🌙

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Endpoint Agent for Windows Installation

integrations endpoints edr taegis agent secureworks


Prerequisites

Prior to installation, review requirements and follow prerequisite steps on Taegis™ XDR Endpoint Agent Information and Prerequisites.

Important

To ensure uninterrupted connectivity to the Taegis Endpoint Agent update service, we recommended you periodically update CA certificates with the latest trusted root certificates.

DNS Resolution

The Windows Taegis Endpoint Agent leverages DNS to resolve the addresses listed in the Network Connectivity Requirements. By default, the agent attempts to use the primary Google DNS server (8.8.8.8) over HTTPS (TCP 443) to resolve the domains required for its registration and operation. If communications to 8.8.8.8 via TCP 443 are not permitted during installation, define alternate DNS server addresses to resolve domains using traditional DNS (UDP 53) communication during installation.

Agents attempt to resolve DNS in this order:

  1. Query Google DNS (8.8.8.8) over HTTPS.
  2. On failure of step 1, query primary user-provided override over UDP. Users are forced to provide an override during installation if the previous step fails in their environment.
  3. On failure of step 2, query secondary user-provided override—if available—over UDP.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
Taegis Windows Endpoint Agent        

Installation

Choose one of the following options for installing the Taegis Endpoint Agent for Windows:

Install Taegis Endpoint Agent Using PowerShell Script

Secureworks provides a PowerShell script that automates the validation of prerequisites for the Windows Taegis Endpoint Agent. The script can be used for migrations from Red Cloak Endpoint Agent to Taegis Endpoint Agent or for brand new installations as it can be helpful for validating prerequisites for new Taegis Endpoint Agent deployments.

At a high level, the script:

For detailed script usage instructions, see this Knowledge Base article: Automated Migration Script from Red Cloak to Taegis Agent.

Download the scripts here:

Check the Agent Migrator Script for the Latest Version

To verify you are using the latest version of the script, check the contents of the script to see the comments showing the latest version.

Latest version: 2.4

Install Taegis Endpoint Agent Using the MSI Installer

  1. Run the MSI package and the first screen provides the version number for the Taegis Endpoint Agent. Verify it is the desired version and select Next.

Taegis Agent Setup Wizard

Taegis Agent Setup Wizard

  1. Choose an install location and select who you want to install the package for. The default location is C:\Program Files\SecureWorks\Taegis Agent\ and the default usage is set for Everyone. Select Next.

Select Installation Folder

Select Installation Folder

  1. Enter the following information:

Enter Registration Key and Server

Enter Registration Key and Server

  1. Select Next, review the settings that have been entered, and select Next to confirm the installation.

Confirm Installation

Confirm Installation

  1. Select Yes to provide User Account Control consent and allow the installation. The agent then installs.

  2. During installation, the Registration Key, Registration Server, Proxy, and DNS server settings are verified. This process typically takes about 15 seconds and you can skip to Step 8 if successful. If this process fails, the most common reason is an incorrect Registration Key and/or Server. In this case, the installer displays a dialog allowing for corrections.

Retry Registration

Retry Registration

  1. Re-enter the Registration Key, Registration Server, Proxy and DNS server. Select OK and the installer verifies the settings again. If the installer cannot verify once again, an error screen displays and the installer exits. See Windows Agent Troubleshooting for troubleshooting guidance.

Registration Failed

Registration Failed

  1. Once the agent is installed, select Close to exit the UI.

Installation Complete

Installation Complete

Install Taegis Endpoint Agent using Command Line

Once you have obtained the MSI package, open Command Prompt with administrator permissions and enter the following:

msiexec /i <path>.msi REGISTRATIONKEY=<registration key> REGISTRATIONSERVER=<registration server> PROXY=<proxyserver:port> DNS=<host> /quiet

Install Using MDMs

Validate Installation

  1. Check for Host and Status using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down to confirm the following processes exist:

Validate Processes

Validate Processes

  1. Check Agent Version using Windows Task Manager: Open Task Manager, ensure the Processes tab is selected, and choose More Details. Scroll down and right-click Taegis Agent Host. Select Properties, and then the Details tab to view Product Version.

Logging File Location

Post agent install: Open File Explorer and navigate to C:\ProgramData\SecureWorks\TaegisAgent\TaegisUser. Note that you must enable hidden folders in order to access ProgramData folder. Open the TaegisUser document to view log report.

Logging File Location

Logging File Location

Review Endpoint Agents Summary

Endpoint Agents Summary

Endpoint Agents Summary

As XDR processes endpoint telemetry, a list of endpoints is generated. Review these by navigating to Endpoint Agents → Summary from the Taegis XDR menu. For more information, see Manage Endpoint Agents.

 

On this page: