Install Next-Generation Antivirus

Next-Generation Antivirus is available to Managed Threat Complete (MTC) Ultimate and Managed Detection and Response (MDR) customers who have purchased the Next-Generation Antivirus add-on.

Next-Generation Antivirus is an add-on to your Insight Agent that provides Endpoint Prevention technology. Review the requirements for the Next-Generation Antivirus add-on.

Deployment options

There are two deployment options available for Next-Generation Antivirus:

Once you have decided which deployment option you will use, follow the instructions to install Next-Generation Antivirus as an add-on for your Insight Agent.

Uninstall any existing Antivirus solutions (if necessary)

As noted in the Next-Generation Antivirus requirements, Next-Generation Antivirus must be able to assume its role as the active antivirus solution on your asset. If you are installing Next-Generation Antivirus, uninstall any Antivirus solution you may have already installed.

Option 1: Deploy using managed updates

If you have managed updates enabled for the organization you want to deploy Next-Generation Antivirus on, Rapid7 can deploy the add-on for you. To request that Rapid7 deploy Next-Generation Antivirus on your Insight Agent, create a support ticket for your Customer Advisor.

Option 2: Deploy using an installation package

If you have disabled managed updates for the organization you want to deploy Next-Generation Antivirus on, you must use the following instructions to deploy the add-on.

Deploy using an installation package

Task 1: Download Next-Generation Antivirus

You will need to download files for the Next-Generation Antivirus add-on specific to the operating system you are using. To attain the required files, create a support ticket for your Customer Advisor.

Task 2: Decide which installation option to use

There are two main Agent Installation options available that can be used interchangeably:

What is a Token?

A token is your organization’s unique identifier that links the installed Insight Agents to your organization. When installing using the token, the Insight Agent reaches out to the Insight Platform to download the certificate files necessary for successful installation. This installation option requires connectivity to the Insight Platform directly through a Rapid7 Endpoint or a Collector.

If you are installing the agent in an environment with stricter network requirements, we recommend using the Certificate Package.

Your token consists of two parts:

  • The region identifier - This portion identifies the region where your organization is located. For example, us is the region identifier for the United States, while ca is the region identifier for Canada.

  • The Universally Unique Identifier (UUID) - The UUID represents the token itself. The API request initiated by the installer sends this UUID to the Insight Platform in order to retrieve the JSON document that contains all the necessary dependencies noted previously.

A fully generated token appears in the following format:

<region_id>:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Note that the process of installation with a token, the Insight Agent installer will download the following dependencies onto your asset. All together, these dependencies are no more than 20KB in size:

  • client.key
  • client.crt
  • config.json
  • cafile.pem

If you intend to install the Insight Agent using your organization’s token:

  • Your assets must be able to communicate with the Insight Platform in order for the installer to download its necessary dependencies.
  • If your assets are deployed in a network with strict URL filtering rules in place, you may need to allowlist the following token resource endpoint to ensure that the installer can pull its configuration files from the Insight Platform. Substitute <REGION> with the code that applies to your data region: https://<REGION>.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files
    • To determine your region, view the Insight Platform home for one of the following regions:
RegionDescription
usUnited States - 1
us2United States - 2
us3United States - 3
euEurope
caCanada
auAustralia
apJapan

What is the Certificate Package?

Certificate installation terminology

Note that the certificate installation was previously referred to under Advanced within the Insight Agent installation options.

The Certificate Package contains your unique organization's configuration files, which are required for successful installation of the agent. These files are downloaded seamlessly when installing with a token, but are provided here for easy access in case some of the assets in your environment don't have direct connectivity the Insight Platform through a Rapid7 Endpoint or a Collector. We recommend installing the Insight Agent using the Certificate Package in environments with stricter network requirements.

Your Certificate Package ZIP file contains the following security files in addition to the installer executable:

  • client.key
  • client.crt
  • config.json
  • cafile.pem

Expired Certificates

If you use the certificate package installation option to install the Insight Agent, your certificates will expire after 5 years. Insight Agents that were previously installed with a valid certificate are not impacted and will continue to update their SSL certificates. New installations of the Insight Agent using an expired certificate will not be able to fully connect to the Insight Platform to run jobs in InsightVM, InsightIDR, or InsightOps.

