Article Content
Article Number | 000033607 |
Applies To | RSA Product Set: ECAT, NetWitness Endpoint RSA Version/Condition: 4.x Platform: Windows Server 2012 R2 |
Issue | Due to issues such as an unavailable agent, incorrect version information in the UI, or general troubleshooting problems, the ECAT agent may need to be removed from a target client. The challenge with this is that the agent machine may not allow for an RDP or other remote sessions to the device. In this scenario, it is useful to have a means to remotely run commands against the target machine to try and remove the ECAT agent from the machine remotely to avoid disruption to other users at the time. |
Resolution | UNINSTALLING AGENTS REMOTELYTo uninstall a single agent:
To uninstall multiple agents:
Note: You must create a text file in the current directory with a list of IP addresses which is passed into the list of agents. Be aware of the username requirements for updating multiple agents before running this command, as otherwise, it may fail to update some or all of the agents. INSTALLING AGENTS REMOTELYTo install a single agent: 1. Ensure you have installed psexec and it is in the current directory (or else System32 folder) and place the ECAT agent installer package in the same directory (this avoids needing to specify an exact path to the package file when running the command). 2. Run the following command to upload the file in your current directory to the remote system:
To install multiple agents at once:
Note: You must create a text file in the current directory with a list of IP addresses which is passed into the list of agents. Be aware of the username requirements for updating multiple agents before running this command, as otherwise, it may fail to update some or all of the agents. It is useful to check and verify with the sc command the status of the agent service following the update: sc //IP_address query "service_name |
Notes | Additional Information: The utility "psexec" was developed by Mark Russinovich of Sysinternals (now part of Microsoft). This KB article was prepared to demonstrate a specific use case with the RSA NW Endpoint product. More details on use of this tool can be found with below link. https://adamtheautomator.com/psexec-ultimate-guide/ This article should be updated once a similar method is available for Mac and Linux agents. |