Installing the Endpoint Detection and Response agent

To deploy Endpoint Detection and Response on a device, the device must have Endpoint Protection installed and it must belong to a site with Endpoint Detection and Response enabled. By default, when Endpoint Detection and Response is enabled for a site, all devices on that site will have Endpoint Detection and Response installed when Endpoint Protection is installed.

Note: A system extension is installed with Mac Agent version 9.6.4 or later. This system extension is required for securely isolating a device from the network. See Isolating and unisolating a device. If you silently install the Mac Agent using mobile device management (MDM), see this knowledge base article for configuration file requirements that prevent content filter and system extension dialog boxes from appearing to your customers. If you silently uninstall the Mac Agent, the system extension remains on the device.

Note: To use Detection and Response products on an M-Series Mac device, you must have Rosetta installed.

On Windows devices, if you have custom policies set that prevent automatic installation of Endpoint Detection and Response with Endpoint Protection, you can choose to enable Endpoint Detection and Response by assigning an Endpoint Protection policy with the "Install EDR / MDR Agent" setting enabled.

To enable the "Install EDR / MDR Agent" setting:

Note: Currently, enabling or disabling Endpoint Detection and Responseusing an Endpoint Protection policy is only available for Windows devices.

  1. In the navigation pane, go to Manage > Policies.

  2. From the Endpoint Protection tab, select the Policy associated with devices that you want to install the EDR agent on. This Policy can be edited (excluding System Policies) to install the EDR agent.

    Note: System Policies (excluding the Unmanaged Policy) will have Install EDR / MDR Agent set to On by default.

  3. Scroll down to Policy Settings. In the EDR / MDR section, select On beside Install EDR / MDR Agent.

  4. In the Policy Usage section, you can identify which systems will be affected.

  5. Click Save.

The next time Entities using this Policy check in, the Endpoint Detection and Response agent will be installed.

You can also choose to disable Endpoint Detection and Response for devices within a Site by assigning a custom policy to those devices with the "Install EDR / MDR Agent" setting disabled. Endpoint Detection and Response will remain enabled on any devices that do not have a custom policy disabling Endpoint Detection and Response.