Red Cloak Endpoint Agent for Incident Response Services

Introduction

This page is intended to provide reference information regarding deployment and operation of the Red Cloak™ Endpoint Agent during Incident Response and Threat Hunting engagements. Additional information can be found here: Red Cloak Endpoint Agent Installation.

How do I deploy Red Cloak Endpoint Agent? Can I use my own software distribution system?

The recommended way to deploy is to use your existing software distribution system. Secureworks will provide an MSI or RPM package that embeds a configuration specific to your network. This package can be deployed via Group Policy Object, Microsoft Endpoint Configuration Manager, or other similar means. Secureworks can also provide a standalone executable that can be added to domain logon scripts if an MSI is inconvenient.

Does Red Cloak Endpoint Agent leverage network proxies?

Reference this link for information regarding the Red Cloak Endpoint Agent’s use of proxies: Red Cloak Endpoint Agent Proxy Support.

How do I download the Red Cloak Endpoint Agent installation file?

Reference this link for information regarding obtaining a Red Cloak Endpoint Agent installation package: Download the Red Cloak Endpoint Agent Software.

How do I install the Red Cloak Endpoint Agent package?

Windows

Information regarding installing the Red Cloak Endpoint Agent MSI on Windows systems can be found at this location: Red Cloak Endpoint Agent, Windows.

Linux

Information regarding installing the Red Cloak Endpoint Agent RPM on Linux systems can be found at this location: Red Cloak Endpoint Agent, Linux.

How can I validate that the Red Cloak Endpoint Agent is functioning as expected?

Information on how to trigger a Red Cloak Endpoint Agent test event can be found at this location: Red Cloak Endpoint Agent Test Event.

How do I uninstall Red Cloak Endpoint Agent?

Upon completion of an engagement, you may remove the Red Cloak Endpoint Agent using the following instructions: Red Cloak Endpoint Agent Uninstall.