Infocyte: ARR Agent Install Instructions

Here you will find the installation instructions for the EDR Agent

 

Required Parameters

• Your ARR Instance name - Provided during your onboarding
  • Please be certain to replace the *********** in the commands with the Instance name.
• Your ARR Agent Registration Key (Regkey) Obtained in the portal 
  • Please be certain to replace the %%%%%%%%% in the commands with the Regkey.

---

Installation for Windows OS

• • Method 1 - Powershell command (RECOMMENDED)

  • [System.Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072); (new-object Net.WebClient).DownloadString("https://raw.githubusercontent.com/Infocyte/PowershellTools/master/AgentDeployment/install_huntagent.ps1") | iex; installagent *********** %%%%%%%%%

    
    
    • Ensure to run PSConsole as Administrator if doing a manual install
    • Make sure your current Cylance policy does not block PSConsole usage

    Method 2 - Installer

    64 Bit Installer

    •  Download the installer from:
      • https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.windows.exe
    • Run the installer using the following command in an elevated command prompt:

      agent.windows.exe --url https://***********.infocyte.com --key %%%%%%%%%

    32 Bit Installer

    • Download the installer from:
      • https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.windows32.exe
    • Run the installer using the following command in an elevated command prompt: 

      agent.windows32.exe --url https://***********.infocyte.com --key %%%%%%%%%

    Method 3 - Group Policy

    Prerequisites:

    • Windows Server 2012 R2 or greater
    • Domain Administrator account
    • Microsoft Windows endpoints
    • File to convert into a Batch file "install_agent.txt"
    • Instancename (provided by SonicWall Managed Services
    • Regkey (provided by SonicWall Managed Services)

    Getting Ready:

    • Copy the following code into a text editor:

      @echo off
      :: Install Infocyte Agent
      :: For use in a GPO Startup Script (Note: Logon script will not work as it operates with the user's non-admin permissions)
      :: Best Reference for steps: https://www.petri.com/run-startup-script-batch-file-with-administrative-privileges
      
      :: Change "instancename" to your cname
      :: Change "regkey" to your registration key made in the Infocyte HUNT admin panel (or leave blank if not using)
      
      set instancename=demo1 
      set regkey= 
      
      :: if download folder needs to be changed, uncomment the following and modify the path:
      set downloadpath= 
      ::set downloadpath=-DownloadPath 'C:\windows\temp\agent.windows.exe'
      
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nologo -win 1 -executionpolicy bypass -nop -command "& { [System.Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072); (new-object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Infocyte/PowershellTools/master/AgentDeployment/install_huntagent.ps1') | iex; installagent %instancename% %regkey% %downloadpath% }"
      
      :: for testing, you can add a -interactive to the installagent command. The end of the above command would look like this:
      :: ...installagent %instancename% %regkey% -interactive }"
      

    • Change the myinstancename123 to the the instancename provided by SonicWall Managed Services.
    • Change the myregkey123 to the regkey provided obtained from the instance.
    • Save the file as “install_agent.bat” 

Create the GPO:

• • • Open Server Manager and go to Tools > Group Policy Management
    • In Group Policy Management Console select domain and click Group Policy Objects
    • Right-click Group Policy Objects and select New
    • For Name type "Install HUNT Agent" and click OK
    • Right-click the new GPO in the right pane and click Edit
    • In the Group Policy Management Editor window, click Computer Configuration, then Policies, then Scripts. Double-click Startup
    • On the Scripts tab of the Startup Properties box, click Show Files. Copy the "install_agent.bat" file created in the previous Getting Ready section of this article
    • Click Add
    • Click Browse and select the file "install_agent.bat"
    • Click OK
    • Find the Domain or OU that you wish to link to the newly created GPO
    • Right-click it and click Link an Existing GPO
    • Click OK

Your script should now run and install the ARR agent on all machines in the selected group.

• Validating Install
  • • You can validate a successful install if you see the service ‘Infocyte HUNT Agent’ running on the machine

 

 

Uninstall 

• • In order to uninstall an agent on Windows, users can uninstall via Add/Remove Programs or via command line as an Administrator using the following command:

    "C:\Program Files\Infocyte\Agent\agent.exe" --uninstall

• • If needed, the /quiet Windows command switch can be added to run the uninstall silently.

