Install the Arctic Wolf Agent Containment Driver on Windows using the MSI file
You can manually install the Arctic Wolf® Agent Containment Driver using the MSI file.
If you use this installation method:
- The Agent Containment Driver status does not appear in the Arctic Wolf Unified Portal.
- The Agent Containment Driver does not update automatically.
Arctic Wolf recommends using the Arctic Wolf Unified Portal to install your Agent Containment Driver. See Install the Arctic Wolf Agent Containment Driver. If you have already installed the driver using the Arctic Wolf Unified Portal, do not install the driver using the MSI file. Installing the containment driver using the Arctic Wolf Portal allows for automatic updates and accurate installation status in the Arctic Wolf Unified Portal
When a host is successfully contained, this notification appears: "This machine has been quarantined."
When host containment is removed, this notification appears: "This machine's quarantine has been lifted."
For information about troubleshooting containment, see Troubleshoot Arctic Wolf Agent Containment Driver.
Agent does not support ARM architecture.
These resources are required:
- One of these operating systems:
- Desktop
-
Windows 11 or 10
-
-
Server
- 2022, 2019, 2016, or 2012 R2
- These system resources:
-
A x64 or x86 processor
- At a minimum:
- A dual-core CPU
- 2 GB of memory
- 50 MB of disk space
-
- Desktop
These actions are required:
- For your EDR system to communicate with the Agent endpoint during containment, you might need to allowlist your EDR system. Contact your Concierge Security® Team (CST) at security@arcticwolf.com to configure Agent allowlisting.
Install the Arctic Wolf Containment Driver using the MSI file
- In the navigation menu, click
Tickets & Alerts > All Tickets.
Verify that the Arctic Wolf Agent Containment service is installed
This step is optional.