TDR Host Sensor CLI and GPO Installation

The end-of-life date for TDR is 30 September 2023. On this date, the TDR UI in WatchGuard Cloud will no longer be available. Host Sensors will continue to function, but remediation and report generation will be disabled. To upgrade your Host Sensors to Endpoint Security, go to the Host Sensor upgrade to Endpoint Security Knowledge Base article.

You can use the Windows command line interface (CLI) to install the TDR Host Sensor .MSI file. You can also use the command line option for deployment through Active Directory Group Policy Objects (GPO). To install the TDR Host Sensor from the Windows Command Prompt, you must download the Host Sensor .MSI installer file and get the Account ID and Controller Address for the TDR account.

For information about TDR Host Sensor OS compatibility, see the Threat Detection & Response Release Notes on the TDR Release Notes page.

To install a TDR Host Sensor on a Windows computer, you must have:

  • Host Sensor .MSI installer file
  • TDR Account ID
  • TDR Controller Address

You must also run the installer as a Windows Administrator.

Download the Host Sensor and Account Information

To download the Windows Host Sensor .MSI installation file and account information:

  1. Log In to TDR.
  2. Select Monitor > Threat Detection.
  3. In the Devices / Users section, select Hosts.
    A list of hosts on your network appears. By default, the Hosts page shows only hosts with a Host Sensor installed.
  4. Click Download Host Sensor.
    The Host Sensor Download page opens with Microsoft Windows selected in the drop-down list.
  5. Copy the Account ID and Controller Address.
  6. Click Download.
    The Host Sensor .MSI installer file downloads.

Install a Host Sensor from the Windows Command Prompt

To run the Host Sensor .MSI installer:

  1. In the Windows Start menu, right-click the Command Prompt and select Run as Administrator.
    A Windows Command Prompt window opens.
  2. Change directory to the location of the .MSI file.
  3. To run the Host Sensor installer, in the Command Prompt window, type:

msiexec /i [host sensor msi file] /quiet AccountUUID=[Account ID] CONTROLLER_ADDRESS=[Controller Address]

For example:

msiexec /i host_sensor-5.0.2.7180.msi /quiet AccountUUID=d4377396-ff5e-4a65-8518-4907d0492855 Controller_Address=tdr-hsc-eu.watchguard.com:443

After you install the Host Sensor, check the status on the Hosts page in the associated TDR account. For more information, go to Manage TDR Hosts and Host Sensors.

Use an AD GPO to Install Host Sensors

You can use the command described in the previous procedure to remotely install Host Sensors on multiple hosts through an AD Group Policy Object (GPO). You must use an installation method that supports command line parameters.

There are two methods to set up a GPO to install an .MSI file with command line parameters:

Option 1 — Create a System Startup GPO That Runs a Batch File

Configure a GPO for a startup script or logon script that runs a batch file that installs the Host Sensor. The batch file contains only one line, which specifies the network path to the .MSI file. The other parameters are the same as described in the previous procedure for installation from the Windows Command Prompt.

msiexec /i "[path]\[host sensor msi file]" /quiet AccountUUID=[Account ID] CONTROLLER_ADDRESS=[Controller Address]

For example:

msiexec /i "\\server\share\host_sensor_5.0.2.7180.msi" /quiet AccountUUID=d4377396-ff5e-4a65-8518-4907d0492855 Controller_Address=tdr-hsc-eu.watchguard.com:443

Option 2 — Create a Software Installation GPO that Uses a Transform (MST) File

Create a transform file (.MST) that contains the required command line parameters. The Orca tool to create the .MST file is in the Windows SDK, which is available from Microsoft.

  1. Open Orca.
  2. Select File > Open and open the original .MSI file.
  3. To start a new transform, select Transform > New Transform.
  4. In the Property list , add the ACCOUNTUUID property with the Account UUID for your TDR account.
  5. In the Property list, add the CONTROLLER_ADDRESS property with the Controller Address for your TDR Account.
  6. To generate the transform file, select Transform > Generate Transform.
  7. To save the transform file, select File > Save Transformed As.
  8. Copy the original MSI file into the directory where the .MST file is located.
  9. To manually test the installation, type this command: 
    install: msiexec /i [host sensor msi file] /q TRANSFORMS=[host sensor mst file]

After you create the .MST file, create a Software Installation GPO that includes both the .MSI and .MST files.

  1. Open the Group Policy Management Editor software installation settings.
  2. In the white space, right-click and select New > Package.
  3. Specify the network path to the .MSI file.
  4. Select Advanced.
  5. Select the Modifications tab.
  6. Click Add.
  7. Specify the network path to the .MST file.
  8. Click OK.
  9. Use gpupdate to refresh the group policy settings.
  10. To test the GPO, reboot a computer in the domain.

Related Topics

TDR Host Sensor Installation with Jamf

TDR Host Sensor Automated Installation

Uninstall TDR Host Sensors