Installation and Uninstallation¶

Individual Installation¶

AgentX Client can be installed from the command line or the User Interface.

To install AgentX Client from the command line:

1. Run the command line as an administrator.

2. Enter the following:

msiexec /i AgentX_Client_windows_version.msi MANAGER_ADDRESS=XX.XX.XX.XX ADDLOCAL=OsqueryFeature /qn

This installs AgentX Client in the default path.

You can provide a custom path by using the following command:

msiexec /i AgentX_Client_windows_version.msi MANAGER_ADDRESS=XX.XX.XX.XX INSTALLATION_TYPE=custom INSTALL_DIR= "AgentX Client location" ADDLOCAL=OsqueryFeature /qn

If the custom path does not exist, the installation fails.

Using the above commands configures OSSEC and osquery by default. You can also use a custom configuration file for osquery by using the following command to install AgentX Client:

msiexec /i AgentX_Client_windows_version.msi MANAGER_ADDRESS=XX.XX.XX.XX INSTALLATION_TYPE=custom INSTALL_DIR= "AgentX Client location" ADDLOCAL=OsqueryFeature CUSTOM_OSQUERY_CONF="OSQUERY configuration location" /qn

If you use custom Certificates, use the following command to install AgentX Client:

msiexec /i AgentX_Client_windows_version.msi MANAGER_ADDRESS=XX.XX.XX.XX INSTALLATION_TYPE=custom INSTALL_DIR="AgentX Client location" ADDLOCAL=OsqueryFeature SSL_CERT="D:\AgentX\shared\sslagent1.cert" SSL_KEY="D:\AgentX\shared\sslagent1.key" /qn

To install AgentX Client from the User Interface:

1. Download the AgentX file from the Release Notes.

2. Go to the downloaded file, right-click on it and click Install.

3. Click Next.

Installing AgentX on Windows¶

4. Agree to the terms and conditions and click Next.

Terms and Conditions¶

5. Select an installation path.

   5.1. Select Default to install Ossec in C:\Program Files (×86)\ossec-agent and osquery in C:\Program Files\osquery. You can find the installation log in C:\Program Files (x86).

   5.2. Select Custom to manually enter an installation path where Ossec, osquery and the installation log will be installed. However, if the custom path does not exist, the installation fails.

   If you enter C:\Program Files or its subdirectories as the path, then Ossec will be installed in C:\Program Files (×86)\ossec-agent and osquery and the installation log will be installed in the specified path.

6. Click Next.

   

   Selecting Installation Path¶

7. Enter the IP address of Logpoint where AgentX Server and AgentX Manager are installed. If you install them on a different Logpoint later, change the IP address so it corresponds to the Logpoint where they are installed.

If you are implementing load balancer with AgentX Cluster, enter its IP address instead.

8. Click Next

Registering Logpoint AgentX Manager¶

. Click Install and click Finish.

To change the IP address of Logpoint after the installation:

1. Go to the AgentX Client installation path.

2. Click win32ui.

3. In Manager IP, enter the Logpoint IP address and click Save. To edit the configuration, re-enter the Logpoint IP address in Manager IP, click Save and restart the agent.

Leave Authentication key empty.

4. Click Manage and Start the agent. You can stop or restart the agent by clicking Stop or Restart.

5. Click OK and Save.

Mass Installation¶

Mass Installation using Microsoft Intune¶

Prerequisites

• Windows 10 Pro and 11 Pro Workstations

• AgentX Client v1.2.0 or later. Download it from the Release Notes.

To mass install AgentX Client using Microsoft Intune, you must add some configurations in the Windows workstation and in the Microsoft Intune portal.

1. Go to the Microsoft Intune Portal and log in.

2. Go to Windows workstation and download Company Portal.

3. Log into the Company Portal with the same credentials as Microsoft Intune.

4. Go back to Microsoft Intune and click Devices.

5. Click Windows Devices and verify if your device is connected to the Intune account.

6. Click Apps.

7. Click All apps and click + Add.

8. Select Line-of-business app as App type.

9. Click Select.

10. Click Select app package file and select the AgentX Client .msi file.

11. Click OK.

12. Enter a Publisher name.

13. In Command-line arguments, enter MANAGER_ADDRESS=x.x.x.x. MANAGER_ADDRESS is the Logpoint IP address where AgentX is installed.

