Install Next-Generation Antivirus
Next-Generation Antivirus is available to Managed Threat Complete (MTC) Ultimate and Managed Detection and Response (MDR) customers who have purchased the Next-Generation Antivirus add-on.
Next-Generation Antivirus is an add-on to your Insight Agent that provides Endpoint Prevention technology. Review the requirements for the Next-Generation Antivirus add-on.
Deployment options
There are two deployment options available for Next-Generation Antivirus:
Once you have decided which deployment option you will use, follow the instructions to install Next-Generation Antivirus as an add-on for your Insight Agent.
Uninstall any existing Antivirus solutions (if necessary)
As noted in the Next-Generation Antivirus requirements, Next-Generation Antivirus must be able to assume its role as the active antivirus solution on your asset. If you are installing Next-Generation Antivirus, uninstall any Antivirus solution you may have already installed.
Option 1: Deploy using managed updates
If you have managed updates enabled for the organization you want to deploy Next-Generation Antivirus on, Rapid7 can deploy the add-on for you. To request that Rapid7 deploy Next-Generation Antivirus on your Insight Agent, create a support ticket for your Customer Advisor.
Option 2: Deploy using an installation package
If you have disabled managed updates for the organization you want to deploy Next-Generation Antivirus on, you must use the following instructions to deploy the add-on.
Deploy using an installation package
Task 1: Download Next-Generation Antivirus
You will need to download files for the Next-Generation Antivirus add-on specific to the operating system you are using. To attain the required files, create a support ticket for your Customer Advisor.
Task 2: Decide which installation option to use
There are two main Agent Installation options available that can be used interchangeably:
What is a Token?
A token is your organization’s unique identifier that links the installed Insight Agents to your organization. When installing using the token, the Insight Agent reaches out to the Insight Platform to download the certificate files necessary for successful installation. This installation option requires connectivity to the Insight Platform directly through a Rapid7 Endpoint or a Collector.
If you are installing the agent in an environment with stricter network requirements, we recommend using the Certificate Package.
Your token consists of two parts:
The region identifier - This portion identifies the region where your organization is located. For example,
us
is the region identifier for the United States, whileca
is the region identifier for Canada.The Universally Unique Identifier (UUID) - The UUID represents the token itself. The API request initiated by the installer sends this UUID to the Insight Platform in order to retrieve the JSON document that contains all the necessary dependencies noted previously.
A fully generated token appears in the following format:
<region_id>:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Note that the process of installation with a token, the Insight Agent installer will download the following dependencies onto your asset. All together, these dependencies are no more than 20KB in size:
client.key
client.crt
config.json
cafile.pem
If you intend to install the Insight Agent using your organization’s token:
- Your assets must be able to communicate with the Insight Platform in order for the installer to download its necessary dependencies.
- As long as you verify the network connectivity requirements noted previously, this communication channel will be available for use.
- If your assets are deployed in a network with strict URL filtering rules in place, you may need to allowlist the following token resource endpoint to ensure that the installer can pull its configuration files from the Insight Platform. Substitute
<REGION>
with the code that applies to your data region:https://<REGION>.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files
- To determine your region, view the Insight Platform home for one of the following regions:
Region | Description |
---|---|
us | United States - 1 |
us2 | United States - 2 |
us3 | United States - 3 |
eu | Europe |
ca | Canada |
au | Australia |
ap | Japan |
What is the Certificate Package?
Certificate installation terminology
Note that the certificate installation was previously referred to under Advanced within the Insight Agent installation options.
The Certificate Package contains your unique organization's configuration files, which are required for successful installation of the agent. These files are downloaded seamlessly when installing with a token, but are provided here for easy access in case some of the assets in your environment don't have direct connectivity the Insight Platform through a Rapid7 Endpoint or a Collector. We recommend installing the Insight Agent using the Certificate Package in environments with stricter network requirements.
Your Certificate Package ZIP file contains the following security files in addition to the installer executable:
client.key
client.crt
config.json
cafile.pem
Expired Certificates
If you use the certificate package installation option to install the Insight Agent, your certificates will expire after 5 years. Insight Agents that were previously installed with a valid certificate are not impacted and will continue to update their SSL certificates. New installations of the Insight Agent using an expired certificate will not be able to fully connect to the Insight Platform to run jobs in InsightVM, InsightIDR, or InsightOps.
Refresh your Certificates
If you host your certificate package on a network share, or if it is baked into a golden image for a virtual machine, redownload your certificate package within 5 years to ensure new installations of the Insight Agent run correctly.
Task 3: Install the Insight Agent with Next-Generation Antivirus
Once you have determined which option you would like to use in task 2, you’re ready to install the Insight Agent with the Next-Generation Antivirus add-on.
Next-Generation Antivirus Collector Issues for Mac and Linux
At the moment, Next-Generation Antivirus for Mac and Linux will not work if configured to use a Rapid7 Collector as a proxy. This will be fixed in an upcoming release.
Follow the instructions below for the operating system of your choice:
Deploy for Windows
Insight Agent version
Ransomware Prevention for Windows require an Insight Agent version of 4.0.0.0 or higher. For more information, read the Ransomware Prevention requirements.
Installation services and folders (Windows)
Next-Generation Antivirus is installed as a service on your assets named Rapid7 Endpoint Prevention
. Next-Generation Antivirus runs as two services on a 64-bit
OS and as a single service on a 32-bit
OS.
The Next-Generation Antivirus installation folder is located in C:\Program files\rapid7\Insight Agent\components\armor
. Refer to the Endpoint Prevention overview for more information on how Next-Generation Antivirus works.
Install using a Token (Windows)
- Locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
- Extract the contents of the ZIP file you downloaded in task 1 to a directory that you can access with the Windows command prompt (cmd). The extracted ZIP file will contain these files (this example is for the
64-bit
installer variety):
agentinstaller-x86_64.msi
rapid7_endpoint_prevention_installer.bat
armor (folder)
armor360 (folder)
- Open a command prompt as an Administrator and navigate to the extraction folder that contains these files. Run the following command, substituting the with your organization’s token you located in step 1.
1rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN={token}
Install using a Certificate Package (Windows)
- Obtain the ZIP file with the latest version of Next-Generation Antivirus.
- Download the latest Certificate Package from insight.rapid7.com > Data Collection Management > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate.
- Extract the contents of the ZIP file you downloaded in step 1 add the files included in the Certificate Package from step 2 to the same folder that you can easily access with the Windows command prompt (cmd). Once both ZIP files are extracted, the folder will contain these files:
client.key
client.crt
config.json
cafile.pem
agentinstaller-x86_64.msi
rapid7_endpoint_prevention_installer.bat
armor (folder)
armor360 (folder)
- Open a command prompt as an Administrator and navigate to the extraction folder that contains these files. Run the following command:
- If you extract the contents of the ZIP files to a different directory, you will need to run the following command when running the batch script, substituting
<PATH>
with the path to the certificate directory:CUSTOMCONFIGPATH=<PATH>
- If you extract the contents of the ZIP files to a different directory, you will need to run the following command when running the batch script, substituting
1rapid7_endpoint_prevention_installer.bat
Deploy for macOS
Installation services and folders (Mac)
Next-Generation Antivirus is installed as an add-on to the Insight Agent on your assets. The service name is system/com.rapid7.armor
.
The Next-Generation Antivirus installation folder for macOS is located in /opt/rapid7/ir_agent/components/armor_darwin
. Refer to the Endpoint Prevention overview for more information on how the Next-Generation Antivirus add-on works.
Permissions required
To run the commands listed for macOS, you will require sudo
permissions.
To install the Insight Agent with Next-Generation Antivirus:
- Download the files you attained in task 1 and download them to a directory that you can access with the Mac Terminal. The files you download will include the following:
rapid7-insight-agent-{version}-1.{architecture}.pkg
rapid7-armor-{version}-1.{architecture}.pkg
rapid7-armor360-{version}-1.{architecture}.pkg
- Open the Mac Terminal and navigate to the extraction folder that contains these files. Run the following commands, substituting
{version}
and{architecture}
:
1installer -verbose -pkg rapid7-insight-agent-{version}-1.{architecture}.pkg -target /2installer -verbose -pkg rapid7-armor-{version}-1.{architecture}.pkg -target /3installer -verbose -pkg rapid7-armor360-{version}-1.{architecture}.pkg -target /4launchctl bootout system /Library/LaunchDaemons/com.rapid7.ir_agent.plist
- In your Mac Settings, navigate to Privacy & Security > Full Disk Access. Toggle Full Disk Access On for
BDLDaemon
. Note that step 2 must be completed in order forBDLDaemon
to be visible in the list.
Configure the Insight Agent with Next-Generation Antivirus (Mac)
After installing the Insight Agent for Mac operating systems, you must run the configure_agent.sh
configuration script to connect the Insight Agent to the Insight Platform.
You can find this script in the following location of your Insight Agent installation directory ({version}
will correspond to the Insight Agent version you have just installed):
1/opt/rapid7/ir_agent/components/insight_agent/{version}/configure_agent.sh
The configuration script also supports several arguments you can specify to configure a variety of Insight Agent options. Run configure_agent.sh
help in your terminal to display an explanation of these arguments. These details are reproduced here for your convenience:
Available arguments for Mac configuration
1-a, --attributes=ATTRIBUTES: Custom attributes may be used to identify and group Insight Agents in ways that are meaningful to your organization. Use commas to specify multiple attributes. Example: --attributes=\"lab_system, managed, commercial\"23-c, --certificate_package_installation=PACKAGE_PATH: Supply a path to the configuration files if already downloaded or where they should be downloaded if using a token45-t, --token=TOKEN: Supply a token generated by the server in place of the config files67-p, --https-proxy=PROXY: Supply an HTTPS proxy for the Insight Agent to use when communicating with the Insight Platform. Example: --https-proxy=example.rapid7.com:3128, with credentials --https-proxy=<username>:<password>@example.rapid7.com:312889--disable-updates: Disable Platform managed updates for all Insight Agent sub-components (default: False)1011-s, --start: Start the Insight Agent service after configuration is complete1213-v: Prints all logs to stderr1415--no_connectivity_check: Continue configuring the Insight Agent when any connectivity checks fail1617--no_version_check: If a newer version of this script is found, proceed with configuration
Configure the Insight Agent using a Token (Mac)
Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
Use the following configuration command, substituting {token}
with your orgnization's token and {proxy-address}
with the IP address and port of your proxy. This example command also configures several attributes and starts the Insight Agent service:
1sudo -i23cd /opt/rapid7/ir_agent/components/insight_agent/{version}/
Run one of the following based on whether you have proxy and attributes:
- Without proxy and attributes:
./configure_agent.sh --token {token} -v --start
- With proxy and attributes:
1./configure_agent.sh --token {token} -v --https-proxy={proxy-address} --attributes2"attribute1,attribute2,attribute3,attribute4" --start
Configure the Insight Agent using a Certificate Package (Mac)
File location
Note that if you download the files you attain to a different directory, you will need to run the following command when running the batch script, substituting <PATH>
with the path to the certificate directory:
CUSTOMCONFIGPATH=<PATH>
Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate..
- Extract the contents of the ZIP file to retrieve the following files:
client.key
client.crt
config.json
cafile.pem
When configuring the installation of the Insight Agent for Mac, do not use the additional scripts that are included alongside these files, as they are not used in this procedure.
- Relocate these certificate files to the installation directory of your installer Insight Agent.
- Finally, run the configuration script:
- This example configuration script command targets the configuration files you just downloaded (substitute the
{path-to-cert-files}
with the local path where the files are stored), specifies a proxy address (substitute the{proxy-address}
portion with the IP address and port of your proxy), and configures several attributes. Finally, the script is instructed to start the Insight Agent service:
- This example configuration script command targets the configuration files you just downloaded (substitute the
1./configure_agent.sh --certificate_package_installation {path-to-cert-files} -v --https-proxy={proxy-address} --attributes "attribute1,attribute2,attribute3,attribute4" --start
Deploy for Linux
Prerequisite commands
Prior to installing the Next-Generation Antivirus add-on for Linux, ensure that the Tar command is installed on your Linux system, as it is required for extracting the installation files.
