This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Confirming upgrade of the NetWitness Endpoint / Insights Agent from the registry

Article Number

000001516

Applies To

NetWitness Product Set: NetWitness Endpoint
NetWitness Product/Service Type: NetWitness Endpoint
NetWitness Version/Condition: Endpoint Agent 11.1.x-11.2.x
Platform: Windows
 

Issue

Verification using SCCM or other tools that bulk push out updates may be difficult to verify that they have been performed successfully. Since the agent rolls back failed upgrades, the version number in the registry should still show the old agent version. Hence, targeting the DisplayVersion and InstallDate registry values may yield information about the agent.

Cause

The causes for agent failure to install have multiple reasons and are not necessary for this article's discussion.

Resolution

Using SCCM or another software solution, verify the output of the following registry keys:
 
  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63AC4523-5F19-42F0-BC43-97C8B5373589}\DisplayVersion
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63AC4523-5F19-42F0-BC43-97C8B5373589}\InstallDate
The first value will have a version number in the following format: 12.3.1.0
Use this to verify the version of the agent
The second value will have an install date in the following format: 20240214
Use this to verify the installation date of the agent in conjunction with its reported version number

Taken together, it becomes possible to verify if an agent upgrade succeeded or failed as these values would rollback to their previous entries if an installation fails. Note this applies to upgrades mainly; for fresh installs, a separate registry key located in the services directory called ServerSS is useful to determine if the agent checked in to the server after installation.

Image descriptionImage description
 

Notes

To the Uninstall registry location, it is identical between the original Endpoint agent, and the Insights agent, although the values will be different in some cases. The two values used in this article do not change, so both can be treated the same for testing if an upgrade succeeded or failed.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2024-05-17 10:06 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.