Refresh your Certificates

If you host your certificate package on a network share, or if it is baked into a golden image for a virtual machine, redownload your certificate package within 5 years to ensure new installations of the Insight Agent run correctly.

Task 3: Install the Insight Agent with Next-Generation Antivirus

Once you have determined which option you would like to use in task 2, you’re ready to install the Insight Agent with the Next-Generation Antivirus add-on.

Next-Generation Antivirus Collector Issues for Mac and Linux

At the moment, Next-Generation Antivirus for Mac and Linux will not work if configured to use a Rapid7 Collector as a proxy. This will be fixed in an upcoming release.

Follow the instructions below for the operating system of your choice:

Deploy for Windows

Insight Agent version

Ransomware Prevention for Windows require an Insight Agent version of 4.0.0.0 or higher. For more information, read the Ransomware Prevention requirements.

Installation services and folders (Windows)

Next-Generation Antivirus is installed as a service on your assets named Rapid7 Endpoint Prevention. Next-Generation Antivirus runs as two services on a 64-bit OS and as a single service on a 32-bit OS.

The Next-Generation Antivirus installation folder is located in C:\Program files\rapid7\Insight Agent\components\armor. Refer to the Endpoint Prevention overview for more information on how Next-Generation Antivirus works.

Install using a Token (Windows)
  1. Locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
  2. Extract the contents of the ZIP file you downloaded in task 1 to a directory that you can access with the Windows command prompt (cmd). The extracted ZIP file will contain these files (this example is for the 64-bit installer variety):
  • agentinstaller-x86_64.msi
  • rapid7_endpoint_prevention_installer.bat
  • armor (folder)
  • armor360 (folder)
  1. Open a command prompt as an Administrator and navigate to the extraction folder that contains these files. Run the following command, substituting the with your organization’s token you located in step 1.
 
1
rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN={token}
Install using a Certificate Package (Windows)
  1. Obtain the ZIP file with the latest version of Next-Generation Antivirus.
  2. Download the latest Certificate Package from insight.rapid7.com > Data Collection Management > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate.
  3. Extract the contents of the ZIP file you downloaded in step 1 add the files included in the Certificate Package from step 2 to the same folder that you can easily access with the Windows command prompt (cmd). Once both ZIP files are extracted, the folder will contain these files:
  • client.key
  • client.crt
  • config.json
  • cafile.pem
  • agentinstaller-x86_64.msi
  • rapid7_endpoint_prevention_installer.bat
  • armor (folder)
  • armor360 (folder)
  1. Open a command prompt as an Administrator and navigate to the extraction folder that contains these files. Run the following command:
    • If you extract the contents of the ZIP files to a different directory, you will need to run the following command when running the batch script, substituting <PATH> with the path to the certificate directory: CUSTOMCONFIGPATH=<PATH>
 
1
rapid7_endpoint_prevention_installer.bat
Deploy for macOS

Installation services and folders (Mac)

Next-Generation Antivirus is installed as an add-on to the Insight Agent on your assets. The service name is system/com.rapid7.armor.

The Next-Generation Antivirus installation folder for macOS is located in /opt/rapid7/ir_agent/components/armor_darwin. Refer to the Endpoint Prevention overview for more information on how the Next-Generation Antivirus add-on works.

Permissions required

To run the commands listed for macOS, you will require sudo permissions.

