Deploying Wazuh agents on Windows endpoints

Warning

Support for Windows XP, Windows Vista, and Windows Server 2003 systems ends in Wazuh 5.0.0.

The Wazuh agent runs on the endpoint you want to monitor and communicates with the Wazuh manager, sending data in near real-time through an encrypted and authenticated channel. You can deploy the Wazuh agent on Windows systems ranging from Windows XP to the latest versions, including Windows 11 and Windows Server 2022.

Note

You must have administrator privileges to perform the installation.

  1. Download the Windows installer to start the installation process.

  2. Select the installation method you want to follow: command line interface (CLI) or graphical user interface (GUI).

    1. Choose one of the command shell alternatives to deploy the Wazuh agent on your endpoint. Run the command below and replace the WAZUH_MANAGER value with your Wazuh manager IP address or hostname. Ensure the downloaded Wazuh agent installation file is in your working directory.

      • Using CMD:

        > wazuh-agent-4.13.1-1.msi /q WAZUH_MANAGER="10.0.0.2"
        
      • Using PowerShell:

        > .\wazuh-agent-4.13.1-1.msi /q WAZUH_MANAGER="10.0.0.2"
        

      For additional deployment options such as agent name, agent group, and registration password, see the Deployment variables for Windows section.

    2. Start the Wazuh agent from the GUI or by running:

      • Using CMD:

        > NET START WazuhSvc
        
      • Using PowerShell:

        > Start-Service wazuhsvc
        

      The installation process is now complete and the Wazuh agent is successfully installed and configured.

      Note

      Alternatively, if you want to install an agent without enrolling it, omit the deployment variables. To learn more about the different enrollment methods, see the Wazuh agent enrollment section.

By default, all agent files are stored in C:\Program Files (x86)\ossec-agent after the installation.