Run the following command depending on your Linux architecture:
DEB:sudo apt-get install tar
RPM:sudo yum install tar
Installation services and folders (Linux)
Next-Generation Antivirus is installed as a service on your assets, named Rapid7 Endpoint Prevention
.
The Next-Generation Antivirus installation folder is located in /opt/rapid7/ir_ agent/components/armor_linux
. Refer to the Endpoint Prevention overview for more information on how the Next-Generation Antivirus add-on works.
Permissions required
To run the commands listed for Linux, you will require sudo
permissions.
To install the Insight Agent with Next-Generation Antivirus:
- Download the files you attained in task 1 and download them to a directory that you can access with the Linux terminal. Depending on your architecture, the files you download will include the following:
DEB:
rapid7-insight-agent_{version}_{architecture}.deb
rapid7-armor_{version}_{architecture}.deb
rapid7-armor360_{version}_{architecture}.deb
RPM:
rapid7-insight-agent-{version}.{architecture}.rpm
rapid7-armor-{version}.{architecture}.rpm
rapid7-armor360-{version}.{architecture}.rpm
- Open a command prompt and navigate to the folder that contains these files.
- Run the following command using the system’s package manager, substituting
{version}
and{architecture}
, for example:
- For RPM:
sudo rpm -U rapid7-armor-linux-{version}_{architecture}.rpm rapid7-armor360-linux-{version}_{architecture}.rpm
- For DEB:
sudo dpkg -i rapid7-armor-linux_{version}_{architecture}.deb rapid7-armor360-linux_{version}_{architecture}.deb
Configure the Insight Agent with Next-Generation Antivirus (Linux)
You must run the configure_agent.sh
configuration script to connect the Insight Agent to the Insight Platform.
You can find this script in the following location of your Insight Agent installation directory ({version}
will correspond to the Insight Agent version you have just installed):
1/opt/rapid7/ir_agent/components/insight_agent/{version}/configure_agent.sh
The configuration script supports several arguments you can specify to configure a variety of Insight Agent options. Run configure_agent.sh
help in your terminal to display an explanation of these arguments. These details are reproduced here for your convenience:
Available arguments for Linux configuration
1-a, --attributes=ATTRIBUTES: Custom attributes may be used to identify and group Insight Agents in ways that are meaningful to your organization. Use commas to specify multiple attributes. Example: --attributes=\"lab_system, managed, commercial\"2-c, --certificate_package_installation=PACKAGE_PATH: Supply a path to the configuration files if already downloaded or where they should be downloaded if using a token3-t, --token=TOKEN: Supply a token generated by the server in place of the config files4-p, --https-proxy=PROXY: Supply an HTTPS proxy for the Insight Agent to use when communicating with the Insight Platform. Example: --https-proxy=example.rapid7.com:3128, with credentials --https-proxy=<username>:<password>@example.rapid7.com:31285--disable-updates: Disable Insight Platform managed updates for all Insight Agent sub-components (default: False)6-s, --start: Start the Insight Agent service after configuration is complete7-v: Prints all logs to stderr8--no_connectivity_check: Continue configuring the Insight Agent when any connectivity checks fail9--no_version_check: If a newer version of this script is found, proceed with configuration
Configure using a Token (Linux)
Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
Use the following configuration command, substituting {token}
with your orgnization's token and {proxy-address}
with the IP address and port of your proxy. This example command also configures several attributes and starts the Insight Agent service:
1sudo -i23cd /opt/rapid7/ir_agent/components/insight_agent/{version}/
Run one of the following based on whether you have proxy and attributes:
- Without proxy and attributes:
./configure_agent.sh --token {token} -v --start
- With proxy and attributes:
1./configure_agent.sh --token {token} -v --https-proxy={proxy-address} --attributes2"attribute1,attribute2,attribute3,attribute4" --start
Configure using a Certificate Package (Linux)
File location
Note that if you download the files you attained to a different directory, you will need to run the following command when running the batch script, substituting <PATH>
with the path to the certificate directory:
CUSTOMCONFIGPATH=<PATH>
Note for this configuration option you will need to locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate..
