Arctic Wolf Agent Installation

Updated Sep 19, 2023

Arctic Wolf Agent deployment

Arctic Wolf® Agent is an endpoint security management tool that functions as a component of the following solutions:

You can install Agent on desktop computers, laptops, virtual machines (VMs), and some cloud deployments.

Note: Do not install Arctic Wolf Agent on an endpoint that already has Wazuh installed.


Supported operating systems

System requirements

Networking requirements

Allowlist requirements

You must configure your firewall and other network and endpoint security applications so that they do not block or interfere with Agent operations. In most applications, this means adding network addresses, files or file paths, and processes to an exclusions list or a safe list.

Allow Agent DNS hostnames

To enable Agent installation, updates, and functionality, configure your firewall to allow traffic to Agent DNS hostnames.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Go to Help, and then select Allowlist Requirements.

  3. Go to the Agent section to view the list of DNS hostnames to allow.

  4. Configure your firewall to allow outbound traffic to the listed hostnames.

    Note: You must add the hostnames, not IP addresses, to your allowlist configurations.

Allow Agent processes

If you are installing Agent alongside an antivirus, endpoint scanner, Endpoint Detection and Response (EDR) solution, Unified Threat Management (UTM) solution, or similar software, you must add Agent processes to the allowlist in those applications to ensure stable CPU and memory utilization.

  1. Configure your security systems to allow the processes listed in Arctic Wolf Agent Processes.

    Tip: If feasible, define a security rule or policy exclusion for the parent folder so that the rule or policy exclusion applies to new processes that might be added with a future Agent software update. For example, for a Windows machine, define a rule that applies to this file path: C:\Program Files\Arctic Wolf Networks\Agent\.

  2. Add the files listed in Arctic Wolf Agent SHA-256 Hash Values to all allowlists.

  3. If you use an EDR solution, verify that your EDR configuration changes are applied to all endpoints.

For more detailed instructions, see the technical documentation for the security systems that you are configuring.

Agent installation options

You can install a single instance of Arctic Wolf Agent, see Arctic Wolf Agent on a Single Endpoint.

You can also bulk install Arctic Wolf Agent on several endpoints. Follow the guide for your operating system:

Operating system Installation tools Guide
  • Agent Installer
  • Group Policy Management
  • Intune
  • Sysmon
Arctic Wolf Agent Installation on Windows
  • Agent Installer
  • Jamf Pro
Arctic Wolf Agent Installation on macOS
  • Agent Installer
Arctic Wolf Agent Installation on Linux

Install Arctic Wolf Agent on a base image

You can run the installer as a post-image install script after the system loads the image successfully. You should not pre-install the Agent on a base image.

Install Sysmon

Uninstall Agent