Agent Containment - Manual Installation

User Guide

Updated Apr 11, 2023

Agent Containment - Manual Installation

Install the Agent Containment Driver using the msi file Direct link to this section

You can manually install the Agent Containment Driver using the msi file. Using this installation method, the Agent Containment Driver is not managed in the Arctic Wolf® Unified Portal or automatically updated unless you subsequently enable update drivers in the Arctic Wolf Unified Portal. To install the Agent Containment Driver using the Arctic Wolf Unified Portal, see Install the Arctic Wolf Agent Containment Driver for more information.

Note: If you have installed the Agent Containment Driver using the Arctic Wolf Unified Portal, do not install the driver using the msi file.

  1. Install the Arctic Wolf Agent Containment Driver.
  2. (Optional) Verify the installation.
  3. (Optional) Verify containment availability.

Step 1: Install the Arctic Wolf Containment Driver using the msi file Direct link to this section

  1. Contact your Concierge Security® Team (CST) to download the Arctic Wolf Agent Containment installation file.

    See Contact your Concierge Security Team in the Managed Detection and Response Dashboard.

  2. Double-click the file to start the installation or use a Group Policy Object (GPO) to install the driver.

    See Create a Group Policy Object in the Agent Installation guide for an example of how to use a Group Policy Object.

Step 2: (Optional) Verify the installation Direct link to this section

Note: If you installed Containment Driver using the msi file, the Dashboard is not aware of the Containment Driver installation.

Step 3: (Optional) Verify containment availability Direct link to this section

Uninstall the Containment Driver that used the msi file for install Direct link to this section

Uninstall the Containment Driver using common methods such as Add/Remove Programs or GPO.

See Uninstall Agent in the Agent Installation guide for an example of how to use a Group Policy Object.

Collect the msi installation log file Direct link to this section

You may need to collect additional log information when troubleshooting.

  1. In an administrative command prompt, run the following command where <file_name.msi> is the downloaded file:

    msiexec <file_name.msi> /L*v install.log
  2. Rename install.log to <customername>-install.log.

  3. Send the file to your CST.

    See Contact your Concierge Security Team in the Managed Detection and Response Dashboard.