Taegis Endpoint Agent for Windows Installation
integrations endpoints edr taegis agent secureworks
Prerequisites ⫘
Prior to installation, review requirements and follow prerequisite steps on Taegis™ XDR Endpoint Agent Information and Prerequisites.
Important
To ensure uninterrupted connectivity to the Taegis Endpoint Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.
Data Provided from Integration ⫘
Alerts | Auth | DNS | File Collection | HTTP | NIDS | Netflow | Process | File Modification | API Call | Registry | Scriptblock | Management | Persistence | Thread Injection | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Taegis Windows Endpoint Agent | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Installation ⫘
Choose one of the following options for installing the Taegis Endpoint Agent for Windows:
- Install using AgentMigrator PowerShell Scripts
- Install using the MSI Installer
- Install using Command Line
- Install using MDMs
Install Taegis Endpoint Agent Using PowerShell Script ⫘
Secureworks provides a PowerShell script that automates the validation of prerequisites for the Windows Taegis Endpoint Agent. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis Endpoint Agent, or for brand new installations. The script is helpful for validating prerequisites for new Taegis Endpoint Agent deployments.
At a high level, the script:
- Performs pre-installation validation checks
- Installs Taegis Endpoint Agent on the endpoint the script is run
- Performs post-install validation checks
- Uninstalls Red Cloak Endpoint Agent, if present
For more information, see the following Knowledge Base article: Automated Migration Script from Red Cloak to Taegis Agent.
Download scripts here:
Install Taegis Endpoint Agent Using the MSI Installer ⫘
- Run the MSI package and the first screen provides the version number for the Taegis Endpoint Agent. Verify it is the desired version and select Next.
Taegis Agent Setup Wizard
- Choose an install location and select who you want to install the package for. The default location is
C:\Program Files\SecureWorks\Taegis Agent\
and the default usage is set for Everyone. Select Next.
Select Installation Folder
- Enter your Registration Key and Registration Server copied during the prerequisite steps and then select Next.
- Taegis Endpoint Agent will use Google DNS 8.8.8.8 by default for domain name resolution (DNS).
- If 8.8.8.8 is not accessible, you must provide a DNS override.
- If the agent configuration uses a proxy, you must provide a DNS override.
Enter Registration Key and Server
- Select Next to confirm the installation. The confirmation displays the settings that have been entered.
Confirm Installation
-
Select Yes to provide User Account Control consent and allow the installation. The agent then installs.
-
During installation, the Registration Key, Registration Server, Proxy, and DNS server settings are verified. This process typically takes about 15 seconds and you can skip to Step 8 if successful. If this process fails, the most common reason is an incorrect Registration Key and/or Server. In this case, the installer displays a dialog allowing for corrections.
Retry Registration
- Re-enter the Registration Key, Registration Server, Proxy and DNS server. Select OK and the installer verifies the settings again. If the installer cannot verify once again, an error screen displays and the installer exits. See Windows Agent Troubleshooting for troubleshooting guidance.
Registration Failed
- Once the agent is installed, select Close to exit the UI.
Installation Complete
Install Taegis Endpoint Agent using Command Line ⫘
Once you have obtained the MSI package, open Command Prompt with administrator permissions and enter the following:
msiexec /i <path>.msi REGISTRATIONKEY=<registration key> REGISTRATIONSERVER=<registration server> PROXY=<proxyserver:port> DNS=<host> /quiet
-
Including a Proxy as
PROXY=<proxyserver>:<port>
is optional and if included, limit = 1. -
Including a DNS server as
DNS=<host>
is required when using a Proxy, but is optional in all other situations. Supply one or more DNS server IP addresses separated by a semicolon, if desired. There is no limit to the number of DNS servers. If no DNS server is supplied, then the default of 8.8.8.8 over HTTPS is used; see DNS Resolution. -
We recommend you add the
/quiet
flag for a quiet installation.
Install Using MDMs ⫘
- For deployment using Workspace ONE UEM (WS1) for Windows hosts, see the following Knowledge Base article: Deploy Taegis Agent for Windows with Workspace ONE.
- For deployment using Intune for Windows hosts, see the following Knowledge Base article: Deploy Taegis Agent for Windows with Intune.
- For deployment using SCCM for Windows hosts, see the following Knowledge Base article:Deploy Taegis Agent for Windows with SCCM.
DNS Resolution ⫘
The Windows Taegis Endpoint Agent leverages DNS to resolve the addresses listed in the Network Connectivity Requirements. Agents version 1.0.50 and later attempt to resolve DNS in this order:
- Query Google DNS (8.8.8.8) over HTTPS.
- On failure of step 1, query primary user-provided override over UDP. Users are forced to provide an override during installation if the previous step fails in their environment.
- On failure of step 2, query secondary user-provided override—if available—over UDP.
Validate Installation ⫘
- Check for Host and Status using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down to confirm the following processes exist:
- Taegis Agent Host
- Taegis Agent Host
- Taegis Agent Service
Validate Processes
- Check Agent Version using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down and right-click Taegis Agent Host. Select Properties, and then the Details tab to view Product Version.
Logging File Location ⫘
Post agent install: Open File Explorer and navigate to C:\ProgramData\SecureWorks\TaegisAgent\TaegisUser
. Note that you must enable hidden folders in order to access ProgramData folder. Open the TaegisUser document to view log report.
Logging File Location
Review Endpoint Agents Summary ⫘
Endpoint Agents Summary
As XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in XDR. For more information, see Manage Endpoint Agents.