🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

FAQ: Taegis™ Agent

integrations endpoints edr taegis agent secureworks


Tip

Additional Taegis™ Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.

Is the Taegis™ XDR Endpoint Agent Available to All Customers?

See Taegis™ XDR Endpoint Agent Introduction.

Which Operating Systems Is Taegis™ XDR Endpoint Agent Supported on?

See Taegis™ XDR Endpoint Agent Supported Operating Systems.

What Potential Scenarios May Arise from Running Two Secureworks® Taegis™ XDR Supported Endpoint Integrations?

If you run Taegis™ XDR Endpoint Agent as well as third-party supported endpoint software (like Carbon Black, CrowdStrike, or Microsoft Defender), and if the third-party integration is connected to Secureworks® Taegis™ XDR, then you may experience the following scenarios:

What Types of Data Does Taegis™ XDR Endpoint Agent Collect from the Host?

The Taegis™ XDR Endpoint Agent collects a whole host of endpoint telemetry that is analyzed to identify threats and their associated behaviors. The following table provides an overview of telemetry collected:

Telemetry Platform
Auth All
Process All
Netflow All
FileMod All
Thread Injection Windows
Powershell SBL Windows
AMSI Windows
Persistence Events Windows
DNS Windows

Note

Only Auth telemetry is provided by the Linux agent when no driver is available; if the driver is available and loaded, Process, Netflow, and FileMod are provided as well.

My Antivirus Product Blocked Taegis™ XDR Endpoint Agent. What Should I Do?

Antivirus products monitor systems for unusual modifications to the operating system or installed software. One example of such modification would be Taegis™ XDR Endpoint Agent data files created by its processes. Even though the Taegis™ XDR Endpoint Agent DOES NOT modify anything that belongs to the operating system, some AV/malware protection products can consider the Taegis™ XDR Endpoint Agent's own files' modifications as malicious behavior and block or stop the processes. We recommend you add the following folders that belong to Taegis™ XDR Endpoint Agent by default to be excluded from AV scanning and/or add them to an allowlist/safelist.

What Are the Recent Changes in the Taegis™ XDR Endpoint Agent ?

See Taegis™ XDR Endpoint Agent Changelog for version updates.

What Network Connectivity Is Required?

Please refer to Taegis™ XDR Endpoint Agent Installation for connectivity requirements.

What OS Platforms Are Supported?

For information on supported operating systems, see Taegis™ XDR Endpoint Agent Supported Operating Systems.

How Often Are Taegis™ XDR Endpoint Agent Software Updates Available?

Secureworks continuously updates Taegis™ XDR Endpoint Agent with the latest enhancements available to our clients. Updates and their associated end-of-life dates will be made available to the client in advance so you can upgrade as needed.

How Often Is New Intelligence Added to Secureworks® Taegis™ XDR?

Continuously.

Two Host Processes Are Running on My Windows Agent Endpoint. Is This Expected?

Yes, this is expected.

Does the Taegis™ XDR Endpoint Agent Support VDI Environments or Gold/Base Images?

Currently, the Taegis™ XDR Endpoint Agent does not support non-persistent VDI or environments that leverage gold/base images. For persistent VDI environments, you must first deploy the cloned VM and then install the agent on it to generate a unique host id.

How Do I Get Assistance with Taegis™ XDR Endpoint Agent?

You can request product support for all issues not related to security alerts (i.e. performance issues, unexpected issues, etc.) according to our Support Policy.

 

On this page: