Deployment

There are several ways that users can access the deployment script for agent-based vulnerability scanning. Within the Agents page, users can click New Agent and they will be directed to the Agent deployment page. Additionally, users can navigate directly to the Deployment(Agent-Based) page to access a subscription-specific PowerShell script that can be deployed on a host-by-host basis or deployed to multiple hosts via a preferred remote monitoring and management tool.
Once the agents have been deployed, it may take up to five (5) minutes for each agent to complete the registration process and call back to the Shield platform.
Once the agents are deployed, users can navigate back to the Agents and click Refresh Agents to view the newly deployed agents.

Results

Once the agents can be seen in the platform within the Agents page, users can click Refresh Agent Vulnerabilities to sync all of the discovered vulnerabilities and configurations across all of the hosts where an agent is running. All vulnerability and configuration information that has been discovered on an agent-by-agent basis will live within the Internal Network module.

Network Communications

Please note in order to communicate to the Shield Platform, outbound access over 1514/tcp, 1515/tcp, and 55000/tcp will need to be enabled to the following Shield Cyber LB endpoint shieldagentlb.shieldcyber.io

Uninstalling Agents

To uninstall agents from endpoints where it is currently running, users can type in the following commands to remove the Shield Agent and associated service and resources: msiexec.exe /x ShieldCyberAgent.msi /qn

Troubleshooting

For older operating systems that do not support newer versions of PowerShell and/or cannot download the Shield Cyber Agent MSI file programmatically, the MSI can be downloaded manually and transferred over to the machine and installed with the steps outlined below.
  1. Download the latest version of the Shield Cyber Agent MSI here: Shield Cyber Agent MSI
  2. Run the commands below or save them to a PowerShell (.ps1) file to execute on the target hosts: 

# Set the MSI arguments pointed at the MSI in the correct folder
$msiArguments = '/i "C:\Shield\MSI\Location\ShieldCyberAgent.msi" SHIELD_AGENT_GROUP=ENTER-SUBSCRIPTION-ID-HERE /quiet'

# Start the MSI installation
Start-Process msiexec -ArgumentList $msiArguments -Wait

# Sleep for a second to ensure everything is settled
Start-Sleep -Seconds 1

# Start the ShieldCyberAgent service
Net Start ShieldCyberAgentSvc -Wait
Please update the file path location, as well as the SHIELD_AGENT_GROUP (Subscription ID) within the script above

Additional Deployment Methods

Deploy Shield via Microsoft InTune

To deploy the Shield agent via InTune, users can leverage InTune’s PowerShell scripting feature to install the Shield vulnerability collection agent on their desired hosts.
1

Navigate to Intune

Navigate to https://intune.microsoft.com to access the Intune platform.
2

Access the device scripting and remediations section within Intune

Navigate to the devices module that on the left-side pane, then access the Scripts and remediations function, and access the Platform scripts tab.
3

Navigate to the Shield platform & Agent deployment feature

Navigate to the Shield platform within the subscription you are looking to deploy from. Go to the Agents module and select Add Agent and copy the generated PowerShell script to a .ps1 file.
4

Create Intune PowerShell Script

Select Add from the Intune Platform Scripts section and select Windows 10 and later option. Name the script, add a description, and select Next.
5

Set scope for devices configured within Intune, Review, & finish

Select the desired group and/or devices that you would like to deploy the Shield vulnerability agent to and select Next. Review all options and then click Add to your Intune PowerShell scripts.

Deploy Shield via GPO

This deployment method should be utilized to understand how to deploy the Shield Agent (via MSI) on multiple machines through Group Policy in Windows 2012 and 2016 environments
Deployment via Group Policy can be achieved and assigned in several ways including;
  • Per-User: If it is assigned on a per-user basis, then it will be installed when the user logs on.
  • Per-Machine: If is assigned on a per-machine basis, then it will be installed when the machine starts.
Please follow the steps listed below to install the Shield vulnerability collection agent with Group Policy:
1

Create a distribution point

  • Log onto the server as an Administrator
  • Create a shared network folder (which will contain the MSI)
  • Set permission on this folder to allow access to the distribution package
  • Copy the Shield Cyber Agent MSI (linked here) in the shared folder
2

Create a batch script to run the MSI

  • Copy the following command and insert your subscription ID to a file and name it ShieldCyberAgent.bat
@echo off
msiexec.exe /i \\path\to\shared\folder\ShieldCyberAgent.msi SHIELD_AGENT_GROUP=SUBSCRIPTION-ID /quiet
net start ShieldCyberAgentSvc
  • Save the file and insert this into the shared distribution point
3

Create a Group Policy Object

  • Click on the Start button and open Go to Start and open Group Policy Management
  • Expand Forest (your forest) > Domains (your domain)
  • Right-click on Group Policy Objects and select New -Enter a name for your policy and leave Source Starter GPO as (none)
4

Configure the Startup Script in GPO

  • Double click on your previously created policy
  • In the right panel click on the Settings Tab
  • You should see Computer Configuration and User Configuration, right-click anywhere in the panel and select Edit
  • Expand Computer Configuration > Windows Settings and double click on Scripts
  • Right click on Startup and select Properties
  • Click Add and select the batch file that you created within the shared location.
  • Click Apply and OK to save the GPO to run the script the next time the machine is restarted.