Windows installation package comes under the form of a
.msi file. This package follows Microsoft official recommendations regarding installation file creation.
Agent MSI is generated directly from the Cyberwatch interface, using the Windows agent creation form. The MSI is loaded with the selected configurations from the form in Cyberwatch, such as: the architecture type, groups, Cyberwatch instance URL…
It is also possible to get the installers directly through these download links :
- Windows Server 2003 & Windows 7: 32 bits version or 64 bits version.
- Windows Server 2008: 64 bits version.
- Windows Server 2012 / 2016 / 2019 / 2022 & Windows 10: 32 bits version or 64 bits version.
Once installed, a program is added to the the list of programs and features available through the control panel.
The MSI can be installed with a simple “double click” on the file, as any other installation file. For bulk deployment, the agent supports official Microsoft deployment methods such as GPOs but also any other deployment mechanism using third-party solutions (e.g. SCCM, Chocolatey…).
Uninstalling the Cyberwatch agent also follows official Microsoft recommendations. The agent can be uninstalled from the list of program and features of the control panel.
On Windows systems, agent installation will create a service named
CyberwatchAgent.service and a directory
C:\Program Files\CYBERWATCH SAS\CyberwatchAgent\.
This directory contains the following elements:
logs/directory gathering the agent logs in two separate files:
- a file
agent.logfor the agent execution logs;
- a file
service.logfor the service execution logs;
- a file
- the file
agent.confcontains the agent configuration information (URL, API keys…);
- executable file
cyberwatch-agent.exeexecution program of the agent;
- executable file
CyberwatchService.exe, used for the service creation;
- a PowerShell script
launcher.ps1called by the service, and responsible for launching the file
CyberwatchService is executed every 5 minutes and triggers the communication of the agent with the Cyberwatch scanner to which it is registered, based on the URL configured than can be found in the file
When communicating with the Cyberwatch server, the agent will simply send a request to the Cyberwatch API and fetch the tasks, if any, that has to be performed on the asset (e.g. launch a scan, deploy a patch…).
Cyberwatch regularly publishes agent updates, these changes are all listed in the changelog of the Cyberwatch application.
These updates can include improvements on performance or some new features related to the agent installation and functioning for example.
These updates are not linked to the Cyberwatch application updates, an older agent version not updated will still work with the upcoming Cyberwatch versions (unless specifically indicated). Cyberwatch still recommends to update installed agents whenever it is possible.
To update the Windows agent, it is only needed to reinstall the MSI package over an already present installation. The new agent version will then replace the version previously present on the system. These updates can also be performed using the bulk deployment methods mentioned above.
Please note that if the agent update is done after a management server change, and before installing the new Cyberwatch agent, it will be necessary to take care about deleting all the elements that belongs to the old agent previously installed to avoid configuration issues. The following elements have to be deleted:
- those found in
C:\Program Files\CYBERWATCH SAS\CyberwatchAgent.
- the associated register keys.