To enable osquery of AgentX with the installation, enter MANAGER_ADDRESS=x.x.x.x ADDLOCAL=OsqueryFeature /qn.

14. Click Next.

15. Under Required, click + Add group.

16. Select your company group to install AgentX Client and click Select.

17. Click Next.

18. Click Create.

To ensure if the installation was applied to the network:

1. Go to Settings on your Windows workstation and click Accounts.

2. Click Access work or school.

3. Select the Microsoft Intune account your Windows workstation is connected to and click Info.

4. Under Device sync status, click Sync.

This force synchronizes the installation across all connected Windows workstations immediately without you having to wait for the next scheduled update. Contact your network administrator for information on the scheduled update.

Mass Installation using Windows GPO¶

Prerequisites

• Windows Server 2016 or later where Domain Controller is configured

• Orca

• AgentX Client v1.2.0 or later in a shared network that is \hostname\Location. Download it from the Release Notes.

• Windows 10 Pro and 11 Pro Workstations

Enable MSI logging with Group Policy¶

To mass install AgentX Client, you must first enable MSI (Microsoft Installer) logging via group policy. This allows you to generate detailed logs when installing or uninstalling MSI packages on Windows which is helpful for troubleshooting installation issues or analyzing installation behavior.

Important

Enabling MSI logging with Group Policy is a mandatory process for AgentX Client to be installed and work properly.

To enable the MSI logging:

1. Go to Group Policy Management on the Windows server and click Domains.

2. Right-click Default Domain Policy and click Edit.

3. Click Computer Configuration and expand Policies.

4. Click Administrative Templates and click Windows Components.

5. Click Windows Installer.

6. Double-click Specifies the types of events that Windows Installer records in its transaction log for each installation and click Enable.

7. Under Options, enter voicewarmupx in Logging.

8. Click Ok.

Creating a Microsoft Transform File¶

The next step to mass install AgentX Client is to create a Microsoft Transform File. It is a customized database file that contains changes to the default settings of an MSI package.

To create Microsoft Transform File:

1. Open the AgentX Client .msi file on Orca.

2. Click Property and Transform.

3. Click New Transform from the drop-down.

4. In MANAGER_ADDRESS, enter the IP address of Logpoint where AgentX Server and AgentX Manager are installed. If you install them on a different Logpoint later, this IP address must be changed so it corresponds to the Logpoint where they are installed.

This installs AgentX Client in the default directory. You can also provide a custom path. However, if the custom path does not exist, the installation fails.

To provide a custom path:

1. Change the INSTALLATION_TYPE to custom.

2. Press Ctrl+R on your keyboard. Enter INSTALL_DIR in Property and the custom path in Value.

5. Press Ctrl+R on your keyboard. Enter ADDLOCAL in Property and OsqueryFeature in Value to install osquery. You can skip this step if you do not want to install osquery.

6. Click Transform and click Generate Transform.

7. Enter a name for the created .mst file and click Save.

After creating the .mst file, move it to a shared network with AgentX Client to make it accessible to other devices on the network. Then, create a group policy to automate the mass installation process.

To create a Group Policy:

1. Go to Group Policy Management on the Windows server and click Domains.

2. Right-click Default Domain Policy and click Edit.

3. Click Computer Configuration and expand Policies.

4. Expand Software Settings and right-click Software Installation.

5. Click New and click Package.

6. Select the downloaded AgentX Client .msi file and click Open.

7. Click Advanced and click OK.

8. Click Modifications and click Add.

9. Select the previously added .mst file and click Open.

10. Click OK.

To confirm that installation worked, login to the Windows Server where you need to install AgentX. Open the terminal and enter command gpupdate /force. This command makes sure your changes are reflected immediately without you having to wait for the next scheduled update. Contact your admin for more information.

