Deploying Agents on Windows

Last updated: April 29, 2026

The Cyrisma Windows Agent supports local vulnerability assessments, configuration scans, data discovery, and network-based scanning of other systems. This guide covers manual installation, silent installation, PowerShell deployment, non-PowerShell deployment, Group Policy rollout, Intune deployment, provisioning, and verification for Windows environments.

For network, hardware, or OS prerequisites, refer to the Global Agent Requirements | Cyrisma Knowledge Base article.

Supported Windows operating systems

Cyrisma supports installation on:

Windows Server 2012 R2, 2016, 2019, 2022, 2025
Windows 10
Windows 11

Windows prerequisites

Before installing the agent, ensure:

Microsoft .NET Framework 4.7.2 or higher is installed
The device can reach *.cyrisma.com over port 443
Endpoint protection allows the Cyrisma agent directory and required executables
If the agent will perform agentless scans of Windows devices, a service account with administrative rights on target machines is available

For standard local-only scanning, no credentials are required.

Download the Windows installer

Open Agent Setup.
On the Deployment tab, select Windows.
Use the displayed Installation Key and Setup URL as needed.
Click Download Agent to download Cyrisma_Setup.exe.

Important:

Installation keys are bound to a specific instance.
If the key is regenerated, older scripts using the previous key will fail.
Scripts shown in Agent Setup > Deployment are already populated with the correct installation key and instance URL for that instance.

Manual installation on Windows

To manually install the Windows agent from the Next Gen UI:

Open Agent Setup.
On the Deployment tab, select Windows.
Click Download Agent to download Cyrisma_Setup.exe.
Run Cyrisma_Setup.exe as Administrator.
Enter the installation key.
Enter the setup URL.
Accept the EULA and continue.
Wait for installation to complete.

After installation, the agent checks in and awaits provisioning unless auto provisioning is used.

Silent command-line installation

Basic silent installation:

Cyrisma_Setup.exe /verysilent /key=XXXX-XXXX-XXXX /url=https://ccXXXXXX.cyrisma.com

Silent installation with auto provisioning:

Cyrisma_Setup.exe /verysilent /key=XXXX-XXXX-XXXX /url=https://ccXXXXXX.cyrisma.com /autoprovision=yes

Optional sensor role:

Cyrisma_Setup.exe /verysilent /key=XXXX-XXXX-XXXX /url=https://ccXXXXXX.cyrisma.com /role=sensor

Notes:

Do not add spaces around =.
Use /autoprovision=yes only when you want to bypass manual provisioning.
When possible, copy the instance-ready scripts directly from Agent Setup > Deployment instead of manually editing values.

Deploying agents using PowerShell

Cyrisma supports automated deployment through PowerShell for environments using RMM, Intune, PDQ, or custom automation.

In the UI, PowerShell scripts are available in:

Agent Setup > Deployment tab

Both versions are available:

PowerShell with auto provisioning
PowerShell with manual provisioning

Each script includes a Copy to Clipboard option and is automatically populated with the correct installation key and instance URL for that instance.

The PowerShell script supports:

Install
Reinstall
Uninstall

Interactive Guide: How to Install a Windows Agent using Powershell

PowerShell script

The example below uses placeholders for Key and Url to show where those values appear in the script. When copied from Agent Setup > Deployment, the script already contains the correct values for that instance.

<#
.SYNOPSIS
    Installs, reinstalls, or uninstalls Cyrisma Agent.

.PARAMETER Key
    Provisioning key for Cyrisma.

.PARAMETER Url
    Cyrisma server URL.

.PARAMETER Mode
    Install (default), Reinstall, or Uninstall.

.EXAMPLE
    .\Deploy-CyrismaAgent.ps1 -Key ABC123 -Url https://example.cyrisma.com

.EXAMPLE
    .\Deploy-CyrismaAgent.ps1 -Key ABC123 -Url https://example.cyrisma.com -Mode Reinstall

.EXAMPLE
    .\Deploy-CyrismaAgent.ps1 -Mode Uninstall
#>

[CmdletBinding()]
param (
    [Parameter(Mandatory=$false)]
    [string]$Key = "XXXX-XXXX-XXXX",

    [Parameter(Mandatory=$false)]
    [string]$Url = "https://ccXXXXXX.cyrisma.com",

    [ValidateSet("Install","Reinstall","Uninstall")]
    [string]$Mode = "Install"
)

# ==============================
# CONFIGURATION
# ==============================

$ServiceName     = "CYRISMA_Agent"
$InstallerUrl    = "https://dl.cyrisma.com/6167656E7473/Cyrisma_Setup.exe"
$TempDir         = "C:\Temp"
$InstallerPath   = Join-Path $TempDir "Cyrisma_Setup.exe"
$UninstallerPath = "C:\CYRISMA_Agent\unins000.exe"
$InstallFolder   = "C:\CYRISMA_Agent"
$LogFile         = Join-Path $TempDir "cyrisma_deploy.log"

$InstallArgs = "/verysilent /suppressmsgboxes /norestart /key=$Key /URL=$Url /autoprovision=yes"

# ==============================
# INITIALIZATION
# ==============================

Start-Transcript -Path $LogFile -Append -ErrorAction SilentlyContinue

Write-Host "Starting Cyrisma deployment in $Mode mode"

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

if (!(Test-Path $TempDir)) {
    New-Item -Path $TempDir -ItemType Directory -Force | Out-Null
}

function Test-ServiceExists {
    return Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
}

function Stop-ServiceSafe {
    param ($TimeoutSeconds = 30)

    $svc = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue
    if ($svc -and $svc.Status -ne "Stopped") {
        Write-Host "Stopping service..."
        Stop-Service -Name $ServiceName -Force -ErrorAction SilentlyContinue

        $elapsed = 0
        while ((Get-Service $ServiceName).Status -ne "Stopped" -and $elapsed -lt $TimeoutSeconds) {
            Start-Sleep -Seconds 2
            $elapsed += 2
        }
    }
}

function Remove-ServiceSafe {
    if (Test-ServiceExists) {
        Write-Host "Deleting service..."
        sc.exe delete $ServiceName | Out-Null
        Start-Sleep -Seconds 3
    }
}

function Remove-InstallFolder {
    if (Test-Path $InstallFolder) {
        Write-Host "Removing install folder..."
        try {
            Takeown /f $InstallFolder /r /d y | Out-Null
            Icacls  $InstallFolder /grant administrators:F /t | Out-Null
            Remove-Item $InstallFolder -Recurse -Force -ErrorAction Stop
        }
        catch {
            Write-Warning "Folder removal failed: $_"
        }
    }
}

function Uninstall-Agent {

    Write-Host "Uninstalling Cyrisma Agent"

    Stop-ServiceSafe

    if (Test-Path $UninstallerPath) {
        Write-Host "Running uninstaller"
        Start-Process -FilePath $UninstallerPath -ArgumentList "/verysilent" -Wait -NoNewWindow
    }
    else {
        Write-Warning "Uninstaller not found, attempting manual removal"
    }

    Stop-ServiceSafe
    Remove-ServiceSafe
    Remove-InstallFolder

    if (Test-ServiceExists) {
        throw "Service still exists after uninstall"
    }

    Write-Host "Uninstall completed"
}

function Download-Installer {

    Write-Host "Downloading installer"

    try {
        Invoke-WebRequest -Uri $InstallerUrl -OutFile $InstallerPath -UseBasicParsing -ErrorAction Stop
    }
    catch {
        Write-Warning "Invoke-WebRequest failed, trying BITS"
        Start-BitsTransfer -Source $InstallerUrl -Destination $InstallerPath -ErrorAction Stop
    }

    if (!(Test-Path $InstallerPath)) {
        throw "Download failed"
    }

    Write-Host "Download successful"
}

function Install-Agent {

    Write-Host "Installing Cyrisma Agent"

