Installation and Uninstallation of Sourcefire User Agent

Available Languages

Download Options

  • PDF     (465.4 KB)
    View with Adobe Reader on a variety of devices
Updated:July 28, 2016
Document ID:118131

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to install and uninstall a User Agent on the Microsoft Windows operating system. Sourcefire User Agent monitors Microsoft Active Directory servers and reports logins and logoffs authenticated via Lightweight Directory Access Protocol (LDAP). The FireSIGHT System integrates these records with the information it collects via direct network traffic observation by managed devices. 

Prerequisites

Cisco recommends that you have knowledge of FireSIGHT Management Center, Sourcefire User Agent, and Active Directory.

Installation Requirements

  • TCP/IP access to the Active Directory servers
  • Microsoft .NET Framework Version 4.0 (includes all dependencies of .NET Framework)

Installation of Sourcefire User Agent

  1. Download the installer file from the Support site.

  2. Copy the setup.exe file to the Windows system where you want to install the User Agent.

  3. Double-click the Sourcefire User Agent Installer file. The setup wizard appears.

    Note: If you do not have permissions to install new applications on the Windows host, you can escalate to an administrative user with the appropriate permissions in order to start the installation. In order to access the escalation option, right-click the Sourcefire User Agent 2.0 setup file and choose Run As. Choose an administrative user and provide the appropriate password.

    If the installation requirements are not met, you will receive this message before the Setup Wizard to download and install Microsoft .NET Framework Version 4.0.  Click Yes in order to go to the download Page.  Follow the instructions to install Microsoft .NET Framework Version 4.0.



  4. Once the installation of Microsoft .NET Framework Version 4.0 is complete, double-click the Sourcefire User Agent Installer file once again. The setup wizard appears.

    If you run a version of Microsoft Windows with User Account Control (UAC) enabled, you will be presented with this dialog box after you double-click the Sourcefire User Agent Installer file. Click Yes to allow the Sourcefire User Agent installer to make changes to the system. Click No to cancel and exit the Sourcefire User Agent installer.



  5. Click Next to continue with the Sourcefire User Agent Setup Wizard. Click Cancel to exit the Sourcefire User Agent Setup Wizard.



  6. Click Browse to select the folder where you want to install the Sourcefire User Agent and then click Next. Click Cancel to exit the Sourcefire User Agent Setup Wizard.



  7. Click Next to start the installation. Click Cancel to exit the Sourcefire User Agent Setup Wizard.



  8. Click Close after the Sourcefire User Agent Setup Wizard completes. The Sourcefire User Agent is now installed. The Sourcefire User Agent starts as a service on the Windows system.



  9. The Sourcefire User Agent adds a quick launch icon to the desktop of the Windows system.

Uninstallation of the Sourcefire User Agent


In order to uninstall the Sourcefire User Agent 2.x, use one of these steps:

  • Navigate to Control Panel > Programs > Programs and Features, choose Sourcefire User Agent from the list, and click Uninstall.

  • Navigate to the location where the Sourcefire User Agent setup file is located, right-click, and select Uninstall.



  • In order to uninstall via the CLI, open a command prompt (you might need to it run as Administrator), change directories to the location where the .msi file is located, and enter this command: 
    msiexec /x Sourcefire_User_Agent_2.0.0-34_Setup.msi

    Note: In the previous example, the build number is 34. This build number changes when the Sourcefire User Agent is updated. Verify the build number before you enter the command.

Troubleshoot Uninstallation Issues

Symptom

  • User Agent uninstallation fails.
  • Services are still shown as running after you uninstalled it.

Solution

If the User Agent is not shown under Programs and Features in the Control Panel, you can simply delete the User Agent service. In order to remove the service, open a command prompt as Administrator and enter this command:

C:\Users\Administrator>sc query type= service | findstr /spinl "Sourcefire RUA AgentService"

Caution: Use a space after the '='. This is not a typo. 

You can also complete these steps in the services management console. In order to open the console:

  1. Go to the Start menu.

  2. Run services.msc.

  3. View the properties of the Sourcefire User Agent.

Once the service names are displayed, enter these commands in order to delete the service:

C:\Users\Administrator>sc delete "Sourcefire RUA Agent"
C:\Users\Administrator>sc delete "AgentService"

Note: Any files related to the FireSIGHT System might still be present on the machine and need to be removed.

Revision History

Revision Publish Date Comments
1.0
31-Jul-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Nazmul Rajib
    Cisco TAC Engineer.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products