Technical details on Windows agent

Installation and uninstallation of the agent

Windows installation package comes under the form of a .msi file. This package follows Microsoft official recommendations regarding installation file creation.

Agent MSI is generated directly from the Cyberwatch interface, using the Windows agent creation form. The MSI is loaded with the selected configurations from the form in Cyberwatch, such as: the architecture type, groups, Cyberwatch instance URL…

It is also possible to get the installers directly through these download links:

Once installed, a program is added to the the list of programs and features available through the control panel.

The MSI can be installed with a simple “double click” on the file, as any other installation file. For bulk deployment, the agent supports official Microsoft deployment methods such as GPOs but also any other deployment mechanism using third-party solutions (e.g. SCCM, Chocolatey…).

Uninstalling the Cyberwatch agent also follows official Microsoft recommendations. The agent can be uninstalled from the list of program and features of the control panel.

How the agent works

On Windows systems, agent installation will create a service named CyberwatchAgent.service and a directory C:\Program Files\CYBERWATCH SAS\CyberwatchAgent\.

This directory contains the following elements:

  • a logs/ directory gathering the agent logs in two separate files:
    • a file agent.log for the agent execution logs;
    • a file service.log for the service execution logs;
  • the file agent.conf contains the agent configuration information (URL, API keys…);
  • executable file cyberwatch-agent.exe execution program of the agent;
  • executable file CyberwatchService.exe, used for the service creation;
  • a PowerShell script launcher.ps1 called by the service, and responsible for launching the file cyberwatch-agent.exe.

The service CyberwatchService is executed every 5 minutes and triggers the communication of the agent with the Cyberwatch scanner to which it is registered, based on the URL configured than can be found in the file agent.conf.

When communicating with the Cyberwatch server, the agent will simply send a request to the Cyberwatch API and fetch the tasks, if any, that has to be performed on the asset (e.g. launch a scan, deploy a patch…).

Agent updates

Cyberwatch regularly publishes agent updates, these changes are all listed in the changelog of the Cyberwatch agent.

These updates can include improvements on performance or some new features related to the agent installation and functioning for example.

These updates are not linked to the Cyberwatch application updates, an older agent version not updated will still work with the upcoming Cyberwatch versions (unless specifically indicated). Cyberwatch still recommends to update installed agents whenever it is possible.

To update the Windows agent, it is only needed to reinstall the MSI package over an already present installation. The new agent version will then replace the version previously present on the system. These updates can also be performed using the bulk deployment methods mentioned above.

Please note that if the agent update is done after a management server change, and before installing the new Cyberwatch agent, it will be necessary to take care about deleting all the elements that belongs to the old agent previously installed to avoid configuration issues. The following elements have to be deleted:

  • those found in C:\Program Files\CYBERWATCH SAS\CyberwatchAgent.
  • the associated register keys.