Updating the QRadar EDR Agent

Edit online

Update the QRadar® EDR Agent on your endpoints when a more recent version is available.

Before you begin

If you are a new IBM® Security QRadar EDR user and did not install the QRadar EDR Agent on your endpoints, proceed to Installing the QRadar EDR Agent.

Important: Newest QRadar EDR Agent update packages are uploaded for you. The Targets field is set to Global and the Status is Disabled by default.

Procedure

  1. Click Administration > Update Manager.
  2. Select a new distribution that you want to deliver to endpoints.
  3. Edit the Targets field.
    • To deliver the updated package to specific endpoints, add a list of clients or groups.
    • To deliver the updated package to all eligible endpoints, set the field to Global.
  4. If you want to distribute the updated package immediately, click Status > Enabled.

Results

If you set the Status field to Enabled, the distribution to endpoints in eligible groups starts immediately.

Important: Automatic updates of the Linux® QRadar EDR Agent are not supported. For more information, see Installing the QRadar EDR Agent on Linux endpoints.
Important: Automatic updates for macOS QRadar EDR Agent are supported only if your macOS QRadar EDR Agent already has version 1.0.0 or later.
Important: If you are running agents with versions older than Windows agent 3.11.0, first upgrade to Windows agent 3.11.0 before you upgrade to Windows agent 3.11.1 or later to avoid failures in subsequent Windows agent updates. For more information, see QRadar EDR: Updating to the Latest Windows Agent Release (3.11.1). If you encounter a certificate chain issue after the upgrade to Windows agent 3.11.0, fix it manually before you install any later versions of the Windows agent. For more information, see QRadar EDR: Agent version 3.11.1 or higher failure on Windows Endpoint.
Attention:
  • Due to the use of the new code-signing certificate in the Windows agent 3.11.1, the signature is changed. The end-of-life (EOL) versions of Windows do not support the new signature verification and can lead to failure during agent updates.
  • The following Windows versions are no longer supported:
    • Windows Server 2008 R2 (SP2) - 32 bit
    • Windows Server 2008 R2 (SP2) - 64 bit
    • Windows client 7 (SP1) - 32 bit
    • Windows client 7 (SP1) - 64 bit
    • Windows 8 - 32 bit
    • Windows 8 - 64 bit
    • Windows 8.1 - 32 bit
  • Windows agent 3.11.0 is the last QRadar EDR agent that can run on the Windows versions that are no longer supported. To phase out the unsupported endpoints and preserve the agent that is running, group the unsupported endpoints and exclude them from the automatic updates delivery. For more information, see technote 7161908.