Help Center > > User Guide> Enabling HSS> Step 2: Install an Agent> Installing an Agent on the Windows OS

Installing an Agent on the Windows OS

Updated at: Sep 02, 2021 GMT+08:00

You can enable HSS only after an HSS agent is installed on the servers. This topic describes how to install the agent on a server running a Windows OS. For details about how to install an agent on the Linux OS, see Installing an Agent on the Linux OS.

WTP and HSS can use the same agent on a server.

Prerequisites

  • An EIP has been bound to the offline server where the agent is to be installed.
  • The online server where the agent is to be installed must be able to communicate with the network segment. The security group of your server must allow outbound access to ports 442 and 443 on the 100.125.0.0/16 network segment.
  • A remote management tool, such as pcAnywhere and UltraVNC, has been installed on your PC.

Constraints

  • HUAWEI CLOUD server

    Ensure you have purchased HSS in your server region and have used the installation package or installation command in the region to install HSS agents on your servers. If the server and HSS quota are in different regions, unsubscribe from the quota and purchase a quota in the region where the server is deployed.

  • Non-HUAWEI CLOUD server
    • So far, HSS can be installed on non-HUAWEI CLOUD servers only in the CN-Hong Kong region.
    • To make non-HUAWEI CLOUD servers access HUAWEI CLOUD HSS, bind the servers to EIPs After the agent is installed on a server, the server will be displayed on the console. You can find it by searching for its IP address.
      • For better compatibility and service experience, you are advised to use HUAWEI CLOUD servers.
      • If a piece of third-party security software, such as McAfee, has been installed on your server, stop the software and clear its configuration before installing an HSS agent to avoid installation failures.

Impact on the System

The HSS agent does not affect server running. The agent runs scan tasks to scan all servers, monitors server security, and reports collected server information to the cloud protection center. Servers without the agent cannot be protected by HSS. The console does not display system vulnerabilities, baseline risks, intrusion events, or security reports on these servers.

Default Installation Path

The agent installation path on servers running the Windows OS cannot be customized. The default path is:

C:\Program Files (x86)\HostGuard

Procedure

There are two ways to install an agent. The procedure describes the second one in details.

  • Method 1: Copy the agent download link. Remotely log in to a server and open the link in Internet Explorer, and download and decompress the agent installation package. Run the agent installation program as an administrator.
  • Method 2: Download the agent installation package, upload it to a server, and run the installation command on the server to install the agent.
  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane on the left, choose Installation and Configuration. On the Install Agent tab, download the agent package.

    Figure 1 Installing a Windows agent

  4. Remotely log in to the server where the agent is to be installed.

    • HUAWEI CLOUD server
      • Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
      • If an EIP has been bound to the server, you can use Windows Remote Desktop Connection or a third-party remote management tool, such as pcAnywhere and UltraVNC, to log in to the server and install the agent on the server as an administrator.
    • Non-HUAWEI CLOUD server

      Log in to the server using Windows Remote Desktop Connection or a third-party remote management tool, such as pcAnywhere and UltraVNC, and install the agent on the server as an administrator.

  5. Upload the agent installation package to the server where the agent is to be installed.
  6. Run the agent installation program as an administrator.

    Select a host type on the Select host type page.
    • HUAWEI CLOUD server: Select Huawei Cloud Host.
      Figure 2 Selecting a host type (HUAWEI CLOUD server)
    • Non-HUAWEI CLOUD server: Select Other Cloud Host. Copy the value of Org ID from the agent installation page, as shown in Figure 4.
      Figure 3 Selecting a host type (non-HUAWEI CLOUD server)
      Figure 4 Obtaining an organization ID (for a non-Huawei cloud server)

  7. Check the HostGuard.exe and HostWatch.exe processes in the Windows Task Manager.

    If the processes do not exist, the agent installation fails. In this case, reinstall the agent.
    Figure 5 Checking the agent status

Follow-Up Procedure

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel