Install Enhanced Endpoint Detections
Copy link

ℹ️

Enhanced Endpoint Detections is included with any Managed Threat Complete (MTC) or Managed Detection and Response (MDR) packages.

Enhanced Endpoint Detections is installed as an add-on to the Rapid7 Agent (Insight Agent). If you have managed updates enabled, Rapid7 automatically deploys the add-on for you. If managed updates are disabled, you can follow the instruction in this article to manually install Enhanced Endpoint Detections.

⚠️

Manual installation of Enhanced Endpoint Detections

To install Enhanced Endpoint Detections, you will need to open a Command Prompt as an Administrator to run the installation files. There is no GUI for this installation. If you have any questions, create a support ticket  for your Cybersecurity Advisor.

Requirements
Copy link

Ensure your system meets the following requirements:

  • Operating System: Windows
  • Rapid7 Agent (Insight Agent): version 4.0 or higher
⚠️

Confirm Rapid7 Agent installation before continuing

Before installing Enhanced Endpoint Detections, confirm that the target asset already has the Rapid7 Agent (Insight Agent) version 4.0 or higher. This add-on can only be installed on top of that agent.

Deploy Enhanced Endpoint Detections
Copy link

Enhanced Endpoint Detections is installed on your assets as a service named Rapid7 Endpoint Service. Enhanced Endpoint Detections runs as two services on a 64-bit OS.

Task 1: Download the installer
Copy link

  1. In the Command Platform, go to Data Connectors > Agents.
  2. Select the Installers tab, then click the Add-Ons tab.
  3. In the Available Installers section, expand Enhanced Endpoint Detections.
  4. Download the installer that matches your operating system.
  • The installer file is named MVArmorInstallation.msi
  • The installation folder is located at C:\Program Files\Rapid7\Insight Agent\components\armor

Do not rename the installation files

Renaming the installation files will cause issues with remote uninstallation.

Task 2: Install Enhanced Endpoint Detections
Copy link

  1. Open a Command Prompt as an Administrator and navigate to the extracted folder, which contains the MVArmorInstallation.msi file.
  2. Run the following command. Optionally, you can add this asset directly to an existing group during this installation by including the DESIRED_GROUP=<groupname> parameter in the command:
msiexec /i MVArmorInstallation.msi /qn /L*V ArmorInstallation.log

Task 3: Verify the deployment
Copy link

If Enhanced Endpoint Detections has been deployed successfully, you’ll be able to view any assets that were added to either the DEFAULT group or a custom group in the Endpoint Detections tab.

  1. Go to Command Platform > Administration > Data Connectors > Agents.
  2. Click the Endpoint Detections tab.
  3. Confirm that assets added to either the DEFAULT group or a custom group are displayed.

Installation complete

To learn how to use this add-on, read Manage Enhanced Endpoint Detections .

Manually update the add-on
Copy link

Only complete this step if managed agent updates are turned off for your organization. When managed updates are enabled, Rapid7 automatically updates Enhanced Endpoint Detections for you.

  1. Obtain the latest version of Enhanced Endpoint Detections, ensuring the file is in a directory that you can easily access with a Command Prompt.
  2. Open a Command Prompt as an Administrator and navigate to the extracted folder, which contains the MVArmorInstallation.msi file.
  3. Run this command:

msiexec /i MVArmorInstallation.msi /qn /L*V ArmorInstallation.log

Stop and restart Enhanced Endpoint Detections
Copy link

If you need to troubleshoot a problem, you can stop Enhanced Endpoint Detections on an asset, even if the asset is offline or disconnected.

Stop the add-on
Copy link

  1. Log into the asset on which you want to stop the Enhanced Endpoint Detections add-on.
  2. Open a Command Prompt as an Administrator and run one of this command:

C:\Program files\Rapid7\Insight Agent\components\armor\common\armor\MVarmorService32.exe --stop_service

Note: The service can take several minutes to stop.

Restart the add-on
Copy link

  1. In your Start menu, select Run > services.msc.
  2. Start the Rapid7 Endpoint Service 64bit.

Uninstall Enhanced Endpoint Detections while leaving the agent intact
Copy link

  1. Open a Command Prompt as an Administrator and navigate to the directory where your Enhanced Endpoint Detections add-on is located.
  2. Run this command: msiexec /x MVArmorInstallation.msi /qn
  3. If you want to generate a log file when the uninstallation finishes, substitute the {log-path} portion with the path where you want the log file to be placed:
msiexec /x MVArmorInstallation.msi /qn /L*V {log-path}

Uninstall an existing Rapid7 Agent (Insight Agent) entirely
Copy link

If you want to uninstall the Rapid7 Agent (Insight Agent) entirely, note that you’ll need to uninstall the Enhanced Endpoint Detections add-on first, then uninstall the rest of the Rapid7 Agent (Insight Agent). The Rapid7 Agent (Insight Agent) will not allow itself to be uninstalled if the Ehanced Endpoint Detections add-on is still present.

You can uninstall the Rapid7 Agent (Insight Agent) using the Add or remove programs tool in Windows:

  1. In your Start menu, select Control Panel.
  2. Under Programs, click Uninstall a program.
  3. Browse to Rapid7 Rapid7 Agent (Insight Agent) and select it, then click Uninstall.