    "C:\Program Files\Infocyte\Agent\agent.exe" /quiet --uninstall

 

 

Installation for Linux

Linux Support for Agent Installation:

• • To install the Linux Agent, systemd is required as the default init for the system. This is the default with most modern Linux OSes.
  • The check if you are using systemd, type this command:

    file /sbin/init

  • The output should be something similar to:

    sbin/init: symbolic link to /lib/systemd/systemd

 

Installing Agent

64-Bit

• • Download the 64-bit installer from: https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.linux64.exe
  • After downloading the agent, navigate to the download folder (or location of downloaded file) and run the following command to prep the agent for execution:

    chmod +x linux64.exe

  • After downloading the agent, navigate to the download folder (or location of downloaded file) and run the following command to prep the agent for execution:
  • Now you can run the installer with the following command: 

    sudo ./linux64.exe --key %%%%%%%%% --url https://***********.infocyte.com

32-Bit

• • Download the 32-bit installer from: https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.linux32.exe
  • After downloading the agent, navigate to the download folder (or location of downloaded file) and run the following command to prep the agent for execution: 

    chmod +x linux32.exe

  • Now you can run the installer with the following command: 

    sudo ./linux32.exe --key %%%%%%%%% --url https://***********.infocyte.com

 

Validating Install

• • Run the following command in Terminal: 

    systemctl status huntagent

 

Uninstall (Linux)

• • Run the following command: 

    sudo /usr/local/infocyte/agent/agent.exe --uninstall

 

Manual Uninstall

• • Run the following commands in a terminal:

    systemctl stop HUNTAgent
    systemctl disable HUNTAgent
    rm /etc/systemd/system/HUNTAgent.service
    systemctl daemon-reload
    systemctl reset-failed
    rm -rf "opt/ infocyte

 

MacOS - El Capitan -> Mojave

Installing Agent

• • Download the MacOS installer from:  https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.macos.exe        
  • Open the terminal, navigate to the download folder (or location of downloaded file).
  • Run command: 

    sudo chmod +x agent.macos.exe

  • Run command 

    sudo ./agent.macos.exe --url https://***********.infocyte.com  --key %%%%%%%%%

 

Validating Install (All macOS)

• • Run the following command from a macOS terminal. 

    ps -u root | grep agent

  • You should see something similar to the following screenshot.

 

Uninstall

• • Run Command 

    sudo /usr/local/infocyte/agent/agent.exe --uninstall

 

Manual Uninstall

• • Run the following commands in a terminal: 

    systemctl stop HUNTAgent
    systemctl disable HUNTAgent
    rm /etc/systemd/system/HUNTAgent.service
    systemctl daemon-reload
    systemctl reset-failed
    rm -rf "opt/ infocyte

 

MacOS - Catalina –> Monterey

Installing Agent

• • Download the MacOS installer from:  https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.macos.exe

• • Rename the file to: rts.macos.exe
  • Open the terminal, navigate to the download folder (or location of downloaded file)
  • Run command: 

    sudo cat rts.macos.exe > rts.macos-catalina.exe && sudo chmod +x rts.macos-catalina.exe

  • Run command: 

    sudo ./rts.macos-catalina.exe --url https://***********.infocyte.com  --key %%%%%%%%%

 

Validating Install (All macOS)

• • Run the following command from a macOS terminal. 

    ps -u root | grep agent

• • You should see something similar to the following screenshot.

 

Uninstall

• • Run Command: 

    sudo /usr/local/infocyte/agent/agent.exe --uninstall

 

Manual Uninstall

• • Run the following commands in a terminal: 

    systemctl stop HUNTAgent
    systemctl disable HUNTAgent
    rm /etc/systemd/system/HUNTAgent.service
    systemctl daemon-reload
    systemctl reset-failed
    rm -rf "opt/ infocyte

 

MacOS - Ventura –> Sonoma

Installing Agent

• • Open the Terminal.
  • Run the following command: 

    sudo spctl --master-disable

  • Enter Admin Password when prompted.