- Extract the contents of the ZIP file to retrieve the following files:
client.key
client.crt
config.json
cafile.pem
When configuring the installation of the Insight Agent for Mac, do not use the additional scripts that are included alongside these files, as they are not used in this procedure.
- Relocate these certificate files to the installation directory of your installer Insight Agent.
- Finally, run the configuration script:
- This example configuration script command targets the configuration files you just downloaded (substitute the
{path-to-cert-files}
with the local path where the files are stored), specifies a proxy address (substitute the{proxy-address}
portion with the IP address and port of your proxy), and configures several attributes. Finally, the script is instructed to start the Insight Agent service:
- This example configuration script command targets the configuration files you just downloaded (substitute the
1./configure_agent.sh --certificate_package_installation {path-to-cert-files} -v --https-proxy={proxy-address} --attributes "attribute1,attribute2,attribute3,attribute4" --start
Next-Generation Antivirus on a different Prevention Group than the DEFAULT group
If you want to associate this Insight Agent with an existing Prevention Group other than the DEFAULT
group, you can do so by providing an additional option. As long as the group name you provide matches an existing prevention group, the Insight Agent will automatically become a member of that group once installed. If no group matches the name you provide here, the Insight Agent will become a member of the DEFAULT
group according to its standard behavior.
Desired group option for Windows
For a Token installation:
rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN={token} DESIRED_GROUP=MyGroupName
For a Certificate Package installation:
rapid7_endpoint_prevention_installer.bat DESIRED_GROUP=MyGroupName
Desired group option for Mac
For a token configuration:
./configure_agent.sh -t=us:{token} --desired-group=MyGroupName --start
For a certificate package configuration:
./configure_agent.sh --desired-group=MyGroupName --start
Desired group option for Linux
For a token configuration:
./configure_agent.sh -t=us:{token} --desired-group=MyGroupName --start
For a certificate package configuration:
./configure_agent.sh --desired-group=MyGroupName --start
Verify Next-Generation Antivirus is deployed
Go to Data Collection > Agents to view the Endpoint Prevention tab. To verify if Next-Generation Antivirus has been deployed successfully, you must check if assets added to either the DEFAULT
Prevention Group or a custom Prevention Group are visible here.
Update Next-Generation Antivirus
If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus. If you need to manually update Next-Generation Antivirus, follow the instructions for your operating system of choice:
Update Next-Generation Antivirus for Windows
If you need to manually update Next-Generation Antivirus for Windows, you must include either the one-time passcode or fixed password as the final parameter of the command you run, in case password protection is on. Follow the instructions below, updating the service using either the Token or Certificate Package instructions based on which one you installed the Next-Generation Antivirus add-on with in task 2.
Update Next-Generation Antivirus for Windows (Token installation)
- Obtain the ZIP file with the latest version of Next-Generation Antivirus.
- Locate (or generate, if necessary) your organization's token by navigating to insight.rapid7.com > Data Collection > Agents > Agent Installer > Token Management.
- Extract the contents of the ZIP file to a directory that you can easily access with Windows command prompt (
cmd
). - Open Windows command prompt (
cmd
) as an Administrator and navigate to the extracted folder, which contains therapid7_endpoint_prevention_installer.bat
file. - Run this command, replacing the
<token>
and the<passcode or password>
parameters with the installer token and either the one-time passcode or a fixed password:rapid7_endpoint_prevention_installer.bat CUSTOMTOKEN=<token> stop_service_password= <passcode or password>
Update Next-Generation Antivirus for Windows (Certificate Package installation)
Obtain the ZIP file with the latest version of Next-Generation Antivirus.
Download the latest Certificate Package from insight.rapid7.com > Data Collection Management > Agent Installer > Install the Insight Agent using the Certificate Package > Download Certificate.