To install the Insight Agent with Next-Generation Antivirus:

  1. Download the files you attained in task 1 and download them to a directory that you can access with the Mac Terminal. The files you download will include the following:
  • rapid7-insight-agent-{version}-1.{architecture}.pkg
  • rapid7-armor-{version}-1.{architecture}.pkg
  • rapid7-armor360-{version}-1.{architecture}.pkg
  1. Open the Mac Terminal and navigate to the extraction folder that contains these files. Run the following commands, substituting {version} and {architecture}:
 
1
installer -verbose -pkg rapid7-insight-agent-{version}-1.{architecture}.pkg -target /
2
installer -verbose -pkg rapid7-armor-{version}-1.{architecture}.pkg -target /
3
installer -verbose -pkg rapid7-armor360-{version}-1.{architecture}.pkg -target /
4
launchctl bootout system /Library/LaunchDaemons/com.rapid7.ir_agent.plist
  1. In your Mac Settings, navigate to Privacy & Security > Full Disk Access. Toggle Full Disk Access On for BDLDaemon. Note that step 2 must be completed in order for BDLDaemon to be visible in the list.

Configure the Insight Agent with Next-Generation Antivirus (Mac)

After installing the Insight Agent for Mac operating systems, you must run the configure_agent.sh configuration script to connect the Insight Agent to the Insight Platform.

You can find this script in the following location of your Insight Agent installation directory ({version} will correspond to the Insight Agent version you have just installed):

 
1
/opt/rapid7/ir_agent/components/insight_agent/{version}/configure_agent.sh

The configuration script also supports several arguments you can specify to configure a variety of Insight Agent options. Run configure_agent.sh help in your terminal to display an explanation of these arguments. These details are reproduced here for your convenience:

Available arguments for Mac configuration
 
1
-a, --attributes=ATTRIBUTES: Custom attributes may be used to identify and group Insight Agents in ways that are meaningful to your organization. Use commas to specify multiple attributes.  Example: --attributes=\"lab_system, managed, commercial\"
2


3
-c, --certificate_package_installation=PACKAGE_PATH: Supply a path to the configuration files if already downloaded or where they should be downloaded if using a token
4


5
-t, --token=TOKEN: Supply a token generated by the server in place of the config files
6


7
-p, --https-proxy=PROXY: Supply an HTTPS proxy for the Insight Agent to use when communicating with the Insight Platform.  Example: --https-proxy=example.rapid7.com:3128, with credentials --https-proxy=<username>:<password>@example.rapid7.com:3128
8


9
--disable-updates:  Disable Platform managed updates for all Insight Agent sub-components (default: False)
10


11
-s, --start: Start the Insight Agent service after configuration is complete
12


13
-v: Prints all logs to stderr
14


15
--no_connectivity_check: Continue configuring the Insight Agent when any connectivity checks fail
16


17
--no_version_check: If a newer version of this script is found, proceed with configuration
Configure the Insight Agent using a Token (Mac)

Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.

Use the following configuration command, substituting {token} with your orgnization's token and {proxy-address} with the IP address and port of your proxy. This example command also configures several attributes and starts the Insight Agent service:

 
1
 sudo -i
2


3
cd /opt/rapid7/ir_agent/components/insight_agent/{version}/

Run one of the following based on whether you have proxy and attributes:

  • Without proxy and attributes: ./configure_agent.sh --token={token} -v --start
  • With proxy and attributes: 
     
    1
    ./configure_agent.sh --token {token} -v --https-proxy={proxy-address} --attributes
    2
    "attribute1,attribute2,attribute3,attribute4" --start
Configure the Insight Agent using a Certificate Package (Mac)

File location

Note that if you download the files you attain to a different directory, you will need to run the following command when running the batch script, substituting <PATH> with the path to the certificate directory: CUSTOMCONFIGPATH=<PATH>

Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate..

  1. Extract the contents of the ZIP file to retrieve the following files:
  • client.key
  • client.crt
  • config.json
  • cafile.pem

When configuring the installation of the Insight Agent for Mac, do not use the additional scripts that are included alongside these files, as they are not used in this procedure.

  1. Relocate these certificate files to the installation directory of your installer Insight Agent.
  2. Finally, run the configuration script:
    • This example configuration script command targets the configuration files you just downloaded (substitute the {path-to-cert-files} with the local path where the files are stored), specifies a proxy address (substitute the {proxy-address} portion with the IP address and port of your proxy), and configures several attributes. Finally, the script is instructed to start the Insight Agent service:
 
1
./configure_agent.sh --certificate_package_installation {path-to-cert-files} -v --https-proxy={proxy-address} --attributes "attribute1,attribute2,attribute3,attribute4" --start
Deploy for Linux

Prerequisite commands

Prior to installing the Next-Generation Antivirus add-on for Linux, ensure that the Tar command is installed on your Linux system, as it is required for extracting the installation files.

