Red Cloak Endpoint Agent for Incident Response Services
Introduction ⫘
This page is intended to provide reference information regarding deployment and operation of the Red Cloak™ Endpoint Agent during Incident Response and Threat Hunting engagments. Additional information can be found on the TDR docs site at this location: Red Cloak Endpoint Agent Installation.
How do I deploy Red Cloak Endpoint Agent? Can I use my own software distribution system? ⫘
The recommended way to deploy is to use your existing software distribution system. Secureworks will provide an MSI or RPM package that embeds a configuration specific to your network. This package can be deployed via Group Policy Object, Microsoft Endpoint Configuration Manager, or other similar means. Secureworks can also provide a standalone executable that can be added to domain logon scripts if an MSI is inconvenient.
Does Red Cloak Endpoint Agent leverage network proxies? ⫘
Reference this link for information regarding the Red Cloak Endpoint Agent’s use of proxies: Red Cloak Endpoint Agent Proxy Support.
How do I download the Red Cloak Endpoint Agent installation file? ⫘
Reference this link for information regarding obtaining a Red Cloak Endpoint Agent installation package: Download the Red Cloak Endpoint Agent Software.
How do I install the Red Cloak Endpoint Agent package? ⫘
Windows ⫘
Information regarding installing the Red Cloak Endpoint Agent MSI on Windows systems can be found at this location: Red Cloak Endpoint Agent, Windows.
Linux ⫘
Information regarding installing the Red Cloak Endpoint Agent RPM on Linux systems can be found at this location: Red Cloak Endpoint Agent, Linux.
How can I validate that the Red Cloak Endpoint Agent is functioning as expected? ⫘
Information on how to trigger a Red Cloak Endpoint Agent test event can be found at this location: Red Cloak Endpoint Agent Test Event.
How do I uninstall Red Cloak Endpoint Agent? ⫘
Upon completion of an engagement, you may remove the Red Cloak Endpoint Agent using the following instructions: Red Cloak Endpoint Agent Uninstall.