Taegis™ Windows Agent Installation
Prior to installation, review requirements and follow prerequisite steps on Taegis™ Endpoint Agent Information and Prerequisites.
To ensure uninterrupted connectivity to the Taegis™ Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.
Data Provided from Integration ⫘
|Taegis™ Windows Endpoint Agent
Choose one of the following options for installing the Taegis™ XDR Endpoint Agent for Windows:
- Install using AgentMigrator PowerShell Scripts
- Install using the MSI Installer
- Install using Command Line
- Install using MDMs
Install Taegis™ XDR Endpoint Agent Using PowerShell Script ⫘
Secureworks provides a PowerShell script that automates the validation of prerequisites for the Windows Taegis™ Endpoint Agent. The script can be used for migrations from Red Cloak™ Endpoint Agent to Taegis™ Endpoint Agent, or for brand new installations. The script is helpful for validating prerequisites for new Taegis™ Endpoint Agent deployments.
At a high level, the script:
- Performs pre-installation validation checks
- Installs Taegis™ Endpoint Agent on the endpoint the script is run
- Performs post-install validation checks
- Uninstalls Red Cloak™ Endpoint Agent, if present
For more information, see the following Knowledge Base article: Automated Migration Script from Red Cloak to Taegis Agent.
Download scripts here:
Install Taegis™ XDR Endpoint Agent Using the MSI Installer ⫘
- Run the MSI package and the first screen provides the version number for the Taegis™ XDR Endpoint Agent. Verify it is the desired version and select Next.
Taegis Agent Setup Wizard
- Choose an install location and select who you want to install the package for. The default location is
C:\Program Files\SecureWorks\Taegis Agent\and the default usage is set for Everyone. Select Next.
Select Installation Folder
- Enter your Registration Key and Registration Server copied during the prerequisite steps and then select Next.
- Optionally enter your Proxy as
<proxyserver>:<port>(Limit = 1)
- Agent version 1.0.50 and later queries Google DNS (18.104.22.168) over HTTPS by default (see DNS Resolution) and allows multiple local DNS overrides. Enter one or more DNS server IP addresses separated by a semicolon, if desired. There is no limit to the number of DNS servers.
- Note: if a Proxy is being used, a DNS server must be entered.
Enter Registration Key and Server
- Select Next to confirm the installation. The confirmation displays the settings that have been entered.
Select Yes to provide User Account Control consent and allow the installation. The agent then installs.
During installation, the Registration Key, Registration Server, Proxy, and DNS server settings are verified. This process typically takes about 15 seconds and you can skip to Step 8 if successful. If this process fails, the most common reason is an incorrect Registration Key and/or Server. In this case, the installer displays a dialog allowing for corrections.
- Re-enter the Registration Key, Registration Server, Proxy and DNS server. Select OK and the installer verifies the settings again. If the installer cannot verify once again, an error screen displays and the installer exits. See Windows Agent Troubleshooting for troubleshooting guidance.
- Once the agent is installed, select Close to exit the UI.
Install Taegis™ XDR Endpoint Agent using Command Line ⫘
Once you have obtained the MSI package, open Command Prompt with administrator permissions and enter the following:
msiexec /i <path>.msi REGISTRATIONKEY=<registration key> REGISTRATIONSERVER=<registration server> PROXY=<proxyserver:port> DNS=<host> /quiet
Including a Proxy as
PROXY=<proxyserver>:<port>is optional and if included, limit = 1.
Including a DNS server as
DNS=<host>is required when using a Proxy, but is optional in all other situations. Supply one or more DNS server IP addresses separated by a semicolon, if desired. There is no limit to the number of DNS servers. If no DNS server is supplied, then the default of 22.214.171.124 over HTTPS is used; see DNS Resolution.
We recommend you add the
/quietflag for a quiet installation.
Install Using MDMs ⫘
- For deployment using Workspace ONE UEM (WS1) for Windows hosts, see the following Knowledge Base article: Deploy Taegis Agent for Windows with Workspace ONE.
- For deployment using Intune for Windows hosts, see the following Knowledge Base article: Deploy Taegis Agent for Windows with Intune.
DNS Resolution ⫘
The Windows Taegis™ Endpoint Agent leverages DNS to resolve the addresses listed in the Network Connectivity Requirements. Agents version 1.0.50 and later attempt to resolve DNS in this order:
- Query Google DNS (126.96.36.199) over HTTPS.
- On failure of step 1, query primary user-provided override over UDP. Users are forced to provide an override during installation if the previous step fails in their environment.
- On failure of step 2, query secondary user-provided override—if available—over UDP.
Validate Installation ⫘
- Check for Host and Status using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down to confirm the following processes exist:
- Taegis Agent Host
- Taegis Agent Host
- Taegis Agent Service
- Check Agent Version using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down and right-click Taegis Agent Host. Select Properties, and then the Details tab to view Product Version.
Logging File Location ⫘
Post agent install: Open File Explorer and navigate to
C:\ProgramData\SecureWorks\TaegisAgent\TaegisUser. Note that you must enable hidden folders in order to access ProgramData folder. Open the TaegisUser document to view log report.
Logging File Location
Review Endpoint Agents Summary ⫘
Endpoint Agents Summary
As Taegis™ XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the left-hand side navigation in Taegis™ XDR. For more information, see Manage Endpoint Agents.