    $process = Start-Process -FilePath $InstallerPath `
                             -ArgumentList $InstallArgs `
                             -Wait `
                             -PassThru

    if ($process.ExitCode -ne 0) {
        throw "Installer exited with code $($process.ExitCode)"
    }

    Start-Sleep -Seconds 5

    if (!(Test-ServiceExists)) {
        throw "Service not found after install"
    }

    Write-Host "Installation successful"
}

# ==============================
# EXECUTION LOGIC
# ==============================

try {

    switch ($Mode) {

        "Uninstall" {
            if (Test-ServiceExists) {
                Uninstall-Agent
            }
            else {
                Write-Host "Agent not installed"
            }
        }

        "Reinstall" {
            if (Test-ServiceExists) {
                Uninstall-Agent
            }
            Download-Installer
            Install-Agent
        }

        "Install" {
            if (Test-ServiceExists) {
                Write-Host "Agent already installed, skipping"
                exit 0
            }
            Download-Installer
            Install-Agent
        }
    }

    Write-Host "Operation completed successfully"
    Stop-Transcript
    exit 0
}
catch {
    Write-Error "Deployment failed: $_"
    Stop-Transcript
    exit 1
}

For manual provisioning, use the same script but change:

$InstallArgs = "/verysilent /suppressmsgboxes /norestart /key=$Key /URL=$Url /autoprovision=yes"

to:

$InstallArgs = "/verysilent /suppressmsgboxes /norestart /key=$Key /URL=$Url"

Alternative non-PowerShell deployment

Cyrisma also supports a non-PowerShell Windows deployment method.

In the UI, non-PowerShell scripts are available in:

Agent Setup
Deployment tab

Both versions are available:

Non-PowerShell with auto provisioning
Non-PowerShell with manual provisioning

Each script includes a Copy to Clipboard option and is automatically populated with the correct installation key and instance URL for that instance.

The script supports install, reinstall, and uninstall.

Non-PowerShell script

Save the following script as a .bat file (for example, install_cyrisma.bat) and run it as an administrator.

