Installing an Agent on the Windows OS

You can enable HSS only after an HSS agent is installed on the servers. This topic describes how to install the agent on a server running a Windows OS. For details about how to install an agent on the Linux OS, see Installing an Agent on the Linux OS.

WTP and HSS can use the same agent on a server.

The agent status will be refreshed 5 to 10 minutes after it is installed. You are advised to restart the server before enabling HSS.

Prerequisites

An EIP has been bound to the offline server where the agent is to be installed.
The online server where the agent is to be installed must be able to communicate with the network segment. The security group of your server must allow outbound access to ports 442 and 443 on the 100.125.0.0/16 network segment.
A remote management tool, such as pcAnywhere and UltraVNC, has been installed on your PC.

Constraints

Huawei Cloud servers
Ensure you have purchased HSS in your server region and have used the installation package or installation command in the region to install HSS agents on your servers. If the server and HSS quota are in different regions, unsubscribe from the quota and purchase a quota in the region where the server is deployed.
Non-Huawei Cloud servers
- So far, HSS can be installed on non-HUAWEI CLOUD servers only in the CN-Hong Kong region.
- For non-Huawei Cloud servers to access HSS, the servers need to access Huawei Cloud first. After the agent is installed on a server, the server will be displayed on the console. You can find it by searching for its IP address.
  - For better compatibility and service experience, you are advised to use Huawei Cloud servers.
  - If a piece of third-party security software, such as McAfee, has been installed on your server, stop the software and clear its configuration before installing an HSS agent to avoid installation failures.

Impact on the System

The HSS agent does not affect server running. The agent runs scan tasks to scan all servers, monitors server security, and reports collected server information to the cloud protection center. Servers without the agent cannot be protected by HSS. The console does not display system vulnerabilities, baseline risks, intrusion events, or security reports on these servers.

Default Installation Path

The agent installation path on servers running the Windows OS cannot be customized. The default path is:

C:\Program Files (x86)\HostGuard

Procedure

There are two ways to install an agent. The procedure describes the second one in detail.

Method 1: Copy the agent download link. Remotely log in to a server and open the link in Internet Explorer, and download and decompress the agent installation package. Run the agent installation program as an administrator.
Method 2: Download the agent installation package, upload it to a server, and run the installation command on the server to install the agent.

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
In the navigation pane on the left, choose Installation and Configuration. On the Install Agent tab, download the agent package.

Figure 1 Installing a Windows agent
Remotely log in to the server where the agent is to be installed.
- HUAWEI CLOUD server
  - Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
  - If an EIP has been bound to the server, you can use Windows Remote Desktop Connection or a third-party remote management tool, such as pcAnywhere and UltraVNC, to log in to the server and install the agent on the server as an administrator.
- Non-HUAWEI CLOUD server
  Log in to the server using Windows Remote Desktop Connection or a third-party remote management tool, such as pcAnywhere and UltraVNC, and install the agent on the server as an administrator.
Upload the agent installation package to the server where the agent is to be installed.
Run the agent installation program as an administrator.
Select a host type on the Select host type page.
- HUAWEI CLOUD server: Select Huawei Cloud Host.
  Figure 2 Selecting a host type (HUAWEI CLOUD server)
- Non-HUAWEI CLOUD server: Select Other Cloud Host. Copy the value of Org ID from the agent installation page, as shown in Figure 4.
  Figure 3 Selecting a host type (non-HUAWEI CLOUD server)
  
  Figure 4 Obtaining an organization ID (for a non-Huawei cloud server)
Check the HostGuard.exe and HostWatch.exe processes in the Windows Task Manager.

If the processes do not exist, the agent installation fails. In this case, reinstall the agent.
Figure 5 Checking the agent status

Follow-Up Procedure

For details about the agent status and troubleshooting, see What Should I Do When the Agent Running Status Is Abnormal?
For details about handling agent installation failures, see What Should I Do If Agent Installation Failed?
For details about agent uninstallation, see How Do I Uninstall the Agent?

Parent topic: Step 2: Install an Agent

Previous topic: Installing an Agent on the Linux OS

Next topic: (Optional) Step 3: Set Alarm Notifications

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot