Windows

Suggest Edits

Ephemeral Probe

Open-source Raindrop.

Before running these commands, you'll need to generate a Probe token using the Prelude CLI. (The registration string generated via the web UI cannot be used; it's a reusable string and not a host-specific Probe token.)

If you created your account using the web UI, export your credentials (user menu > My profile > Export Credentials) and save the keychain.ini file to ~/.prelude/ so that when you run the Prelude CLI to generate the Probe token, the token will be linked to the account in use via the web UI.

Use the "prelude detect create-endpoint" command ("prelude detect create-endpoint --help" will provide a list of arguments).

Run the following commands in Powershell as Administrator. Replace with the token value you generated via the Prelude CLI as mentioned above. These commands will: download the script, set the PRELUDE_TOKEN environment variable, and start the script:

Invoke-WebRequest -UseBasicParsing -URI "https://api.preludesecurity.com/download/raindrop" -Headers @{"dos"="windows-x86_64"} -OutFile probe.ps1
SETX PRELUDE_TOKEN <TOKEN> /M
.\probe.ps1

Installed Probe

The following versions are supported: Windows 10, Windows 11, Server 2019 and Server 2022.

Installation within Proxmox Virtual Environments is not currently supported.

Download here

Install

msiexec.exe /qn /l*v detect-log.txt /i detect-1.2.0.msi REGISTRATION_STRING="<ACCOUNT_ID>/<TOKEN>" ENDPOINT_TAGS="tag1,tag2,tag3"

Uninstall

msiexec.exe /qn /l*v detect-log.txt /x detect-1.2.0.msi

Probe Service Control

How to check the status and control the probe service.

Check if Prelude Probe service is running

 sc interrogate “Prelude Probe Service”

Stop Prelude Probe service

 sc stop "Prelude Probe Service"

Start Prelude Probe service

 sc start "Prelude Probe Service"

Restart Prelude Probe service

 sc stop "Prelude Probe Service" && sc start "Prelude Probe Service"

Logging

  • By default the Prelude Probe writes log events to the Windows Event Viewer Application log.

Probe deployment via Microsoft Intune

  1. Login to https://endpoint.microsoft.com/ and go to Apps > All apps

  2. Click on +Add to add a new Intune application for deployment.

  3. Select Line-of-Business app – App Type drop-down menu from Add app.

  4. Click on Select app package file and provide the latest detect .msi package Download here

  5. Click ok after uploading

  6. Under Add App set the following required fields and any other optional fields

    • Name: "Prelude Probe"

    • Description: "Prelude Probe"

    • Publisher: "Prelude Security"

    • App Install context: "Device"

    • Ignore app version: "Yes"

    • Command Line:

      /qn /l*v detect-log.txt /i detect-1.1.1.msi REGISTRATION_STRING="<ACCOUNT_ID>/<TOKEN>" ENDPOINT_TAGS="tag1,tag2,tag3"

      Note

      • ensure you replace <ACCOUNT_ID>/ with your installation string
      • Add any optional Tags after "ENDPOINT_TAGS" or delete ENDPOINT_TAGS="tag1,tag2,tag3"

  7. Under Assignments set desired group or devices you'd like to target (It's not recommended to install the Prelude Detect Probe on a per user basis

  8. Review settings and save

Note: The Prelude Detect Probe will automatically update so there is no need to manage updating after the probe is installed/deployed.

Updated 8 days ago