Troubleshooting Failed ThreatDefence Agent Installations
In most cases, failed ThreatDefence agent installations occur due to connectivity issues or the installation being blocked by Endpoint Detection & Response (EDR) software. This guide outlines the most common causes and steps to resolve them.
1. Verify You Are Using the Latest Agent
- Always download the latest version of the agent from the ThreatDefence portal: https://portal.threatdefence.io/deployment/endpoint-agent
2. Check System and Network Requirements
- Review the System and Network Requirements section in the portal: https://portal.threatdefence.io/deployment/endpoint-agent
- Ensure your system meets the minimum OS and hardware requirements.
- Verify that all provided IP addresses and hostnames are whitelisted on your perimeter firewall and/or proxy.
- On some enterprise firewalls (such as Palo Alto), SSL decryption can block traffic. You may need to add exceptions to SSL inspection policies. Example for Palo Alto decryption exclusions: https://docs.paloaltonetworks.com/network-security/decryption/administration/decryption-exclusions/palo-alto-networks-predefined-decryption-exclusions#idfe9d8ac4-9a24-4cc0-a616-1f3092de7c6f
3. Exclude ThreatDefence Agent from EDR or Antivirus
- Some Endpoint Protection platforms may interfere with agent installation or operation.
- Add exclusions in your EDR or antivirus (e.g., Microsoft Defender, CrowdStrike) for:
C:\Program Files\TDAgent*
4. Remove Older Agent Versions (If Applicable)
- If an older ThreatDefence agent was previously installed, installation may fail until remnants are removed.
- Use the official cleanup tool before reinstalling: https://docs.threatdefence.com/docs/Deployment/Endpoint%20Agent/Cleanup%20Tool/
5. Collect Required Logs for Support
If the installation still fails after performing the above checks, please gather the following information and attach it to your support ticket:
- Tenant name
- Agent name
- Operating system
- MSI installation log
- Agent log (
C:\ProgramData\TDagent) - Error code or screenshot (if it was an interactive install)