Skip to main content

Installing Endpoint Agent (Windows)

Note:

Please read the prerequisites and system requirements page before proceeding

Install

  1. Please navigate to the portal and select your tenant from the dropdown menu. This will also display your Activation Code.

  2. Choose Windows, then click on the "GENERATE DOWNLOAD LINK" button, then "CLICK HERE TO DOWNLOAD".

    Generate Download Link

  3. Once it is downloaded, double-click and open the installer. It will prompt you to enter the activation code. Copy the activation code from the portal and paste it into the field. Then click "Next".

    MSI Activation MSI Activation Check

  4. You will be displayed with a Sysinternals EULA and checkboxes to accept the license. Make your choice by clicking one of the checkboxes then click "Next".

    MSI Install Sysinternals

Note:

Sysinternals are a suite of products developed by Microsoft. ThreatDefence recommends accepting the EULA to install Sysinternals.

tip

Further documentation on the products are available here:

  1. Once you've accepted the EULA, you'll encounter an advanced option allowing you to override the Sysinternals download source. Leave as blank and click "Next". MSI Sysinternals Redist
tip

For more information on how to use the override see Advanced Windows Install

  1. Click the "Install" button to begin the installation. MSI Ready To install

  2. You should see the window below, click “Finish” and the installation will be completed. MSI Install Wizard Completion

Advanced Install - Command Line / Silent

Silent installation can be achieved via the following command line argument:

Msiexec.exe /i TD_Endpoint.msi /qn ACTIVATION_CODE=xxx SYSINTERNALS_ACCEPT_EULA=Yes

Command Line Install Options

ArgumentRequiredDescriptionExamplesDefault
ACTIVATION_CODEYUnique activation code, distributed on portalN/A
SYSINTERNALS_ACCEPT_EULANAccepts the Sysinternals software license terms available here.SYSINTERNALS_ACCEPT_EULA=YesNo
REDISTNURL or Local directory path to pre-downloaded Sysinternals binaries. For use in restricted networks. See our article, Redist Override, for more info.REDIST=http://web01.mycompany.com/td
REDIST=C:\windows\temp\td		N/A
AUTO_UPDATENDisable the automatic updater.AUTO_UPDATE=NoN/A

Advanced Install - Group Policy

For enterprise deployments, see our article on MSI Transform files

Uninstall

  1. Go to “Apps & Features" or "Add/Remove Programs”.
  2. Type “TD_Endpoint”, choose TD_Endpoint and click “Uninstall”. uninstall

Advanced Uninstall - Command Line / Silent

  1. Open PowerShell by pressing Windows Key + X and select Windows PowerShell (Admin).

Windows PowerShell

  1. Retrieve the application's IdentifyingNumber by entering Get-WmiObject Win32_Product

Retrieve the Application Key

  1. Uninstall the application using the following command, replacing IdentifyingNumber with that retrieved in the previous step:
msiexec.exe /x "<IdentifyingNumber>" /qn
tip

Ensure you enclose the IdentifyingNumber with double quotes. e.g.

msiexec.exe /x "{3357A676-12AA-42AB-ADF3-A3DC3E0EA726}" /qn

Uninstall the Application Using the Key

TD_Endpoint agent will now be uninstalled from your system.

Post-Install Configuration Options

tdcli.exe is located in C:\Program Files\TDagent\tdcli\tdcli.exe and accepts several command-line options to modify existing installs.

ArgumentDescriptionExample
upgrade-sysinternalsUpgrades sysmon to the latest available at https://live.sysinternals.com/. Note: Will be overridden by REDIST path if set during install.C:\Program Files\TDagent\tdcli.exe upgrade-sysinternals
disable-sysinternalsUninstalls and disables Sysinternals binaries.C:\Program Files\TDagent\tdcli.exe disable-sysinternals
enable-sysinternalsInstalls and enables Sysinternals binaries.C:\Program Files\TDagent\tdcli.exe enable-sysinternals