TD Website

Windows Agent

Note: Please check Prerequisites and System Requirements before proceeding.

Standard Installation (Windows GUI)

  1. Log in to the Customer Portal and select your tenant from the dropdown list. Your Activation Code will be displayed.

  2. Select Windows, then click Generate Download Link followed by Click Here to Download.

    Generate Download Link

  3. After the installer downloads, double-click it to launch the setup wizard. Enter your Activation Code from the portal and click Next.

    MSI Activation
    MSI Activation Check

  4. Review the Sysinternals End-User License Agreement (EULA). Tick the checkbox to accept, then click Next.

    MSI Install Sysinternals

Note: Sysinternals are Microsoft tools used to enhance endpoint telemetry. ThreatDefence recommends accepting the EULA.

More information: • Sysmon | Microsoft LearnAutoruns | Microsoft Learn

  1. (Optional) You may see an advanced option to override the Sysinternals download source. Leave this blank unless required, then click Next.

    MSI Sysinternals Redist

Note:: For restricted/offline networks, see Advanced Windows Install: /docs/Deployment/Endpoint Agent/Install Guides/AdvancedWindowsInstall.md

  1. Click Install to begin.

    MSI Ready To Install

  2. When installation completes, click Finish.

    MSI Install Wizard Completion

Silent / Command-Line Installation

For unattended or scripted deployments, use msiexec:

msiexec.exe /i TD_Endpoint.msi /qn ACTIVATION_CODE=xxx SYSINTERNALS_ACCEPT_EULA=Yes

Command Line Install Options:

Argument
Required
Description
Examples
Default

ACTIVATION_CODE

Y

Unique activation code, distributed on portal

N/A

SYSINTERNALS_ACCEPT_EULA

N

Accepts the Sysinternals software license terms available here.

SYSINTERNALS_ACCEPT_EULA=Yes

No

REDIST

N

URL or Local directory path to pre-downloaded Sysinternals binaries. For use in restricted networks. See our article, Redist Override, for more info.

REDIST=http://web01.mycompany.com/td REDIST=C:\windows\temp\td

N/A

AUTO_UPDATE

N

Disable the automatic updater.

AUTO_UPDATE=No

N/A

Uninstalling Windows Agent

  1. Go to “Apps & Features" or "Add/Remove Programs”.

  2. Type “TD_Endpoint”, choose TD_Endpoint and click “Uninstall”.

uninstall

Advanced Installation - Group Policy

For enterprise deployments, see our article on MSI Transform files

Advanced Uninstall - Command Line / Silent

  1. Open PowerShell by pressing Windows Key + X and select Windows PowerShell (Admin).

Windows PowerShell

  1. Retrieve the application's IdentifyingNumber by entering Get-WmiObject Win32_Product

Retrieve the Application Key

  1. Uninstall the application using the following command, replacing IdentifyingNumber with that retrieved in the previous step:

msiexec.exe /x "<IdentifyingNumber>" /qn

Ensure you enclose the IdentifyingNumber with double quotes. e.g.

msiexec.exe /x "{3357A676-12AA-42AB-ADF3-A3DC3E0EA726}" /qn
Uninstall the Application

TD_Endpoint agent will now be uninstalled from your system.

Post-Installation Configuration Options

tdcli.exe is located in C:\Program Files\TDagent\tdcli\tdcli.exe and accepts several command-line options to modify existing installations:

Argument
Description
Example

upgrade-sysinternals

Upgrades sysmon to the latest available at https://live.sysinternals.com/. Note: Will be overridden by REDIST path if set during install.

C:\Program Files\TDagent\tdcli.exe upgrade-sysinternals

disable-sysinternals

Uninstalls and disables Sysinternals binaries.

C:\Program Files\TDagent\tdcli.exe disable-sysinternals

enable-sysinternals

Installs and enables Sysinternals binaries.

C:\Program Files\TDagent\tdcli.exe enable-sysinternals

PreviousInstallation GuidesNextDeploying via MS Intune

Last updated