Persistent probes

Permanently install probes as a service

Persistent probes install as a service to survive machine reboots, restart if stopped and upgrade automatically. Probes write all stdout/stderr to a common log file, in accordance of the operating system they are running on. The log file will be named prelude.log. Tag flags are optional for all installers.

Instructions in this doc are for headless installs. Download and double-click to install via GUI.

To reinstall, run the uninstall and install steps for your platform.


Use the CLI to create a new registration user:

prelude detect create-user registration --permission SERVICE

This will generate a low-privilege authentication token. Use this, along with an account ID, to install probes.


All versions of Intel and ARM are supported.

curl -sL -o detect-1.0.0.pkg
sudo launchctl setenv REGISTRATION_STRING <ACCOUNT_ID>/<TOKEN> ENDPOINT_TAGS tag1,tag2,tag3
sudo installer -pkg detect-1.0.0.pkg -target /

To uninstall and kill the running process use the uninstall script.

sudo bash /Library/PreludeSecurity/uninstall


All modern versions of Ubuntu, CentOS and Amazon 2 are supported. Mileage may vary on other distributions, such as RHEL or Debian, as these are not tested regularly. SELinux is not supported.


sudo rpm -Uvh
sudo detect-register-endpoint -r <ACCOUNT_ID>/<TOKEN> -t tag1,tag2,tag3

Amazon AM2

sudo yum install
sudo detect-register-endpoint -r <ACCOUNT_ID>/<TOKEN> -t tag1,tag2,tag3


curl -sL -o detect-1.0.0.deb
sudo dpkg -i detect-1.0.0.deb
rm detect-1.0.0.deb
sudo detect-register-endpoint -r <ACCOUNT_ID>/<TOKEN> -t tag1,tag2,tag3


The following versions are supported: Windows 10, Windows 11, Server 2019 and Server 2022

Download here


msiexec.exe /qn /l*v detect-log.txt /i detect-1.0.0.msi REGISTRATION_STRING="<ACCOUNT_ID>/<TOKEN>" ENDPOINT_TAGS="tag1,tag2,tag3"


msiexec.exe /qn /l*v detect-log.txt /x detect-1.0.0.msi