Run the following command depending on your Linux architecture:

DEB:sudo apt-get install tar

RPM:sudo yum install tar

`.sh` installer on your Insight Agent with Next-Generation Antivirus

If you have installed the Insight Agent with the deprecated .sh installer, the Next-Generation Antivirus add-on will not install. You must install your Insight Agent using .rpm or .deb architecture for the Next-Generation Antivirus add-on to function as intended.

Installation services and folders (Linux)

Next-Generation Antivirus is installed as a service on your assets, named Rapid7 Endpoint Prevention.

The Next-Generation Antivirus installation folder is located in /opt/rapid7/ir_ agent/components/armor_linux. Refer to the Endpoint Prevention overview for more information on how the Next-Generation Antivirus add-on works.

Permissions required

To run the commands listed for Linux, you will require sudo permissions.

To install the Insight Agent with Next-Generation Antivirus:

  1. Download the files you attained in task 1 and download them to a directory that you can access with the Linux terminal. Depending on your architecture, the files you download will include the following:

DEB:

  • rapid7-insight-agent_{version}_{architecture}.deb
  • rapid7-armor_{version}_{architecture}.deb
  • rapid7-armor360_{version}_{architecture}.deb

RPM:

  • rapid7-insight-agent-{version}.{architecture}.rpm
  • rapid7-armor-{version}.{architecture}.rpm
  • rapid7-armor360-{version}.{architecture}.rpm
  1. Open a command prompt and navigate to the folder that contains these files.
  2. Run the following command using the system’s package manager, substituting {version} and {architecture}, for example:
  • For RPM: sudo rpm -U rapid7-armor-linux-{version}_{architecture}.rpm rapid7-armor360-linux-{version}_{architecture}.rpm
  • For DEB: sudo dpkg -i rapid7-armor-linux_{version}_{architecture}.deb rapid7-armor360-linux_{version}_{architecture}.deb

Configure the Insight Agent with Next-Generation Antivirus (Linux)

You must run the configure_agent.sh configuration script to connect the Insight Agent to the Insight Platform.

You can find this script in the following location of your Insight Agent installation directory ({version} will correspond to the Insight Agent version you have just installed):

 
1
/opt/rapid7/ir_agent/components/insight_agent/{version}/configure_agent.sh

The configuration script supports several arguments you can specify to configure a variety of Insight Agent options. Run configure_agent.sh help in your terminal to display an explanation of these arguments. These details are reproduced here for your convenience:

Available arguments for Linux configuration
 
1
-a, --attributes=ATTRIBUTES: Custom attributes may be used to identify and group Insight Agents in ways that are meaningful to your organization. Use commas to specify multiple attributes.  Example: --attributes=\"lab_system, managed, commercial\"
2
-c, --certificate_package_installation=PACKAGE_PATH: Supply a path to the configuration files if already downloaded or where they should be downloaded if using a token
3
-t, --token=TOKEN: Supply a token generated by the server in place of the config files
4
-p, --https-proxy=PROXY: Supply an HTTPS proxy for the Insight Agent to use when communicating with the Insight Platform.  Example: --https-proxy=example.rapid7.com:3128, with credentials --https-proxy=<username>:<password>@example.rapid7.com:3128
5
--disable-updates:  Disable Insight Platform managed updates for all Insight Agent sub-components (default: False)
6
-s, --start: Start the Insight Agent service after configuration is complete
7
-v: Prints all logs to stderr
8
--no_connectivity_check: Continue configuring the Insight Agent when any connectivity checks fail
9
--no_version_check: If a newer version of this script is found, proceed with configuration
Configure using a Token (Linux)

Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.

