FAQ: Taegis Endpoint Agent
integrations endpoints edr taegis agent secureworks
Tip
Additional Taegis Endpoint Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.
Is the Taegis Endpoint Agent Available to All Customers? ⫘
See Taegis Endpoint Agent Introduction.
Which Operating Systems Is Taegis Endpoint Agent Supported on? ⫘
See Taegis Endpoint Agent Supported Operating Systems.
What Potential Scenarios May Arise from Running Two XDR Supported Endpoint Integrations? ⫘
If you run Taegis™ XDR Endpoint Agent as well as third-party supported endpoint software (like Carbon Black, CrowdStrike, or Microsoft Defender), and if the third-party integration is connected to Secureworks® Taegis™ XDR, then you may experience the following scenarios:
- Duplicate Alerts: If two agents are gathering similar telemetry from the endpoint, it could potentially lead to duplicate alerts in XDR. You can minimize this impact by suppressing those duplicate alerts.
- Agent Performance: If the Taegis Endpoint Agent is not safelisted in the third-party endpoint application, then that could cause performance or compatibility issues on the endpoint/host.
What Types of Data Does Taegis Endpoint Agent Collect from the Host? ⫘
The Taegis Endpoint Agent collects a whole host of endpoint telemetry that is analyzed to identify threats and their associated behaviors. The following table provides an overview of telemetry collected:
| Telemetry | Platform |
|---|---|
| Auth | All |
| Process | All |
| Netflow | All |
| FileMod | All |
| Thread Injection | Windows |
| Powershell SBL | Windows |
| AMSI | Windows |
| Persistence Events | Windows |
| DNS | Windows |
Note
Only Auth telemetry is provided by the Linux agent when no driver is available; if the driver is available and loaded, Process, Netflow, and FileMod are provided as well.
My Antivirus Product Blocked Taegis Endpoint Agent. What Should I Do? ⫘
Antivirus products monitor systems for unusual modifications to the operating system or installed software. One example of such modification would be Taegis Endpoint Agent data files created by its processes. Even though the Taegis Endpoint Agent DOES NOT modify anything that belongs to the operating system, some AV/malware protection products can consider the Taegis Endpoint Agent's own files' modifications as malicious behavior and block or stop the processes. We recommend you add the following folders that belong to Taegis Endpoint Agent by default to be excluded from AV scanning and/or add them to an allowlist/safelist.
- Windows:
C:\Program Files\SecureWorks\C:\ProgramData\SecureWorks\
- macOS:
/Library/Application Support/secureworks/
- Linux:
/opt/secureworks/
What Are the Recent Changes in the Taegis Endpoint Agent ? ⫘
See Taegis Endpoint Agent Changelog for version updates.
What Network Connectivity Is Required? ⫘
Please refer to Taegis Endpoint Agent Installation for connectivity requirements.
What OS Platforms Are Supported? ⫘
For information on supported operating systems, see Taegis Endpoint Agent Supported Operating Systems.
How Often Are Taegis Endpoint Agent Software Updates Available? ⫘
Secureworks continuously updates Taegis Endpoint Agent with the latest enhancements available to our clients. Updates and their associated end-of-life dates will be made available to the client in advance so you can upgrade as needed.
How Often Is New Intelligence Added to XDR? ⫘
Continuously.
Two Host Processes Are Running on My Windows Agent Endpoint. Is This Expected? ⫘
Yes, this is expected.
Does the Taegis Endpoint Agent Support VDI Environments or Gold/Base Images? ⫘
Currently, the Taegis Endpoint Agent does not support non-persistent VDI or environments that leverage gold/base images. For persistent VDI environments, you must first deploy the cloned VM and then install the agent on it to generate a unique host id.
How Do I Get Assistance with Taegis Endpoint Agent? ⫘
You can request product support for all issues not related to security alerts (i.e. performance issues, unexpected issues, etc.) according to our Support Policy.