Install EDR
Step 1: Install Armor Anywhere
To Install EDR on your device, users must first install the Armor Agent.
Armor security services are designed for workload protection, so users will need to install the Armor Agent with no services active.
To install the Armor Agent only, please follow Step 2, Optional Step 1 in the Armor Agent 3.0 documentation.
Step 2: Install EDR
Once installed, users can install EDR services using the CLI or Armor Toolbox.
Linux Command
/opt/armor/armor edr install
Windows Command
c:\.armor\opt\armor.exe edr install
EDR can also be installed using the Armor Toolbox. Please see the documentation available on the Armor Toolbox and Agent 3.0 installation scripts.
MacOS
For users looking to install EDR on macOS, please follow this documentation.
Supported Versions: Big Sur, Monterey, Ventura, and Sonoma.
Uninstall EDR
Users can install EDR services using the CLI or Armor Toolbox. To uninstall EDR, users must first acquire an Uninstall Code from the Armor Management Portal.
To obtain a code:
Navigate to the Infrastructure screen in AMP.
Select the appropriate Virtual Machine.
Click the Overview tab.
Click EDR.Click the Get Uninstall Code button.
EDR assigns each asset a unique ID. Since uninstallation requires an uninstall code for each unique machine ID, administrators cannot perform a fleet uninstallation of EDR.
Visibility of the Get Uninstall Code is permission based, so if you cannot acquire the uninstall code, see your Administrator.
Linux Command
/opt/armor/armor edr uninstall uninstall-code={uninstall-code}
Windows Command
c:\.armor\opt\armor.exe edr uninstall uninstall-code={uninstall-code}
EDR can also be uninstalled using the Armor Toolbox. Please see the documentation available on the Armor Toolbox and Agent 3.0 installation scripts.
Other EDR CLI Commands
Operation | Description |
---|---|
help | Displays a list of available commands. |
sync-agent-id | Sync CoreInstanceId to Carbon Black Endpoint Detection and Response. |
show-agent-id | Display Carbon Black registered Host ID. |
diagnostics | Diagnostics EDR Service. |
Fleet Management
Users looking to deploy EDR at scale can use the Armor Toolbox to schedule installation of EDR on multiple machines simultaneously. The Armor Toolbox is a self-service solution available to users in the AMP.
Users can learn more about scheduling installation tasks in the Armor Toolbox documentation.
Carbon Black User Roles
During EDR sign-up, a user is elected to be the Admin user for the Carbon Black account. That Admin user is configured as in the Carbon Black portal as Super Admin. The Super Admin user will have all privileges to perform within the Carbon Black portal. Users must be careful which actions are performed in the portal and be mindful of privileges that are granted to other users.
AMP users with Carbon Black user accounts will have their Carbon Black accounts deleted automatically if their AMP user account is deleted. If a user is added back to AMP, the Carbon Black admin will need to add that user to Carbon Black manually.
Permissions matrix table shows the permissions that are assigned to a particular role.
It is recommended users familiarize themselves with the Carbon Black portal and sign up for access to Carbon Black documentation.