Skip to content

Red Cloak Endpoint Agent for Incident Response Services🔗

Introduction🔗

This page is intended to provide reference information regarding deployment and operation of the Red Cloak™ Endpoint Agent during Incident Response and Threat Hunting engagments. Additional information can be found on the TDR docs site at this location: Red Cloak Endpoint Agent Installation.

How do I deploy Red Cloak Endpoint Agent? Can I use my own software distribution system?🔗

The recommended way to deploy is to use your existing software distribution system. Secureworks will provide an MSI or RPM package that embeds a configuration specific to your network. This package can be deployed via Group Policy Object, Microsoft Endpoint Configuration Manager, or other similar means. Secureworks can also provide a standalone executable that can be added to domain logon scripts if an MSI is inconvenient.

Does Red Cloak Endpoint Agent leverage network proxies?🔗

Reference this link for information regarding the Red Cloak Endpoint Agent’s use of proxies: Red Cloak Endpoint Agent Proxy Support.

How do I download the Red Cloak Endpoint Agent installation file?🔗

Reference this link for information regarding obtaining a Red Cloak Endpoint Agent installation package: Download the Red Cloak Endpoint Agent Software.

How do I install the Red Cloak Endpoint Agent package?🔗

Windows🔗

Information regarding installing the Red Cloak Endpoint Agent MSI on Windows systems can be found at this location: Red Cloak Endpoint Agent, Windows.

Linux🔗

Information regarding installing the Red Cloak Endpoint Agent RPM on Linux systems can be found at this location: Red Cloak Endpoint Agent, Linux.

How can I validate that the Red Cloak Endpoint Agent is functioning as expected?🔗

Information on how to trigger a Red Cloak Endpoint Agent test event can be found at this location: Red Cloak Endpoint Agent Test Event.

How do I uninstall Red Cloak Endpoint Agent?🔗

Upon completion of an engagement, you may remove the Red Cloak Endpoint Agent using the following instructions: Red Cloak Endpoint Agent Uninstall.