Skip to content

Taegis Endpoint Agent for Windows Troubleshooting🔗

This document provides guidance on initial agent troubleshooting steps you can take and information you can gather prior to reaching out to Secureworks support for assistance with agent issues.

Tip

Additional Taegis Endpoint Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.

Support Kit🔗

The Windows Support Kit tool comes packaged with the agent MSI download to help with troubleshooting. Run the TaegisAgentSupportKit.x64 tool located at %Program Files%\SecureWorks\Taegis Agent with any of the following arguments after installation:

Note

For Windows Taegis Endpoint Agents version 1.0.40 and later, arguments are case insensitive and the - is optional.

Support Kit Argument Description
-agent Shows Tenant ID and Host ID values after connection is established
-antivirus Shows Name, State, Status, Path, and Timestamp values for the local antivirus product
-connection Shows Connection and Isolation status
-cpu* Shows Running Processes and Processors status
-fingerprint Shows BIOS Serial, Device UUID, First Disk Serial, System Volume Serial, and Machine GUID* regardless of connection status
-logfile Shows the 15 most recent Taegis records in both the Application and System logs for each of the following record types: Error, Warning, and Information
-server Shows Registration URL
-service Shows Service Name, Display Name, Service PID, and Service State for the Taegis Service
-stats Shows all results from the preceding arguments except for -logfile and -cpu*
-all Shows all results from the preceding arguments
-help Shows the tool's usage menu
-usage Shows the tool's usage menu
<no argument> Shows the tool's usage menu
<several arguments> Alerts the user that they can only have one argument; shows the tool's usage menu
<invalid argument> Alerts the user that the argument they entered is invalid; shows the tool's usage menu

Example:

The following will show connection and isolation status: C:\Program Files\Secureworks\Taegis Agent> TaegisAgentSupportKit.x64 -connection

Connectivity Issues🔗

  • Verify the agent's Connection Status from the Endpoint Agents Summary table of Endpoint Agents in XDR.
  • Ensure connectivity requirements are met by allowing communication to the domains through any firewalls.
  • Incorrect registration details may have been presented. Check the registration key and server for any unintended white spaces.
  • Is this a cloned device from a prior registered endpoint? If so, it may be considered duplicate and is being rejected. We recommend you uninstall and reinstall the agent with the correct registration details.

Installation🔗

  • Verify you have entered the correct registration key/server. Install will fail if registration validation fails.
  • If using cmdline, ensure to run the install as an admin.
  • Verify network connection is available and communication to *.taegiscloud.com is allowed.

Auto Upgrade Failures🔗

  • Ensure connectivity requirements are met by allowing communication to the domains through any firewalls.
  • Allow taegis-agent-prod-builds.s3.us-east-2.amazonaws.com through firewalls.
  • Share the logs found under: %ProgramData%\SecureWorks\TaegisAgent with support, including TaegisUser.log and TaegisAgentUpgrade.txt.

Performance Issues🔗

In order to troubleshoot performance issues like CPU, memory spike, blue screen of death (BSoD), and application crashing, provide Secureworks support the following information and logs. If the log files are too large, ask Secureworks for a file share link to upload the logs.

Provide the following Information🔗

  • The hostname of the machine
  • The version the agent is running
  • Amount of memory on box
  • Number of CPU cores
  • Pagefile size (as an admin, find in the Virtual memory section of the Advanced tab of Performance Options in Advanced system settings)
  • List of services that are currently started: net start
  • The TaegisUser.log file located at %ProgramData%\SecureWorks\TaegisAgent

  • Task Manager screenshot of the Details tab, sorted by CPU, to determine what is consuming the most amount of memory. Include the following columns if not already present by right-clicking a column header and choosing Select Columns: CPU Time, Working set (memory), and Commit size.

    Windows Task Manager

Service Not Starting🔗

Check logs from Event Viewer; get TaegisUser.log from %ProgramData%\SecureWorks\TaegisAgent.

Uninstall🔗

  • Uninstalling as an admin typically does not present any issues. If issues involving the driver not stopping that prevent a successful uninstall occur, reboot the system.
  • We recommend you uninstall the agent via XDR. See Uninstall via XDR.
  • Provide uninstall logs.