   If needed, original package name can be verified from registry:

   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1EFA14817AB44D447800A6FC68A0E81D\SourceList\.

   For example:

   Key: PackageName

   Type: String Value

   Data: agent_cloud_x64.msi

    

   To perform program upgrade, run the following command on the endpoint machine: msiexec.exe/fov "{Package directory\ApexOne-forupgrade.msi" /L*v "{log output path"

   For example:

   msiexec.exe /fov "C:\download\agent_cloud_x64.msi" /L*v "c:\temp\MSI.log"

   KB reference: Creating and configuring an MSI Apex One security agent installation package for fresh installations and upgrades

6. Alternatively, users can push MSI via SCCM or similar 3rd party deployment tools. This way, one can manage when and which agents can get the upgrade.