Installing agents on workstations
As soon as you have configured your agent groups, you must install agents on the workstations that you want to protect.
This installation is a two-step process. First, generate an installer that contains the whole configuration dedicated to the agent group. Next, deploy the agent on every workstation that must belong to this group. Once the agent is installed, it automatically becomes part of the agent group in question – the group’s configuration and policy are applied to it.
If you have installed SES Evolution on a master, you also need to change the ID of the agents on which you are deploying it.
To install and use Stormshield Endpoint Security Evolution version 2.0.2 in Microsoft Windows, agents must meet these minimum requirements.
*All versions supported by Microsoft except Server Core.
|Processors for physical machines||
Itanium processors are not supported.
|Processors for virtual machines||
At least one virtual socket and a single 1 GHz core per socket. Stormshield recommends one virtual socket and two 2 GHz cores per socket.
CPU reservation must be enabled on your hypervisor.
|Physical memory||At least 1 GB. Or more if the operating system requires it. Stormshield recommends 2 GB.|
These are the disk space requirements for the NTFS file system. More space will be needed for updates and log storage.
|Software||Framework .NET 4.6.2 or higher.|
|Display||At least 1024X768.|
The SES Evolution agent installer creates a Windows restore point just before copying files on the disk. So if there are any compatibility issues with another program, this will make it possible to revert to the state of the system as it was before SES Evolution as installed. A restore point will also be created when the agent is updated.
In order for the restore point to be created, the feature must be enabled in the System > System protection panel in Windows. For further information on restoration, refer to Windows documentation.
The Agent groups - Modify privilege is required to generate an installer for agents.
- Select the Agents menu.
- Ensure that you have configured the agent group with your preferences and deployed the environment. For further information, refer to the section Creating and configuring agent groups.
- From the panel on the left, select the agent groups that you want to apply to the workstations.
- Click on Installer > Generate an installer and choose the 32- or 64-bit version.
- Save the installation file AgentSetup_xxx.exe at the location of your choice.
- Next, deploy this file on workstations as your usually do (GPO, SCCM, etc.).
You can add the following options to your command line:
To make the installation transparent for the user of the workstation
To copy the agent’s installation files (binary and resource files) into a folder other than %SYSTEMDRIVE%\Program Files. /datadir To copy the agent’s data files (logs, policies, scripts, etc.) into a folder other than %SYSTEMDRIVE%\ProgramData.
Both folders must be located on an NTFS partition on a local volume. Do not choose the same folder for installation files and data files.
As soon as the agent is installed, the icon appears in the Windows status bar, indicating that the installation is not complete.
- Restart the workstation. The icon indicates that the agent is now fully functional.
During its initial connection to the agent handler, every deployed agent will get a unique identity. It will then appear in the panel of the corresponding agent group in the administration console. The whole configuration of the agent group will be applied to it, especially security policies.
Install an SES Evolution agent on a master by following the procedure for the installation of a standard agent. After the master is deployed on workstations, they are immediately protected by SES Evolution. However, you must change the identifier of each agent to assign an individual identity to it.
There are two ways to assign a new identifier to an agent that was created from a master. On the workstations where the master was deployed::
- Delete the registry value of the agent’s identifier (value: AgentGuid) located in: HKEY_LOCAL_MACHINE\SOFTWARE\Stormshield\SES Evolution. A new identifier will be generated the next time the agent connects to the agent handler.
- or -
- Run the agent installer AgentSetup_xxx.exe in command mode with the option /newagentid. This command assigns a new identifier to the agent without the need to install one again.