Updating the QRadar EDR Agent
Update the QRadar® EDR Agent on your endpoints when a more recent version is available.
Before you begin
As a IBM® Security QRadar EDR customer, new QRadar EDR Agent packages are uploaded for you. In this case, proceed to Installing the QRadar EDR Agent.
If you are in an air-gapped environment or your system is otherwise unreachable, new QRadar EDR Agent packages are provided to you as a .zip file.
Procedure
- Click .
- Click Create Distribution.
- Drag the .zip file to the Upload the package field.
- Add a list of clients and groups to receive the updated package in the Groups assigned to distribution field. To deliver the updated package to all endpoints, leave this field blank.
- If you want to distribute the updated package immediately, check Distribute directly after file upload.
Results
Important: Automatic updates of the Linux®
QRadar EDR Agent are not supported. For more
information, see Installing the QRadar EDR Agent on Linux endpoints.
Important: Automatic updates to version 1.0.0 of the macOS QRadar EDR Agent are not supported.
Attention:
- Due to the use of the new code-signing certificate in the Windows agent 3.11.1, the signature is changed. The end-of-life (EOL) versions of Windows do not support the new signature verification and can lead to failure during agent updates.
- The following Windows versions are no longer supported:
- Windows Server 2008 R2 (SP2) - 32 bit
- Windows Server 2008 R2 (SP2) - 64 bit
- Windows client 7 (SP1) - 32 bit
- Windows client 7 (SP1) - 64 bit
- Windows 8 - 32 bit
- Windows 8 - 64 bit
- Windows 8.1 - 32 bit
- Windows agent 3.11.0 is the last QRadar EDR agent that can run on the Windows versions that are no longer supported. To phase out the unsupported endpoints and preserve the agent that is running, group the unsupported endpoints and exclude them from the automatic updates delivery. For more information, see technote 7161908.