Taegis Endpoint Agent for macOS Troubleshooting
integrations endpoints edr taegis agent secureworks
This document provides guidance on initial agent troubleshooting steps you can take and information you can gather prior to reaching out to Secureworks support for assistance with agent issues.
Tip
Additional Taegis Endpoint Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.
Diagnostics ⫘
The new Diagnostics functionality released with version 1.4.9 provides two operations:
- A mode to collect information into an archive file to send to Secureworks support, eliminating the need for the support team to request system details and reducing the time to resolve issues.
- A troubleshooting mode that analyzes configuration and runtime operation of all agent components and provides feedback on which items need to be addressed.
GUI Method ⫘
To access and use Diagnostics via the preferred method of the agent UI:
- Select the Taegis icon from the menu bar and choose Open Secureworks Taegis.
Open Secureworks Taegis
- From the left navigation menu of the app, choose Diagnostics.
Diagnostics
Collect Information ⫘
To gather logs and system information to share with support into a single archive file, follow these steps:
- Select Collect information for support to expand the section, then select Run. This will gather:
- All agent logs
- Agent configuration
- MDM profiles configuration
- System information
Collect Information
- Once complete, the information will be compressed in a
taegisctl-diag-XXXXX.tgzfile. Select Open in Finder to access the file to send to support.
Access Archive
Troubleshoot ⫘
To run the troubleshoot tool to attempt to diagnose issues with setup and environment, follow these steps:
- Select Troubleshoot to expand the section, then select Run. This will analyze agent configuration and output a simple summary of all agent settings.
Diagnostics Troubleshooting
- Once complete, the results display the following possible outcomes:
- Pass — The check has passed
- Fail — The check has failed and should be investigated
- Warn — The check may be benign, but could indicate a potential issue
- NA — Not applicable
Troubleshooting Output
Command-Line (Terminal) Method ⫘
The diagnostic tool can also be run from the command-line (Terminal).
Note
Diagnostic commands must be run with sudo privileges.
Collect Information ⫘
To gather logs and system information to share with support into a single archive file, use the following command:
/Applications/SecureworksTaegis.app/Contents/bin/taegisctl gather
Diagnostics Troubleshooting (Terminal)
Troubleshoot ⫘
To run the troubleshooting tool, use the following command:
/Applications/SecureworksTaegis.app/Contents/bin/taegisctl troubleshoot
Troubleshooting Output (Terminal)
Installation ⫘
- If using mobile device management (MDM), follow the relevant article listed at MDM Deployment.
- If installing outside MDM, follow the UI Deployment instructions.
- Open Taegis by selecting the status icon from the menu bar and choosing Open Secureworks Taegis to verify Full Disk Access is granted and System Extensions are allowed.
Auto Upgrade Failures ⫘
- Examine logs for any obvious errors:
log stream --level debug --predicate 'subsystem == "scwx"'. - Allow
taegis-agent-prod-builds.s3.us-east-2.amazonaws.comthrough firewalls. - Once you’ve verified connectivity to
taegis-agent-prod-builds.s3.us-east-2.amazonaws.com, go to your tenant and select Reconnect on the targeted endpoint.
Service Not Starting ⫘
Open up the Console app to view any available crash reports from the agent (filter for secureworks). Additionally the crash file is available under /Library/Logs/DiagnosticReports.
Uninstall ⫘
- Uninstall may leave behind active system/network extensions due to an Apple bug. The agent cannot avoid this due to its dependency on the OS.
- Logs such as
system.logor any crash report for the application may be helpful for further diagnosis.