Installing WinCollect 10

You can install a new WinCollect 10 stand-alone agent by using the Quick Installation or Advanced Installation options. You can also upgrade an existing WinCollect 7.3.0 or later stand-alone agent to the latest version of WinCollect 10.

Beginning in V10.1.4, WinCollect now uses a virtual account to increase application security.

With this change, aspects of the WinCollect agent that interact with the file system (file based sources, mTLS, and so on...) require extra privileges in order to continue to function properly.

To ensure WinCollect continues to function properly, the WinCollect virtual account can be added to the Administrators group. Alternatively, if the WinCollect virtual account is not added to the Administrators group, access to the necessary directories need to be added manually. This decision must be made during the WinCollect installation or upgrade.

Upgrade existing WinCollect agents

Use one of the following methods to upgrade an existing WinCollect stand-alone agent.

Upgrading a WinCollect 7 agent to WinCollect 10

Upgrading existing WinCollect 10 agents

Install new agents

You can install a new WinCollect 10 stand-alone agent by using the Quick Installation or Advanced Installation options.

Quick installation
A quick installation only requires you to set the QRadar® destination. The installation automatically configures collection of application, system, and security events. You can install WinCollect 10 using the GUI installer or the command line.

Installing WinCollect 10 using the GUI Quick installation

Installing WinCollect 10 using the command line

Advanced installation options
Use one of the advanced installation options to run a silent installation or specify an installation script that gives the agent instructions on what to monitor and where to send events.

Installing WinCollect 10 using the Advanced installer

WinCollect 10 Command line installation advanced examples

Installation script examples for WinCollect 10

Tip: When you specify an installation location, use the full path and not the relative path.