FAQ: Taegis™ Agent
Additional Taegis™ Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.
Is the Taegis™ XDR Endpoint Agent Available to All Customers? ⫘
Which Operating Systems Is Taegis™ XDR Endpoint Agent Supported on? ⫘
What Potential Scenarios May Arise from Running Two Secureworks® Taegis™ XDR Supported Endpoint Integrations? ⫘
If you run Taegis™ XDR Endpoint Agent as well as third-party supported endpoint software (like Carbon Black, CrowdStrike, or Microsoft Defender), and if the third-party integration is connected to Secureworks® Taegis™ XDR, then you may experience the following scenarios:
- Duplicate Alerts: If two agents are gathering similar telemetry from the endpoint, it could potentially lead to duplicate alerts in Secureworks® Taegis™ XDR. You can minimize this impact by suppressing those duplicate alerts.
- Agent Performance: If the Taegis™ XDR Endpoint Agent is not safelisted in the third-party endpoint application, then that could cause performance or compatibility issues on the endpoint/host.
What Types of Data Does Taegis™ XDR Endpoint Agent Collect from the Host? ⫘
The Taegis™ XDR Endpoint Agent collects a whole host of endpoint telemetry that is analyzed to identify threats and their associated behaviors. The following table provides an overview of telemetry collected:
Only Auth telemetry is provided by the Linux agent when no driver is available; if the driver is available and loaded, Process, Netflow, and FileMod are provided as well.
My Antivirus Product Blocked Taegis™ XDR Endpoint Agent. What Should I Do? ⫘
Antivirus products monitor systems for unusual modifications to the operating system or installed software. One example of such modification would be Taegis™ XDR Endpoint Agent data files created by its processes. Even though the Taegis™ XDR Endpoint Agent DOES NOT modify anything that belongs to the operating system, some AV/malware protection products can consider the Taegis™ XDR Endpoint Agent's own files' modifications as malicious behavior and block or stop the processes. We recommend you add the following folders that belong to Taegis™ XDR Endpoint Agent by default to be excluded from AV scanning and/or add them to an allowlist/safelist.
What Are the Recent Changes in the Taegis™ XDR Endpoint Agent ? ⫘
See Taegis™ XDR Endpoint Agent Changelog for version updates.
What Network Connectivity Is Required? ⫘
Please refer to Taegis™ XDR Endpoint Agent Installation for connectivity requirements.
What OS Platforms Are Supported? ⫘
For information on supported operating systems, see Taegis™ XDR Endpoint Agent Supported Operating Systems.
How Often Are Taegis™ XDR Endpoint Agent Software Updates Available? ⫘
Secureworks continuously updates Taegis™ XDR Endpoint Agent with the latest enhancements available to our clients. Updates and their associated end-of-life dates will be made available to the client in advance so you can upgrade as needed.
How Often Is New Intelligence Added to Secureworks® Taegis™ XDR? ⫘
Two Host Processes Are Running on My Windows Agent Endpoint. Is This Expected? ⫘
Yes, this is expected.
Does the Taegis™ XDR Endpoint Agent Support VDI Environments or Gold/Base Images? ⫘
Currently, the Taegis™ XDR Endpoint Agent does not support non-persistent VDI or environments that leverage gold/base images. For persistent VDI environments, you must first deploy the cloned VM and then install the agent on it to generate a unique host id.
How Do I Get Assistance with Taegis™ XDR Endpoint Agent? ⫘
You can request product support for all issues not related to security alerts (i.e. performance issues, unexpected issues, etc.) according to our Support Policy.