@echo off
setlocal enabledelayedexpansion
:: ==========================
:: CONFIGURATION
:: ==========================
set "REINSTALL=0"  :: Set to 1 to force uninstall and reinstall, 2 to just uninstall
set "SERVICE_NAME=CYRISMA_Agent"
set "INSTALLER_URL=https://dl.cyrisma.com/6167656E7473/Cyrisma_Setup.exe"
set "INSTALLER_PATH=C:\Temp\Cyrisma_Setup.exe"
set "UNINSTALLER_PATH=C:\CYRISMA_Agent\unins000.exe"
set "UNINSTALL_ARGS=/verysilent"
set "TEMP_DIR=C:\Temp"
set "INSTALL_ARGS="  :: Built dynamically from command line args or defaults
:: ==========================
:: COMMAND LINE ARGUMENTS
:: ==========================
if "%~1"=="" (
    echo Usage: %0 ^<Key^> ^<URL^>
    echo Example: %0 ABC123 https://example.cyrisma.com
    echo.
    echo If no arguments provided, will use default values from configuration.
    echo.
    set "CYRISMA_KEY=XXXX-XXXX-XXXX"
    set "CYRISMA_URL=https://ccXXXXXX.cyrisma.com"
) else if "%~2"=="" (
    echo Error: Both Key and URL are required.
    echo Usage: %0 ^<Key^> ^<URL^>
    echo Example: %0 ABC123 https://example.cyrisma.com
    exit /b 1
) else (
    set "CYRISMA_KEY=%~1"
    set "CYRISMA_URL=%~2"
    echo Using provided credentials:
    echo Key: !CYRISMA_KEY!
    echo URL: !CYRISMA_URL!
    echo.
)
:: ==========================
:: BUILD INSTALL ARGUMENTS (Dynamic from command line or defaults)
:: ==========================
:: Silent installation flags:
:: /verysilent - Completely silent installation (no UI)
:: /suppressmsgboxes - Suppress any message boxes
:: /norestart - Don't restart the system
:: /log - Optional: Add /log=C:\Temp\cyrisma_install.log for troubleshooting
set "INSTALL_ARGS=/verysilent /suppressmsgboxes /norestart /key=%CYRISMA_KEY% /URL=%CYRISMA_URL% /autoprovision=yes"
:: ==========================
:: Check if service exists and handle reinstall
:: ==========================
sc query "%SERVICE_NAME%" >nul 2>&1
set "SERVICE_EXISTS=!errorlevel!"
if "%REINSTALL%"=="1" (
    echo REINSTALL mode enabled. Attempting to uninstall existing CYRISMA_Agent...
    if !SERVICE_EXISTS!==0 (
        echo Service found. Uninstalling...
        call :uninstall_service
        if !errorlevel! neq 0 (
            echo Warning: Failed to uninstall service. Continuing with cleanup...
        ) else (
            echo Service uninstalled successfully.
        )
    ) else (
        echo Service not found. Skipping service uninstall.
    )
    echo Cleaning up CYRISMA_Agent folder and contents...
    call :cleanup_folder
    if !errorlevel! neq 0 (
        echo Warning: Failed to completely clean up folder. Continuing anyway...
    )
    echo Proceeding with reinstall...
) else if "%REINSTALL%"=="2" (
    if !SERVICE_EXISTS!==0 (
        echo Uninstalling existing CYRISMA_Agent service...
        call :uninstall_service
        if !errorlevel! neq 0 (
            echo Failed to uninstall service. Aborting.
            exit /b 1
        )
        echo Service uninstalled successfully.
    ) else (
        echo Service not found. Skipping service uninstall.
    )
    echo Cleaning up CYRISMA_Agent folder and contents...
    call :cleanup_folder
    if !errorlevel! neq 0 (
        echo Warning: Failed to completely clean up folder.
    )
    echo Uninstall complete. Exiting.
    exit /b 0
) else (
    sc query "%SERVICE_NAME%" >nul 2>&1
    if !errorlevel!==0 (
        echo CYRISMA_Agent is already installed. Skipping installation.
        echo To reinstall, set REINSTALL=1 in the configuration section.
        echo To uninstall only, set REINSTALL=2 in the configuration section.
        exit /b 0
    )
)
:: ==========================
:: Prepare download location
:: ==========================
if not exist "%TEMP_DIR%" mkdir "%TEMP_DIR%"
:: ==========================
:: Simple download method - try curl first, then bitsadmin
:: ==========================
echo Attempting to download installer...
:: Try curl first
where curl >nul 2>&1
if %errorlevel%==0 (
    echo Using curl to download...
    curl -L -o "%INSTALLER_PATH%" "%INSTALLER_URL%"
    if %errorlevel%==0 (
        goto :verify_download
    )
)
:: Fallback to bitsadmin
echo Using bitsadmin to download...
bitsadmin /transfer "DownloadCyrisma" "%INSTALLER_URL%" "%INSTALLER_PATH%"
if %errorlevel% neq 0 (
    echo Download failed with both curl and bitsadmin!
    exit /b 1
)
:verify_download
:: ==========================
:: Verify download success
:: ==========================
if not exist "%INSTALLER_PATH%" (
    echo Download failed!
    exit /b 1
)
:: ==========================
:: Run installer
:: ==========================
echo Installing CYRISMA_Agent...
start /wait "" "%INSTALLER_PATH%" %INSTALL_ARGS%
:: ==========================
:: Verify installation
:: ==========================
echo Verifying installation...
sc query "%SERVICE_NAME%" >nul 2>&1
if %errorlevel%==0 (
    echo Installation complete. CYRISMA_Agent service is running.
) else (
    echo Installation may have failed. Service not found.
    exit /b 1
)
exit /b 0
:: ==========================
:: CLEANUP FUNCTION
:: ==========================
:cleanup_folder
set "CYRISMA_FOLDER=C:\CYRISMA_Agent"
set "MAX_RETRIES=5"
set "RETRY_COUNT=0"
if not exist "%CYRISMA_FOLDER%" (
    echo CYRISMA_Agent folder does not exist. Nothing to clean up.
    exit /b 0
)
echo Attempting to remove %CYRISMA_FOLDER% and all contents...
:retry_cleanup
set /a RETRY_COUNT+=1
echo Cleanup attempt !RETRY_COUNT! of %MAX_RETRIES%...
:: Try to remove the folder and all contents
:: First, try to remove read-only attributes
attrib -r -s -h "%CYRISMA_FOLDER%\*.*" /s /d >nul 2>&1
:: Remove the folder and all contents
rd /s /q "%CYRISMA_FOLDER%" >nul 2>&1
:: Check if folder still exists
if not exist "%CYRISMA_FOLDER%" (
    echo CYRISMA_Agent folder removed successfully.
    exit /b 0
)
:: If folder still exists and we haven't exceeded retries, wait and try again
if !RETRY_COUNT! lss %MAX_RETRIES% (
    echo Folder still exists, waiting before retry...
    timeout /t 3 >nul
    goto :retry_cleanup
)
:: If we've exhausted retries, try one more aggressive approach
echo Final cleanup attempt using takeown and icacls...
takeown /f "%CYRISMA_FOLDER%" /r /d y >nul 2>&1
icacls "%CYRISMA_FOLDER%" /grant administrators:F /t >nul 2>&1
rd /s /q "%CYRISMA_FOLDER%" >nul 2>&1
if not exist "%CYRISMA_FOLDER%" (
    echo CYRISMA_Agent folder removed successfully after final attempt.
    exit /b 0
) else (
    echo Warning: Could not completely remove %CYRISMA_FOLDER%
    echo Some files may still be locked. Manual cleanup may be required.
    exit /b 1
)
:: ==========================
:: UNINSTALL FUNCTION
:: ==========================
:uninstall_service
echo Stopping CYRISMA_Agent service...
sc stop "%SERVICE_NAME%" >nul 2>&1
timeout /t 3 >nul
echo Checking for uninstaller...
if exist "%UNINSTALLER_PATH%" (
    echo Running uninstaller...
    "%UNINSTALLER_PATH%" %UNINSTALL_ARGS%
    timeout /t 10 >nul
    :: Wait for uninstaller to complete and verify service removal
    :wait_for_uninstall
    sc query "%SERVICE_NAME%" >nul 2>&1
    if %errorlevel%==0 (
        echo Waiting for service to be removed...
        timeout /t 5 >nul
        goto :wait_for_uninstall
    )
    echo Service removed successfully.
    exit /b 0
) else (
    echo Uninstaller not found at "%UNINSTALLER_PATH%"
    echo Attempting to remove service manually...
    :: Try to remove service manually
    sc delete "%SERVICE_NAME%" >nul 2>&1
    if %errorlevel%==0 (
        echo Service removed manually.
        exit /b 0
    ) else (
        echo Failed to remove service manually.
        exit /b 1
    )
)

For manual provisioning, use the same script but change:

set "INSTALL_ARGS=/verysilent /suppressmsgboxes /norestart /key=%CYRISMA_KEY% /URL=%CYRISMA_URL% /autoprovision=yes"

to:

set "INSTALL_ARGS=/verysilent /suppressmsgboxes /norestart /key=%CYRISMA_KEY% /URL=%CYRISMA_URL%"

Troubleshooting

If the installer fails to download:

Confirm the system can reach the Cyrisma download endpoint
Test connectivity using:
```
ping dl.cyrisma.com
```

If bitsadmin is restricted, download the installer using PowerShell:

Invoke-WebRequest -Uri "https://dl.cyrisma.com/6167656E7473/Cyrisma_Setup.exe" -OutFile "C:\windows\temp\Cyrisma_Setup.exe"

If the installation fails:

Ensure the script is run as an administrator
Review agent logs located at:
```
C:\ProgramData\Cyrisma\Logs
```
Verify antivirus or endpoint protection software is not blocking execution

Deploying Windows agents using Group Policy

For enterprise-wide deployments across domain-managed Windows machines.

Step 1 — Create Netlogon directory

On a Domain Controller, navigate to the Netlogon folder.

Create a folder named CYRISMA.

Ensure this folder replicates across all domain controllers in the network.

Example path:

\\<DCServer>\netlogon\CYRISMA

Step 2 — Add installer

Place CYRISMA_Setup.exe into the CYRISMA Netlogon folder.

Step 3 — Create batch file

Create cyrisma_install.cmd:

:: Check if CYRISMA Agent is already installed
sc query state= all | findstr /C:"SERVICE_NAME: Cyrisma_Agent"
if %ERRORLEVEL% gtr 0 (
    copy \\[dcServerName]\netlogon\CYRISMA\CYRISMA_Setup.exe %temp%
    %temp%\CYRISMA_Setup.exe /verysilent /key=XXXX-XXXX-XXXX /url=https://ccXXXXX.cyrisma.com
)

Optional autoprovision:

This version automatically provisions the agent, skipping the manual provisioning step.

:: Check if CYRISMA Agent is already installed
sc query state= all | findstr /C:"SERVICE_NAME: Cyrisma_Agent"
if %ERRORLEVEL% gtr 0 (
    copy \\[dcServerName]\netlogon\CYRISMA\CYRISMA_Setup.exe %temp%
    %temp%\CYRISMA_Setup.exe /verysilent /key=XXXX-XXXX-XXXX /url=https://ccXXXXX.cyrisma.com /autoprovision=yes
)

Replace the placeholders in the script:

[dcServerName] with the name of your domain controller
XXXX-XXXX-XXXX with your Cyrisma installation key
https://ccXXXXX.cyrisma.com with your Cyrisma setup URL

Step 4 — Create a new GPO

Log in to the Domain Controller.
Open Group Policy Management.
Create a new GPO named CYRISMA Deployment at the root of the domain.

Step 5 — Assign permissions

Ensure Authenticated Users, or your deployment group, has Read and Execute permissions.

Step 6 — Add the batch file to the GPO

Open the newly created GPO for editing.
Navigate to:
- Computer Configuration
- Policies
- Windows Settings
- Scripts (Startup/Shutdown)
In the right pane, double-click Startup.
In the Startup Properties window, click Add.
Browse to the location of the batch file created in Step 3:

\\[dcServerName]\Netlogon\CYRISMA\cyrisma_install.cmd

Select the batch file, click Open, then OK.
Click Apply and OK to save the configuration.

Step 7 — Force GPO update

To ensure the new GPO is applied, run:

gpupdate /force

Agent GPO Deployment.pdf

Deploying the agent via Microsoft Intune

Applies to: Cyrisma Windows Agent deployment
Use case: Deploy the Cyrisma Agent through Microsoft Intune using a Win32 app package and validate installation using file or registry detection rules.

Step 1 — Prepare the batch script

Create a batch script to download and install the Cyrisma agent silently.

Save the following as Install_CYRISMA.bat:

@echo off
setlocal

:: Define variables
set "INSTALLER_URL=https://dl.cyrisma.com/6167656E7473/Cyrisma_Setup.exe"
set "INSTALLER_PATH=C:\windows\temp\Cyrisma_Setup.exe"
set "INSTALL_ARGS=/verysilent /key=XXXXXX /URL=https://YOUR_CYRISMA_INSTANCE /autoprovision=yes"

:: Download the installer
bitsadmin /transfer "DownloadCyrisma" %INSTALLER_URL% %INSTALLER_PATH%

:: Check if download was successful
if not exist %INSTALLER_PATH% (
  echo Download failed!
  exit /b 1
)

:: Run the installer with arguments
start /wait "" "%INSTALLER_PATH%" %INSTALL_ARGS%

echo Installation complete.
exit /b 0

Replace:

XXXXXX with your Cyrisma installation key
https://YOUR_CYRISMA_INSTANCE with your Cyrisma setup URL

If you want the Intune deployment to use manual provisioning instead, remove /autoprovision=yes from INSTALL_ARGS.

