FireEye Mandiant Agent Installation

By | March 12, 2020

FireEye is a Cyber Security firm deal with lot many products, but the most famous product from the company is Mandiant Endpoint Agent. Mandiant was a separate company founded in 2004 which was later acquired by FireEye in 2013. Mandiant helps our organization to be prevented by various security attack. This is now a propitiatory product from FireEye and you have to pay for it’s licenses.

Now you must be thinking what’s big deal in the installation of an app. It’s as simple as Next, Next, Finish. Correct? No, you are wrong. I have personally deal with this application for long time and found that in a production environment, specially where we are still using old versions of Windows, it doesn’t work well if we install it in GUI mode. The main problem we face is that after installation, required services will either not visible in service.msc or they will be in stop state.

If app is broken, you can’t restart the service, even after rebooting the server multiple times. To resolve such issue, it’s recommended by FireEye that the installation should be with command line. I have personally faced issue when the existing working Mandiant agent suddenly stopped working and after uninstalling and reinstalling it from command line, it’s started working fine. So you need to navigate the Mandiant setup folder in command prompt or Powershell and run these commands to install and uninstall the agent:

To Install FireEye Mandiant Agent along with log file:

msiexec.exe /i AgentSetup_HIP_xAgent_Bundled.msi /qn /l*v ragent_install.log

To Uninstall FireEye Mandiant Agent along with log file:

msiexec.exe /x AgentSetup_HIP_xAgent_Bundled.msi /q /l*v ragent_uninstall.log

After installing from command line, you can normally start, stop or restart the services. It doesn’t require a reboot.

Leave a Reply

Your email address will not be published. Required fields are marked *