Windows Agent

Note: Please check Prerequisites and System Requirements before proceeding.

Standard Installation (Windows GUI)

Log in to the Customer Portal and select your tenant from the dropdown list. Your Activation Code will be displayed.
Select Windows, then click Generate Download Link followed by Click Here to Download.
Generate Download Link
After the installer downloads, double-click it to launch the setup wizard. Enter your Activation Code from the portal and click Next.
MSI Activation
MSI Activation Check
Review the Sysinternals End-User License Agreement (EULA). Tick the checkbox to accept, then click Next.
MSI Install Sysinternals

Note: Sysinternals are Microsoft tools used to enhance endpoint telemetry. ThreatDefence recommends accepting the EULA.
More information: • Sysmon | Microsoft Learn • Autoruns | Microsoft Learn

(Optional) You may see an advanced option to override the Sysinternals download source. Leave this blank unless required, then click Next.
MSI Sysinternals Redist

Note:: For restricted/offline networks, see Advanced Windows Install: /docs/Deployment/Endpoint Agent/Install Guides/AdvancedWindowsInstall.md

Click Install to begin.
MSI Ready To Install
When installation completes, click Finish.
MSI Install Wizard Completion

Silent / Command-Line Installation

For unattended or scripted deployments, use msiexec:

msiexec.exe /i TD_Endpoint.msi /qn ACTIVATION_CODE=xxx SYSINTERNALS_ACCEPT_EULA=Yes

Command Line Install Options:

Argument

Required

Description

Examples

Default

ACTIVATION_CODE

Unique activation code, distributed on portal

N/A

SYSINTERNALS_ACCEPT_EULA

Accepts the Sysinternals software license terms available here.

SYSINTERNALS_ACCEPT_EULA=Yes

REDIST

URL or Local directory path to pre-downloaded Sysinternals binaries. For use in restricted networks. See our article, Redist Override, for more info.

REDIST=http://web01.mycompany.com/td REDIST=C:\windows\temp\td

N/A

AUTO_UPDATE

Disable the automatic updater.

AUTO_UPDATE=No

N/A

Uninstalling Windows Agent

Go to “Apps & Features" or "Add/Remove Programs”.
Type “TD_Endpoint”, choose TD_Endpoint and click “Uninstall”.

Advanced Installation - Group Policy

For enterprise deployments, see our article on MSI Transform files

Advanced Uninstall - Command Line / Silent

Open PowerShell by pressing Windows Key + X and select Windows PowerShell (Admin).

Retrieve the application's IdentifyingNumber by entering Get-WmiObject Win32_Product

Uninstall the application using the following command, replacing IdentifyingNumber with that retrieved in the previous step:

msiexec.exe /x "<IdentifyingNumber>" /qn

Ensure you enclose the IdentifyingNumber with double quotes. e.g.

msiexec.exe /x "{3357A676-12AA-42AB-ADF3-A3DC3E0EA726}" /qn

TD_Endpoint agent will now be uninstalled from your system.

Post-Installation Configuration Options

tdcli.exe is located in C:\Program Files\TDagent\tdcli\tdcli.exe and accepts several command-line options to modify existing installations:

Argument

Description

Example

upgrade-sysinternals

Upgrades sysmon to the latest available at https://live.sysinternals.com/. Note: Will be overridden by REDIST path if set during install.

C:\Program Files\TDagent\tdcli.exe upgrade-sysinternals

disable-sysinternals

Uninstalls and disables Sysinternals binaries.

C:\Program Files\TDagent\tdcli.exe disable-sysinternals

enable-sysinternals

Installs and enables Sysinternals binaries.

C:\Program Files\TDagent\tdcli.exe enable-sysinternals

PreviousInstallation Guides NextDeploying via MS Intune

Last updated 4 months ago

hashtagStandard Installation (Windows GUI)

hashtagSilent / Command-Line Installation

hashtagCommand Line Install Options:

hashtagUninstalling Windows Agent

hashtagAdvanced Installation - Group Policy

hashtagAdvanced Uninstall - Command Line / Silent

hashtagPost-Installation Configuration Options