Arctic Wolf Agent Installation on Windows - Multiple Endpoints

Updated Feb 12, 2024

Install Arctic Wolf Agent on Windows using Intune

You can install Arctic Wolf® Agent on Windows using Microsoft Intune. Intune is a cloud-based service for mobile device management (MDM). This service enables you to manage how employees use company-owned devices. For example, laptops. See Microsoft documentation for more information.

Requirements

Before you begin

Steps

  1. Add Agent to Intune.
  2. Add Arctic Wolf Agent to Intune.

Step 1: Add Agent to Intune

  1. Download and install the Intune application packager.

    See Microsoft documentation for more information.

  2. Install the Microsoft Win32 Content Prep Tool. This allows you to convert a file to a .intunewin file to upload for distribution.

  3. Run this command:

    IntuneWinAppUtil -c <setup_folder> -s <source_setup_file> -o <output_folder>

    Where:

    • <setup_folder> is the source folder.
    • <source_setup_file> is the filename of the Agent MSI file .
    • <output_folder> is the location of the new .intunewin file.

Step 2: Add Arctic Wolf Agent to Intune

  1. In the App information section:

    1. Click Select file to add the .intunewin file.
    2. In the Description field, enter a description.
    3. In the Publisher field, enter ArcticWolf.
  2. In the Program section, configure these settings:

    • Install command — Replace the existing command with:

      msiexec /i <agent_file> /qn CUSTOMER_UUID=<customer_uuid> REGISTER_DNS=<regional_dns> /l*v scout_install.log

      Where:

      • <agent_file> is the name of the Agent MSI file that you downloaded.

      • <customer_UUID> is your customer UUID.

        To find this value, sign in to the Arctic Wolf Unified Portal, click > Downloads, go to the Arctic Wolf Agent section, and then copy the Your Customer UUID value.

      • <regional_DNS> is your DNS hostname.

        To find this value, sign in to the Arctic Wolf Unified Portal, click > Allowlist Requirements, go to the Agent section, and then copy the DNS hostname that begins with activate.agent-common.prod.

    • Uninstall command — Enter msiexec /x "<GUID>" /q, where <GUID> is the globally unique identifier of the application.

    • Device restart behavior — Select Determine behavior based on return codes.

  3. In the Requirements section, specify the operating system (OS) architecture and minimum OS.

  4. Create the detection rule:

    1. In the Detection rules section, in the Rules format list, select Manually configure detection rules.
    2. In the Rule type list, select File.
    3. In the Path field, enter C:\Program Files (x86)\Arctic Wolf Networks\Agent.
    4. In the File or Folder field, enter manifest.json.
    5. In the Detection method list, select File or folder exists.
    6. Verify that the Associated with a 32-bit app on 64-bit clients toggle is set to the No position.
  5. In the Review + create section, add the application.

    Intune notifies users that the software is updating on their device. You can view the installation status in the Intune portal.

Next steps