Install Arctic Wolf Agent on a single Windows endpoint using the CLI

You can install Arctic Wolf® Agent on a single Windows endpoint using the CLI.

Note:

Agent is designed to maintain a minimal footprint on all systems, but Arctic Wolf recommends some OS requirements. Arctic Wolf cannot guarantee functionality on virtual machine (VM) environments if resources do not meet recommended levels.
Agent does not support ARM architecture.
Windows 8.1, 8, 7, and Windows Server 2008 R2 are only supported on Agent version 2023-02_138.

These resources are required:

To correctly view Agent risks in the Unified Portal, Windows Agent version 2023-02_138 or later is required
Administrator permissions or the ability to do administrator or root level functions
Your customer UUID.
To find this value, in the Arctic Wolf Unified Portal, click Resources > Downloads, and then, in the Arctic Wolf Agent section, copy the Your Customer UUID value.
Your regional DNS hostname.
To find this value, in the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then, in the Agent section, copy the DNS hostname that begins with activate.agent-common.prod.
One of these operating systems:
- Windows 11 for 64-bit systems
- Windows 10 Pro for 64-bit and 32-bit systems
- Windows Server 2025, 2022, 2019, 2016, 2012 R2, or 2012 for 64-bit systems
- Windows 11 IoT or Windows 10 IoT for 64-bit systems
- If you plan to use Sysmon with Agent, Sysmon has these operating system requirements:
  - Windows 10 or newer for 64- and 32-bit systems
  - Windows Server 2016 or newer for 64-bit systems
These system resources:
- A x64 or x86 processor
- At a minimum:
  - A dual-core CPU
  - 2 GB of memory
  - 50 MB of disk space

These actions are required:

Confirm the installation location. Install Agent on the same drive as your ProgramFilesFolder, such as Program Files or Program Files (x86). This is usually the C:\.
Make sure outbound access is available for ports 443 and 1514.

Configure your environment firewall

Configure your firewall to allow traffic to Agent DNS hostnames.

Sign in to the Arctic Wolf Unified Portal.
In the navigation menu, click Resources > Allowlist Requirements.
Configure your firewall to allow outbound traffic for all the hostnames, not IP addresses, listed in the Agent section.

Note:
Agent must contact Arctic Wolf servers to register. If this process fails, Agent retries every 15 seconds. This has no negative effect on the system.

Add Agent processes to the allowlist

If you install Agent and an antivirus, endpoint scanner, Endpoint Detection and Response (EDR) solution, Unified Threat Management (UTM) solution, or similar software, add Agent processes to the allowlist in those applications to maintain stable CPU and memory utilization:

Configure your security systems to allow the processes listed in Arctic Wolf Agent processes.
Tip:
Arctic Wolf recommends that you define a security rule or policy exclusion for the parent folder. Then, if new processes are added during a future Agent software update, the new rule or policy exclusion applies to it. For example, for a Windows endpoint, define a rule that applies to one of these file paths based on your Windows operating system (OS):
- Windows 64-bit OS — C:\Program Files (x86)\Arctic Wolf Networks\
- Windows 32-bit OS — C:\Program Files\Arctic Wolf Networks\
Add the files listed in Arctic Wolf Agent hash values to all allowlists.
If you use an EDR solution, verify that your EDR configuration changes are applied to all endpoints.

See the technical documentation for the security systems that you are configuring for more information.

Trust Agent scanner signed files

You must trust Agent scanner signed files to ensure Agent vulnerability and benchmark scanning is not impacted by other endpoint security tools installed on the endpoint.

If you partnered with Arctic Wolf as a Managed Risk customer before December 11, 2025, your vulnerability and benchmark scanning uses the PowerShell console by default. Scans fail if the console usage is blocked by endpoint security tools.

As of December 11, 2025, Arctic Wolf uses signed PowerShell scripts by default. Do one of these actions to ensure successful scans:

If you partnered with Arctic Wolf before this date and you want this feature, complete the Trust Agent scanner signed files on Windows procedure, and then contact your Concierge Security® Team (CST) to enable this feature.
If you partnered with Arctic Wolf on or after this date, complete the Trust Agent scanner signed files on Windows procedure.

Enable VBScript

VBScript must be enabled to install Arctic Wolf Agent.

If you have disabled VBScript, you must re-enable this Windows feature.

Go to Start > Settings > System > Optional features.
Select View features.
In the search dialog, enter VBSCRIPT, and then select the check box for the VBScript search result.
To enable the VBScript feature, click Next.

Install Arctic Wolf Agent on Windows using the CLI

You can install Agent using the Agent installer or using the CLI.

Download the Agent installer:
1. Sign in to the Arctic Wolf Unified Portal.
2. In the navigation menu, click Resources > Downloads.
3. In the Arctic Wolf Agent section, in the Operating System list, select the required operating system.
4. Click Download Agent.
Extract the Agent zip contents into a folder to access the MSI and customer.json files.
Open a command prompt with administrator permissions.
Run this command:
SHELL
msiexec /i agent_file /qn CUSTOMER_UUID=customer_uuid REGISTER_DNS=regional_dns /l*v scout_install.log
```
msiexec /i agent_file /qn CUSTOMER_UUID=customer_uuid REGISTER_DNS=regional_dns /l*v scout_install.log
```
Where:
- agent_file is the name of the Agent MSI file that you downloaded.
- customer_UUID is your customer UUID. For more information, see Prerequisites.
- regional_DNS is your regional DNS hostname. For more information, see Prerequisites.