Windows Hosts
The Sysdig Windows agent is installed on a Windows host and collects data from that host. It sends the collected data to the Sysdig backend and syncs the Falco runtime policies and rules from the backend to the agent.
Installation Requirements
Prerequisites
Windows Server 2019 and above.
ACCESS_KEY
: The agent access key.COLLECTOR
: Use the collector address for your region.For more information, see SaaS Regions and IP Ranges.
Administrator permissions to perform the operations.
Install the Windows Agent
You can install the Windows Agent using an MSI, which supports both GUI and CLI operation. Download the MSI package from the Sysdig download center.
GUI Installation
You can execute the MSI using a GUI and the installation process will prompt you to accept the EULA and enter the Collector and Access Key details.
CLI Installation
Run the MSI in silent mode via CommandLine or PowerShell:
> msiexec /i sysdig-agent.msi COLLECTOR_URL=<COLLECTOR> COLLECTOR_PORT=6443 ACCESS_KEY=<AGENT_ACCESS_KEY> ACCEPT_TERMS_CONDITIONS=True /qn
The COLLECTOR_URL
and COLLECTOR_PORT
can be omitted if you intend to use the US region as these are assumed by default.
By setting ACCEPT_TERMS_CONDITIONS to True, you acknowledge and expressly agree that your use of or access to the Sysdig software is governed by the applicable terms and conditions located at Sysdig Legal Terms unless otherwise stated in a Sysdig Order Form or other written mutual agreement between Customer and Sysdig.
Antivirus/EDR exceptions
Sysdig Windows Agent may conflict when coexisting with Antivirus software or Endpoint Detection and Response (EDR) sensors. To prevent termination of the Sysdig Windows Agent processes, it is recommended to set up exclusions for the Agent root installation directory.
Carbon Black Cloud
- From the Carbon Black Cloud Console go to Enforce > Policies
- Select the desired Policy and click on the
Prevention
tab - Add a new
Permission
by clicking on the+
sign - Add a new application path in the
Permissions
section and provide the directory exclusion*:\Program Files\Sysdig\Agent\**
- Check
Bypass
option box forPerforms Any Operation
- Click
Confirm
Windows Defender
- Open
Windows Security > Virus & threat protection
- Under
Virus and threat protection settings
, selectManage Settings
- Under
Exclusions
selectAdd or remove exclusions
- Click on the
Add an exclusion
button and chooseFolder
- Browse the drive where the Sysdig Windows Agent was installed, and select the
Program Files\Sysdig\Agent
directory
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.