• • Close the Terminal.
  • Download the MacOS installer from: https://s3.us-east-2.amazonaws.com/infocyte-support/executables/agent.macos.exe

• • Rename the file to: rts.macos.exe
  • Move the renamed file to the documents folder.
  • Open Terminal.
  • Navigate in Terminal to the documents folder: 

    cd documents

• • Run the following command: 

    cat rts.macos.exe > rts.macos-catalina.exe

• • When the following window pops up, select OK

• • Run the following command: 

    chmod +x rts.macos-catalina.exe
    sudo ./rts.macos-catalina.exe --url https://***********.infocyte.com  --key %%%%%%%%%

  • Enter Admin Password when prompted.
  • Enter the final command: 

    sudo spctl --master-enable

CAUTION: BE CERTAIN TO RUN THE LAST COMMAND TO RE-ENABLE SYSTEM SECURITY 

 

Validating Install

• • You can use EITHER of the following methods to validate agent is installed and running on the device.

• • Look for agent.exe process in the Activity Monitor.

OR

• • Run the following command from a macOS terminal. 

    ps -u root | grep agent

---

Uninstall

• • Navigate to and open /Library/LaunchDaemons/com.infocyte.HUNTAgent.plist.
  • Delete ONLY the FIRST empty line in the file.
  • Save the changes to the file.
  • Run the following uninstall command: 

    sudo /usr/local/infocyte/agent/agent.exe --uninstall

 

Manual Uninstall

• • Navigate to and open /Library/LaunchDaemons/com.infocyte.HUNTAgent.plist.
  • Delete ONLY the FIRST empty line in the file.
  • Save the changes to the file.
  • Run the following commands in a terminal: 

    systemctl stop HUNTAgent
    systemctl disable HUNTAgent
    rm /etc/systemd/system/HUNTAgent.service
    systemctl daemon-reload
    systemctl reset-failed
    rm -rf "opt/ infocyte

 

RMM Install

 !!Deploying the agent via RMM may limit our ability to assist with troubleshooting stability issues!!

Installation Using Atera PowerShell Script

Disclaimer :  Deploying the agent via RMM may limit our ability to assist with troubleshooting stability issues.

• • We do not use this RMM tool directly and all instructions were created from feedback provided by existing partners.
  • As RMM GUI’s update, some of the information might vary in this document
  • We are open and request feedback from partners to help us keep this document updated

---

Prerequisites

• • PowerShell 4.0 is required for this method to work.

Creating the Script

• • Navigate to the Admin area.
  • Select Scripts under Monitoring.

• • On the next screen, select Create Script.

• • Enter a Description and Filename.
  • Confirm that .ps1 is selected as the script type.

• • In the script editor section, copy the PowerShell install script contents provided by the SonicWall Managed Security Services engineer.
  • Select Create Script button

 

Deployment

• • Navigate to the devices list within Atera
  • Select a device(s) and deploy the script create above

Installation Using SyncroRMM PowerShell Script

Disclaimer: Deploying the agent via RMM may limit our ability to assist with troubleshooting stability issues.

• • We do not use this RMM tool directly and all instructions were created from feedback provided by existing partners.
  • As RMM GUI’s update, some of the information might vary in this document.
  • We provide these instructions as best effort and are open and request feedback from partners to help us keep this document updated.

Prerequisites 

• • PowerShell 4.0 is required for this method to work.

Creating the Script

• • In Syncro:

• • Log into your SyncroMSP Account
  • Select Scripts from the Top Menu
  • Select the New Script Button

• • Enter a Name for the Script (E.g. ARR Infocyte Install)

Optional

• • Mark the Script as a Favorite
  • Check "Available on Every Customer Portal"
  • Copy and Paste the contents of the PowerShell script into the Script box. 
  • Select Create Script button

Using Variables

• • If using Target Groups inside the Infocyte portal, a variable for can be used for the Regkey parameter.

Create a new 'Customer Field'

• • In SyncroRMM
  • Navigate to the Admin Tab - Customer Custom Field
  • Click New Field
  • Name:
  • Field Type: Text Field

Add the Customer Field variable to each Customer

• • Navigate to the Customers Tab
  • Click Edit in the Customer Fields section

  • Add the RegKey for the Target Group of this Customer

• • Edit the installation script
  • Navigate to your previously created script
  • Click the Add Script Variable button
  • Choose Platform under variable type
  • Use the dropdown to find your customer custom field
  • Input a name into the Variable Name field
  • Update your PS script to match the variable name

Deployment

• • Select the Assets and RMM menu item.
  • Select the Computer you want to install the ARR agent on or alternatively, select the top checkbox to install ARR on all computers.

• • At the top select Manage > Run Script