Use the following configuration command, substituting {token} with your orgnization's token and {proxy-address} with the IP address and port of your proxy. This example command also configures several attributes and starts the Insight Agent service:

 
1
 sudo -i
2


3
cd /opt/rapid7/ir_agent/components/insight_agent/{version}/

Run one of the following based on whether you have proxy and attributes:

  • Without proxy and attributes: ./configure_agent.sh --token={token} -v --start
  • With proxy and attributes: 
     
    1
    ./configure_agent.sh --token {token} -v --https-proxy={proxy-address} --attributes
    2
    "attribute1,attribute2,attribute3,attribute4" --start
Configure using a Certificate Package (Linux)

File location

Note that if you download the files you attained to a different directory, you will need to run the following command when running the batch script, substituting <PATH> with the path to the certificate directory: CUSTOMCONFIGPATH=<PATH>

Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate..

  1. Extract the contents of the ZIP file to retrieve the following files:
  • client.key
  • client.crt
  • config.json
  • cafile.pem

When configuring the installation of the Insight Agent for Mac, do not use the additional scripts that are included alongside these files, as they are not used in this procedure.

  1. Relocate these certificate files to the installation directory of your installer Insight Agent.
  2. Finally, run the configuration script:
    • This example configuration script command targets the configuration files you just downloaded (substitute the {path-to-cert-files} with the local path where the files are stored), specifies a proxy address (substitute the {proxy-address} portion with the IP address and port of your proxy), and configures several attributes. Finally, the script is instructed to start the Insight Agent service:
 
1
./configure_agent.sh --certificate_package_installation {path-to-cert-files} -v --https-proxy={proxy-address} --attributes "attribute1,attribute2,attribute3,attribute4" --start

Next-Generation Antivirus on a different Prevention Group than the DEFAULT group

If you want to associate this Insight Agent with an existing Prevention Group other than the DEFAULT group, you can do so by providing an additional option. As long as the group name you provide matches an existing prevention group, the Insight Agent will automatically become a member of that group once installed. If no group matches the name you provide here, the Insight Agent will become a member of the DEFAULT group according to its standard behavior.

Desired group option for Windows

For a Token installation:

rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN={token} DESIRED_GROUP=MyGroupName

For a Certificate Package installation:

rapid7_endpoint_prevention_installer.bat DESIRED_GROUP=MyGroupName

Desired group option for Mac

For a token configuration:

./configure_agent.sh -t=us:{token} --desired-group=MyGroupName --start

For a certificate package configuration:

./configure_agent.sh --desired-group=MyGroupName --start

Desired group option for Linux

For a token configuration:

./configure_agent.sh -t=us:{token} --desired-group=MyGroupName --start

For a certificate package configuration:

./configure_agent.sh --desired-group=MyGroupName --start

Verify Next-Generation Antivirus is deployed

Go to Data Collection > Agents to view the Endpoint Prevention tab. To verify if Next-Generation Antivirus has been deployed successfully, you must check if assets added to either the DEFAULT Prevention Group or a custom Prevention Group are visible here.

Update Next-Generation Antivirus

If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus. If you need to manually update Next-Generation Antivirus, follow the instructions for your operating system of choice:

Update Next-Generation Antivirus for Windows

If you need to manually update Next-Generation Antivirus for Windows, you must include either the one-time passcode or fixed password as the final parameter of the command you run, in case password protection is on. Follow the instructions below, updating the service using either the Token or Certificate Package instructions based on which one you installed the Next-Generation Antivirus add-on with in task 2.

Update Next-Generation Antivirus for Windows (Token installation)
  1. Obtain the ZIP file with the latest version of Next-Generation Antivirus.
  2. Locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
  3. Extract the contents of the ZIP file to a directory that you can easily access with Windows command prompt (cmd).
  4. Open Windows command prompt (cmd) as an Administrator and navigate to the extracted folder, which contains the rapid7_endpoint_prevention_installer.bat file.
  5. Run this command, replacing the <token> and the <passcode or password> parameters with the installer token and either the one-time passcode or a fixed password: rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN=<token> stop_service_password= <passcode or password>
Update Next-Generation Antivirus for Windows (Certificate Package installation)

  1. Obtain the ZIP file with the latest version of Next-Generation Antivirus.

  2. Download the latest Certificate Package from insight.rapid7.com > Data Collection Management > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate.

