🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Windows Agent Installation

integrations endpoints edr taegis agent secureworks


Prerequisites

Prior to installation, review requirements and follow prerequisite steps on Taegis™ Endpoint Agent Information and Prerequisites.

Important

To ensure uninterrupted connectivity to the Taegis™ Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
Taegis™ Windows Endpoint Agent      

Installation

Choose one of the following options for installing the Taegis™ XDR Endpoint Agent for Windows:

Install Taegis™ XDR Endpoint Agent Using PowerShell Script

Secureworks provides a PowerShell script that automates the validation of prerequisites for the Windows Taegis™ Endpoint Agent. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis™ Endpoint Agent, or for brand new installations. The script is helpful for validating prerequisites for new Taegis™ Endpoint Agent deployments.

At a high level, the script:

For more information, see the following Knowledge Base article: Automated Migration Script from Red Cloak to Taegis Agent.

Download scripts here:

Install Taegis™ XDR Endpoint Agent Using the MSI Installer

  1. Run the MSI package and the first screen provides the version number for the Taegis™ XDR Endpoint Agent. Verify it is the desired version and select Next.

Taegis Agent Setup Wizard

Taegis Agent Setup Wizard

  1. Choose an install location and select who you want to install the package for. The default location is C:\Program Files\SecureWorks\Taegis Agent\ and the default usage is set for Everyone. Select Next.

Select Installation Folder

Select Installation Folder

  1. Enter your Registration Key and Registration Server copied during the prerequisite steps and then select Next.

Enter Registration Key and Server

Enter Registration Key and Server

  1. Select Next to confirm the installation. The confirmation displays the settings that have been entered.

Confirm Installation

Confirm Installation

  1. Select Yes to provide User Account Control consent and allow the installation. The agent then installs.

  2. During installation, the Registration Key, Registration Server, Proxy, and DNS server settings are verified. This process typically takes about 15 seconds and you can skip to Step 8 if successful. If this process fails, the most common reason is an incorrect Registration Key and/or Server. In this case, the installer displays a dialog allowing for corrections.

Retry Registration

Retry Registration

  1. Re-enter the Registration Key, Registration Server, Proxy and DNS server. Select OK and the installer verifies the settings again. If the installer cannot verify once again, an error screen displays and the installer exits. See Windows Agent Troubleshooting for troubleshooting guidance.

Registration Failed

Registration Failed

  1. Once the agent is installed, select Close to exit the UI.

Installation Complete

Installation Complete

Install Taegis™ XDR Endpoint Agent using Command Line

Once you have obtained the MSI package, open Command Prompt with administrator permissions and enter the following:

msiexec /i <path>.msi REGISTRATIONKEY=<registration key> REGISTRATIONSERVER=<registration server> PROXY=<proxyserver:port> DNS=<host> /quiet

Install Using MDMs

DNS Resolution

The Windows Taegis™ Endpoint Agent leverages DNS to resolve the addresses listed in the Network Connectivity Requirements. Agents version 1.0.50 and later attempt to resolve DNS in this order:

  1. Query Google DNS (8.8.8.8) over HTTPS.
  2. On failure of step 1, query primary user-provided override over UDP. Users are forced to provide an override during installation if the previous step fails in their environment.
  3. On failure of step 2, query secondary user-provided override—if available—over UDP.

Validate Installation

  1. Check for Host and Status using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down to confirm the following processes exist:

Validate Processes

Validate Processes

  1. Check Agent Version using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down and right-click Taegis Agent Host. Select Properties, and then the Details tab to view Product Version.

Logging File Location

Post agent install: Open File Explorer and navigate to C:\ProgramData\SecureWorks\TaegisAgent\TaegisUser. Note that you must enable hidden folders in order to access ProgramData folder. Open the TaegisUser document to view log report.

Logging File Location

Logging File Location

Review Endpoint Agents Summary

Endpoint Agents Summary

Endpoint Agents Summary

As Taegis™ XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in Taegis™ XDR. For more information, see Manage Endpoint Agents.

 

On this page: