Installing the Managed Detection and Response agent

By default, when Managed Detection and Response is enabled for a site, all devices on that site will have Managed Detection and Response installed when Endpoint Protection is installed. If you intend to use Managed Detection and Response without an Endpoint Protection subscription, or if you have custom policies set that prevent automatic installation of Managed Detection and Response with Endpoint Protection, you can install it using one of two methods depending on your operating system.

Note: A system extension is installed with Mac Agent version 9.6.4 or later. This system extension is required for securely isolating a device from the network. See Isolating and unisolating a device. If you silently install the Mac Agent using mobile device management (MDM), see this knowledge base article for configuration file requirements that prevent content filter and system extension dialog boxes from appearing to your customers. If you silently uninstall the Mac Agent, the system extension remains on the device.

Note: To use Detection and Response products on an M-Series Mac device, you must have Rosetta installed.

To deploy Managed Detection and Response using Endpoint Protection:

Note: Currently, enabling or disabling Managed Detection and Response using an Endpoint Protection policy is only available for Windows devices.

  1. In the navigation pane, go to Manage > Policies.

  2. From the Endpoint Protection tab, select the Policy associated with devices that you want to install the MDR agent on. This Policy can be edited (excluding System Policies) to install the MDR agent.

    Note: System Policies (excluding the Unmanaged Policy) will have Install EDR / MDR Agent set to On by default.

  3. Scroll down to Policy Settings. In the EDR / MDR section, select On beside Install EDR / MDR Agent.

  4. In the Policy Usage section, you can identify which systems will be affected.

  5. Click Save.

The next time Entities using this Policy check in with the console, Managed Detection and Response will be enabled.

You can also choose to disable Managed Detection and Response for devices within a Site by assigning a custom policy to those devices with the "Install EDR / MDR Agent" setting disabled. Managed Detection and Response will remain enabled on any devices that do not have a custom policy disabling Managed Detection and Response.

To deploy Managed Detection and Response without Endpoint Protection:

  1. In MSP view, select the desired Site.

  2. Go to the Endpoint Protection tab. Ensure Managed Detection and Response is enabled. For additional instructions, see Enabling Managed Detection and Response.

  3. Follow the instructions shown within the console to install the Managed Detection and Response agent.