  3. Extract the contents of the ZIP file you downloaded in step 1 add the files included in the Certificate Package from step 2 to the same folder that you can easily access with the Windows command prompt (cmd). Once both ZIP files are extracted, the folder will contain these files:

    • client.key
    • client.crt
    • config.json
    • cafile.pem
    • agentinstaller-x86_64.msi
    • rapid7_endpoint_prevention_installer.bat
    • armor (folder)
    • armor360 (folder)

  4. Open a command prompt as an Administrator and navigate to the extracted folder, which contains the rapid7_endpoint_prevention_installer.bat file. Run this command, replacing the <passcode or password> parameter with either the one-time passcode or a fixed password: rapid7_endpoint_prevention_installer.bat stop_service_password= <passcode or password>

    • If you extract the contents of the ZIP file to a different directory than the default one, you will need to run the following command when running the batch script, substituting <PATH> with the path to the certificate directory: CUSTOMCONFIGPATH=<PATH>
Update Next-Generation Antivirus for macOS

If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus.

To manually update the service:

  1. In the Mac Terminal, run the following commands, substituting {version} and {architecture}:
 
1
installer -verbose -pkg rapid7-armor-{version}-1.{architecture}.pkg -target /
2
installer -verbose -pkg rapid7-armor360-{version}-1.{architecture}.pkg -target /
3
launchctl bootout system /Library/LaunchDaemons/com.rapid7.ir_agent.plist
4
launchctl load -w /Library/LaunchDaemons/com.rapid7.armor.plist
Update Next-Generation Antivirus for Linux

If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus.

To manually update the service:

  1. Obtain the latest version of Next-Generation Antivirus, ensuring the files are in a directory that you can easily access with a command prompt.
  2. Open a command prompt as an Administrator and navigate to the folder, which contains the install files.
  3. Use the system’s package manager to update Armor, for example:
    • For RPM: sudo rpm -U rapid7-armor-linux-{version}_{architecture}.rpm
    • For DEB: sudo apt install ./rapid7-armor-linux_{version}_{architecture}.deb
  4. Use the system’s package manager to update Armor360, for example:
    • For RPM: sudo rpm -U rapid7-armor360-linux-{version}_{architecture}.rpm
    • For DEB: sudo apt install ./rapid7-armor360-linux_{version}_{architecture}.deb
  5. Run the following command to restart the Insight Agent: systemctl restart ir_agent

Stop and restart Next-Generation Antivirus

If you need to troubleshoot a problem, you can stop Next-Generation Antivirus on an asset, even if the asset's offline or has been disconnected.

Stop and restart Next-Generation Antivirus for Windows

With password protection turned on, you will need to either get the one-time passcode or know the fixed password, if one is configured. The fixed password might be the organization-wide fixed password or one that is specific to the prevention group that the asset belongs to.

To stop Next-Generation Antivirus (Windows):

  1. Log into the asset on which you want to stop the Next-Generation Antivirus add-on.
  2. Open a command prompt as an Administrator and run this command, replacing <passcode or password> with either the one-time passcode you obtained from the Security Settings page or a fixed password that you configured:

C:\Program files\rapid7\Insight Agent\components\armor\common\armor\MVarmorService32.exe --stop_service <passcode or password>

Note: The service can take several minutes to stop.

To restart Next-Generation Antivirus (Windows):

  1. In your Start menu, select Run > services.msc.
  2. Depending on your asset, start either the Rapid7 Endpoint Prevention 64bit service or the Rapid7 Endpoint Prevention 32bit service.
Stop and restart Next-Generation Antivirus for macOS

To stop Next-Generation Antivirus (Mac):

launchctl bootout system /Library/LaunchDaemons/com.rapid7.armor.plist

To restart Next-Generation Antivirus (Mac):

launchctl bootstrap system /Library/LaunchDaemons/com.rapid7.armor.plist

Stop and restart Next-Generation Antivirus for Linux

To stop Next-Generation Antivirus (Linux):

sudo systemctl stop armor

To restart Next-Generation Antivirus (Linux):

sudo systemctl restart armor

Uninstall the Next-Generation Antivirus add-on while leaving the Insight Agent intact