Extract the contents of the ZIP file you downloaded in step 1 add the files included in the Certificate Package from step 2 to the same folder that you can easily access with the Windows command prompt (
cmd
). Once both ZIP files are extracted, the folder will contain these files:client.key
client.crt
config.json
cafile.pem
agentinstaller-x86_64.msi
rapid7_endpoint_prevention_installer.bat
armor (folder)
armor360 (folder)
Open a command prompt as an Administrator and navigate to the extracted folder, which contains the
rapid7_endpoint_prevention_installer.bat
file. Run this command, replacing the<passcode or password>
parameter with either the one-time passcode or a fixed password:rapid7_endpoint_prevention_installer.bat stop_service_password= <passcode or password>
- If you extract the contents of the ZIP file to a different directory than the default one, you will need to run the following command when running the batch script, substituting
<PATH>
with the path to the certificate directory:CUSTOMCONFIGPATH=<PATH>
- If you extract the contents of the ZIP file to a different directory than the default one, you will need to run the following command when running the batch script, substituting
Update Next-Generation Antivirus for macOS
If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus.
To manually update the service:
- In the Mac Terminal, run the following commands, substituting
{version}
and{architecture}
:
1installer -verbose -pkg rapid7-armor-{version}-1.{architecture}.pkg -target /2installer -verbose -pkg rapid7-armor360-{version}-1.{architecture}.pkg -target /3launchctl bootout system /Library/LaunchDaemons/com.rapid7.ir_agent.plist4launchctl load -w /Library/LaunchDaemons/com.rapid7.armor.plist
Update Next-Generation Antivirus for Linux
If you have enabled managed agent updates, you don't need to perform any manual tasks to update Next-Generation Antivirus.
To manually update the service:
- Obtain the latest version of Next-Generation Antivirus, ensuring the files are in a directory that you can easily access with a command prompt.
- Open a command prompt as an Administrator and navigate to the folder, which contains the install files.
- Use the system’s package manager to update Armor, for example:
- For RPM:
sudo rpm -U rapid7-armor-linux-{version}_{architecture}.rpm
- For DEB:
sudo apt install ./rapid7-armor-linux_{version}_{architecture}.deb
- For RPM:
- Use the system’s package manager to update Armor360, for example:
- For RPM:
sudo rpm -U rapid7-armor360-linux-{version}_{architecture}.rpm
- For DEB:
sudo apt install ./rapid7-armor360-linux_{version}_{architecture}.deb
- For RPM:
- Run the following command to restart the Insight Agent:
systemctl restart ir_agent
Stop and restart Next-Generation Antivirus
If you need to troubleshoot a problem, you can stop Next-Generation Antivirus on an asset, even if the asset's offline or has been disconnected.
Stop and restart Next-Generation Antivirus for Windows
With password protection turned on, you will need to either get the one-time passcode or know the fixed password, if one is configured. The fixed password might be the organization-wide fixed password or one that is specific to the prevention group that the asset belongs to.
To stop Next-Generation Antivirus (Windows):
- Log into the asset on which you want to stop the Next-Generation Antivirus add-on.
- Open a command prompt as an Administrator and run this command, replacing
<passcode or password>
with either the one-time passcode you obtained from the Security Settings page or a fixed password that you configured:
C:\Program files\rapid7\Insight Agent\components\armor\common\armor\MVarmorService32.exe --stop_service <passcode or password>
Note: The service can take several minutes to stop.
To restart Next-Generation Antivirus (Windows):
- In your Start menu, select Run > services.msc.
- Depending on your asset, start either the
Rapid7 Endpoint Prevention 64bit
service or theRapid7 Endpoint Prevention 32bit
service.