To change the IP address of Logpoint after the installation:

1. Create a new .mst file and enter the updated IP address in it.

2. Go to Group Policy Management on the Windows server and click Domains.

3. Right-click Default Domain Policy and click Edit.

4. Click Computer Configuration and expand Policies.

5. Expand Software Settings and right-click Software Installation.

6. Click New and click Package.

7. Select the previously installed .msi file and click Open.

8. Click Advanced and click OK.

9. Click Modifications and click Add.

10. Select the newly created .mst file and click Open.

11. Click OK.

Mass Upgrading using Windows GPO¶

1. Download the upgraded .msi file from the Help Center and move it to the shared network.

3. Go to Group Policy Management on the Windows server and click Domains.

4. Right-click Default Domain Policy and click Edit.

5. Click Computer Configuration and expand Policies.

6. Expand Software Settings and right-click Software Installation.

7. Click New and click Package.

8. Select the upgraded .msi file and click Open.

9. Click Advanced and click OK.

10. Click Upgrades.

11. Select and Remove any packages under Packages that this package will upgrade

12. Click Add.

13. Select the package to upgrade and click Package can upgrade over the existing package.

14. Click OK.

15. Click OK.

To confirm if the upgrade worked, login to the Windows Server where you need to install AgentX. Open the terminal and enter command gpupdate /force. This command makes sure your changes are reflected immediately without you having to wait for the next scheduled update. Contact your admin for more information.

Mass Uninstallation using Windows GPO¶

1. Go to Group Policy Management on the Windows server and click Domains.

2. Right-click Default Domain Policy and click Edit.

3. Click Computer Configuration and expand Policies.

4. Expand Software Settings and right-click Software Installation.

5. Right-click the file to uninstall and click All Tasks.

6. Click Remove.

To confirm if the uninstallation worked, login to the Windows Server where you need to install AgentX. Open the terminal and enter command gpupdate /force. This command makes sure your changes are reflected immediately without you having to wait for the next scheduled update. Contact your admin for more information.

Mass Installation using Microsoft System Center Configuration Manager (SCCM)¶

Prerequisites

• Windows Server 2016 or later where Domain Controller and Microsoft System Center Configuration Manager are configured.

• AgentX Client v1.2.0 or later in a shared network that is \hostname\Location. Download it from the Release Notes.

• Windows 10 Pro and 11 Pro Workstations

To mass install using SCCM:

1. Go to the Microsoft Configuration Manager on the Windows server.

2. Click Software Library and click the Application Management drop-down.

3. Right-click Applications and click Create Application.

4. Browse and Open the AgentX Client .msi.

5. Click Next.

6. Click General Information and enter a Name.

7. You can find the command msiexec /i “AgentX_Client_1.4.1.msi” /q in Installation Program. This installs only OSSEC in the default location.

To install osquery along with AgentX Client, enter the following command:

* msiexec /i "AgentX_Client_windows_1.4.1.msi" ADDLOCAL=OsqueryFeature MANAGER_ADDRESS=x.x.x.x  /qn

Here, MANAGER_ADDRESS is the IP address of Logpoint where AgentX Server and AgentX Manager are installed.

To install AgentX Client and osquery in a custom path, enter the following command:

* msiexec /i "AgentX_Client_windows_1.4.1.msi" ADDLOCAL=OsqueryFeature MANAGER_ADDRESS=x.xx.x.x INSTALLATION_TYPE=custom INSTALL_DIR=“D:\AgentX_Client"  /qn

Here, specify the location to install AgentX Client and osquery in INSTALL_DIR. Also, if the custom path does not exist, the installation fails.

8. Click Next.

9. Click Next.

10. Click Close.

11. Go back to the Microsoft Configuration Manager where you will find the previously selected .msi file.

12. Select the .msi file and click Deploy.

13. In Collection, click Browse.

14. In the User-Collections drop-down, select Device Collections.

15. Select All Desktop and Server Clients and click OK.

16. Click Next.

17. Click the Add drop-down and click Distribution Point.

18. Select your distribution point and click OK.

19. Click Next.

20. In the Purpose drop-down, select Required. This allows AgentX to install silently in the background.

21. Select When a resource is no longer a member of the collection, uninstall this application and Send wake-up packets.

22. Click Next.

23. Select an Installation deadline and click Next.

24. Click Next.

25. Click Next.

26. Click Next.

27. Click Next.

28. Click Close.

To ensure that the above installation is applied to the network immediately:

1. Go to your Windows workstation’s control panel.

2. Go to Configuration Manager and click Actions.

3. Select Machine Policy Retrieval & Evaluation Cycle and click Run Now.

4. Click OK.

This force synchronizes the installation across all connected Windows workstations immediately without you having to wait for the next scheduled update. Contact your network administrator for information on the scheduled update.