Step 2 — Package the app with IntuneWinAppUtil

Download the Microsoft Win32 Content Prep Tool (IntuneWinAppUtil.exe).

Create a source folder, for example:

C:\CYRISMADeployment\Source

Place Install_CYRISMA.bat into the source folder.

Run:

IntuneWinAppUtil.exe -c C:\CYRISMADeployment\Source -s Install_CYRISMA.bat -o C:\CYRISMADeployment\Output

This produces an .intunewin package in the output folder.

Step 3 — Add the app in Microsoft Intune

Go to Intune Admin Center.
Navigate to Apps > Windows > Add.
Select Windows app (Win32).

Configure the app:

App information:

Name: CYRISMA Agent
Description: Silent deployment of the Cyrisma Windows Agent
Publisher: CYRISMA

Program:

Install command: Install_CYRISMA.bat
Install behavior: System

Uninstall command:

If you do not have an official uninstall string from Cyrisma, leave this blank or handle removal through a separate process.

Step 4 — Configure detection rules

Choose one detection method.

Option 1 — File detection

Rule type: File

Path: C:\CYRISMA_Agent
File: DataSpotliteAgent.exe
Detection method: Exists

Option 2 — Registry detection

Rule type: Registry

Key path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CYRISMA Agent
Value name: DisplayName
Detection method: String equals
Value: CYRISMA Agent

Note: Registry paths can vary depending on installer behavior and 32-bit vs 64-bit registration. If detection fails, confirm the actual uninstall key on a device where the agent is installed.

Step 5 — Assign the app

Assign the app to the appropriate device groups, such as:

All Devices
a specific device group

Set the assignment as Required to enforce deployment.

Step 6 — Monitor deployment

Go to Intune Admin Center > Apps > Monitor.

Review:

deployment success and failure rates
device install status
error details for failed installs

Provisioning newly installed agents

After installation:

Agents installed without auto provisioning must be provisioned manually in Cyrisma.
Agents installed with /autoprovision=yes bypass manual provisioning.

For manual provisioning:

Go to Agent Setup.
Open the Provisioning tab to view agents awaiting provisioning.
Select whether the agent will run local-only scans.
If using network-based scanning, provide:
- Domain in NT-style format
- Username
- Password

Use:

DOMAIN\username

Do not use:

username@domain.com

UPN-style logins are not supported for network-based scanning.

Verifying successful installation

On the Windows device:

Open Services.
Confirm that CYRISMA_Agent exists and is running.

In Cyrisma:

Open Asset Inventory.
Confirm the agent appears online after check-in and provisioning.

Windows endpoint protection exclusions

Directory exclusion:

C:\Cyrisma_Agent

If file-level exclusions are required:

Executable	Purpose
DataSpotliteAgent.exe	Main agent service
psexec.exe	Remote attribute collection
atexec.exe	Secondary remote attribute collector
cytcp.exe	TCP port scanning
fileconv.exe	Reads files for data scanning
pscopy.exe	Agent management/upgrades
7z.exe	Compresses scan results

Best practices

Use the scripts from Agent Setup > Deployment when possible, since they are already populated with the correct installation key and instance URL for that instance.
Do not publish or reuse instance-specific values from another environment.
Validate endpoint protection compatibility before broad rollout.
Test install, reinstall, and uninstall workflows on a small group first.
Use auto provisioning only when operationally appropriate.
Keep any GPO or Intune deployment package aligned with the current script logic and installer arguments.