Stop and restart Next-Generation Antivirus for macOS
To stop Next-Generation Antivirus (Mac):
launchctl bootout system /Library/LaunchDaemons/com.rapid7.armor.plist
To restart Next-Generation Antivirus (Mac):
launchctl bootstrap system /Library/LaunchDaemons/com.rapid7.armor.plist
Stop and restart Next-Generation Antivirus for Linux
To stop Next-Generation Antivirus (Linux):
sudo systemctl stop armor
To restart Next-Generation Antivirus (Linux):
sudo systemctl restart armor
Uninstall the Next-Generation Antivirus add-on while leaving the Insight Agent intact
If you want to uninstall the Next-Generation Antivirus add-on while leaving the rest of the Insight Agent intact for use with other Rapid7 products or services, follow the instructions for your preferred operating system:
Uninstall Next-Generation Antivirus for Windows
The procedure for uninstalling Next-Generation Antivirus for Windows can vary depending on the type of your machine and if password protection is turned on:
To uninstall Next-Generation Antivirus for Windows with password protection:
- Create a support ticket for your Customer Advisor to acquire the
rapid7_ngav_uninstaller.bat
file.- This file does not need to be installed in the same directory as the installer file was previously downloaded to.
- In the command prompt, navigate to the directory where your Next-Generation Antivirus installer is located.
- Run the following command:
rapid7_ngav_uninstaller.bat STOP_SERVICE_PASSWORD=<password>
- Uninstall Armor:
- For 32-bit machines:
msiexec /x MVArmorInstallation_x86.msi /qn stop_service=<password>
- For 64-bit machines:
msiexec /x MVArmorInstallation_x64.msi /qn stop_service=<password>
- For 32-bit machines:
To uninstall Next-Generation Antivirus for Windows without password protection:
- Create a support ticket for your Customer Advisor to acquire the
rapid7_ngav_uninstaller.bat
file.- This file does not need to be installed in the same directory as the installer file was previously downloaded to.
- In the command prompt, navigate to the directory where your Next-Generation Antivirus installer is located.
- Run the following command:
rapid7_ngav_uninstaller.bat
- Uninstall Armor:
- For 32-bit machines:
msiexec /x MVArmorInstallation_x86.msi /qn
- For 64-bit machines:
msiexec /x MVArmorInstallation_x64.msi /qn
- For 32-bit machines:
Uninstall Next-Generation Antivirus for macOS
Uninstall Armor360:
/opt/rapid7/ir_agent/components/armor360_darwin/{version}/uninstall.sh
Uninstall Rapid7 Endpoint Prevention (Next-Generation Antivirus):
/Library/Rapid7EndpointPrevention/AVP/product/bin/UninstallTool
Uninstall Armor:
/opt/rapid7/ir_agent/components/armor_darwin/{version}/uninstall.sh
Uninstall Next-Generation Antivirus for Linux
Depending on your architecture, run the following command:
DEB:dpkg -r rapid7-armor360 rapid7endpointprevention rapid7-armor
RPM:rpm -e rapid7-armor360 rapid7endpointprevention rapid7-armor
Uninstall an existing Insight Agent entirely
If you want to uninstall the Insight Agent entirely, note that you'll need to uninstall the Next-Generation Antivirus add-on first, then uninstall the rest of the Insight Agent. The Insight Agent will not allow itself to be uninstalled if any Endpoint Prevention add-on is still present.
Uninstall an existing Insight Agent entirely for Windows
You can uninstall the Insight Agent using the Add or remove programs tool in Windows:
- In your Start menu, select Control Panel.
- Under Programs, click Uninstall a program.
- Browse to
Rapid7 Insight Agent
and select it, then click Uninstall.
Uninstall an existing Insight Agent entirely for macOS
If you need to uninstall a .pkg
version of the Insight Agent, you can do so with these APT commands:
1sudo /opt/rapid7/ir_agent/components/insight_agent/{version}/uninstall.sh
Uninstall an existing Insight Agent entirely for Linux
Depending on your architecture, use the following command:
Uninstall a .rpm version of the Insight Agent
Use the system's package manager to uninstall the Insight Agent, for example:
- For RPM:
rpm -e rapid7-insight-agent
- For DNF:
dnf remove rapid7-insight-agent
Uninstall a .deb version of the Insight Agent
Use the system's package manager to uninstall the Insight Agent, for example:
- For DEB:
sudo apt-get remove rapid7-insight-agent
Next Steps
Once you have sucessfully installed the Next-Generation Antivirus add-on, view the configuration instructions to customise the add-on for your organization's needs.