If you want to uninstall the Next-Generation Antivirus add-on while leaving the rest of the Insight Agent intact for use with other Rapid7 products or services, follow the instructions for your preferred operating system:

Uninstall Next-Generation Antivirus for Windows

The procedure for uninstalling Next-Generation Antivirus for Windows can vary depending on the type of your machine and if password protection is turned on:

To uninstall Next-Generation Antivirus for Windows with password protection:

  1. Create a support ticket for your Customer Advisor to acquire the rapid7_ngav_uninstaller.bat file.
    • This file does not need to be installed in the same directory as the installer file was previously downloaded to.
  2. In the command prompt, navigate to the directory where your Next-Generation Antivirus installer is located.
  3. Run the following command: rapid7_ngav_uninstaller.bat STOP_SERVICE_PASSWORD=<password>
  4. Uninstall Armor:
    1. For 32-bit machines: msiexec /x MVArmorInstallation_x86.msi /qn stop_service=<password>
    2. For 64-bit machines: msiexec /x MVArmorInstallation_x64.msi /qn stop_service=<password>

To uninstall Next-Generation Antivirus for Windows without password protection:

  1. Create a support ticket for your Customer Advisor to acquire the rapid7_ngav_uninstaller.bat file.
    • This file does not need to be installed in the same directory as the installer file was previously downloaded to.
  2. In the command prompt, navigate to the directory where your Next-Generation Antivirus installer is located.
  3. Run the following command: rapid7_ngav_uninstaller.bat
  4. Uninstall Armor:
    1. For 32-bit machines: msiexec /x MVArmorInstallation_x86.msi /qn
    2. For 64-bit machines: msiexec /x MVArmorInstallation_x64.msi /qn
Uninstall Next-Generation Antivirus for macOS

Uninstall Armor360:

/opt/rapid7/ir_agent/components/armor360_darwin/{version}/uninstall.sh

Uninstall Rapid7 Endpoint Prevention (Next-Generation Antivirus):

/Library/Rapid7EndpointPrevention/AVP/product/bin/UninstallTool

Uninstall Armor:

/opt/rapid7/ir_agent/components/armor_darwin/{version}/uninstall.sh

Uninstall Next-Generation Antivirus for Linux

Depending on your architecture, run the following command:

DEB:dpkg -r rapid7-armor360 rapid7endpointprevention rapid7-armor

RPM:rpm -e rapid7-armor360 rapid7endpointprevention rapid7-armor

Uninstall an existing Insight Agent entirely

If you want to uninstall the Insight Agent entirely, note that you'll need to uninstall the Next-Generation Antivirus add-on first, then uninstall the rest of the Insight Agent. The Insight Agent will not allow itself to be uninstalled if any Endpoint Prevention add-on is still present.

Uninstall an existing Insight Agent entirely for Windows

You can uninstall the Insight Agent using the Add or remove programs tool in Windows:

  1. In your Start menu, select Control Panel.
  2. Under Programs, click Uninstall a program.
  3. Browse to Rapid7 Insight Agent and select it, then click Uninstall.
Uninstall an existing Insight Agent entirely for macOS

If you need to uninstall a .pkg version of the Insight Agent, you can do so with these APT commands:

 
1
sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh
Uninstall an existing Insight Agent entirely for Linux

Depending on your architecture, use the following command:

Uninstall a .rpm version of the Insight Agent

Use the system's package manager to uninstall the Insight Agent, for example:

  • For RPM: rpm -e rapid7-insight-agent
  • For DNF: dnf remove rapid7-insight-agent
Uninstall a .deb version of the Insight Agent

Use the system's package manager to uninstall the Insight Agent, for example:

  • For DEB: sudo apt-get remove rapid7-insight-agent

Next Steps

Once you have sucessfully installed the Next-Generation Antivirus add-on, view the configuration instructions to customise the add-on for your organization's needs.