Amazon Inspector
User Guide (Version Latest)

Working with Amazon Inspector Agents on Windows-based Operating Systems

You can start, stop, and modify the behavior of Amazon Inspector agents. Sign in to your EC2 instance running a Windows-based operating system and perform any of the procedures in this chapter. For more information about the operating systems that are supported for Amazon Inspector, see Amazon Inspector Supported Operating Systems and Regions.

Note

The commands in this chapter function in all AWS Regions that are supported by Amazon Inspector.

Starting or Stopping an Amazon Inspector Agent or Verifying That the Agent is Running

To start, stop, or verify an agent

  1. On your EC2 instance, choose Start, Run, and then enter services.msc.

  2. If the agent is successfully running, two services are listed with their status set to Started or Running in the Services window: AWS Agent Service and AWS Agent Updater Service.

  3. To start the agent, right-click AWS Agent Service, and then choose Start. If the service successfully starts, the status is updated to Started or Running.

  4. To stop the agent, right-click AWS Agent Service, and then choose Stop. If the service successfully stops, the status is cleared (appears as blank). We don't recommend stopping the AWS Agent Updater Service because it disables the installation of all future enhancements and fixes to the agent.

  5. To verify that the agent is installed and running, sign in to your EC2 instance, and open a command prompt using administrative permissions. Navigate to C:/Program Files/Amazon Web Services/AWS Agent, and then run the following command:

    AWSAgentStatus.exe

    This command returns the status of the currently running agent, or an error stating that the agent can't be contacted.

Modifying Amazon Inspector Agent Settings

After the Amazon Inspector agent is installed and running on your EC2 instance, you can modify the settings in the agent.cfg file to alter the agent's behavior. On Windows-based operating systems, the file is located in the C:\ProgramData\Amazon Web Services\AWS Agent directory. After you modify and save the agent.cfg file, you must stop and start the agent for the changes to take effect.

Important

We highly recommend that you modify the agent.cfg file only with the guidance of AWS Support.

Configuring Proxy Support for an Amazon Inspector Agent

To get proxy support for an agent on a Windows-based operating system, use the WinHTTP proxy. To set up the WinHTTP proxy using the netsh utility, see https://technet.microsoft.com/en-us/library/cc731131%28v=ws.10%29.aspx.

Complete one of the following procedures:

To install an agent on an EC2 instance that uses a proxy server

  1. Download the following .exe file: https://d1wk0tztpsntt1.cloudfront.net/windows/installer/latest/AWSAgentInstall.exe.

  2. Open a command prompt window or PowerShell window (using administrative permissions). Navigate to the location where you saved the downloaded AWSAgentInstall.exe, and then run the following command:

    ./AWSAgentInstall.exe \install USEPROXY=1

To configure proxy support on an EC2 instance with a running agent

  1. To configure proxy support, the version of the Amazon Inspector agent that is running on your EC2 instance must be 1.0.0.59 or later. If you enabled the auto-update process for the agent, you can verify that your agent's version is 1.0.0.59 or later by using theStarting or Stopping an Amazon Inspector Agent or Verifying That the Agent is Running procedure. If you didn't enable the auto-update process for the agent, you must install the agent on this EC2 instance again by following the Installing the Agent on a Windows-based EC2 Instance procedure.

  2. Open the registry editor (regedit.exe).

  3. Navigate to the following registry key: "HKEY_LOCAL_MACHINE/SOFTWARE/Amazon Web Services/AWS Agent Updater".

  4. Inside this registry key, create a registry DWORD(32bit) value called "UseProxy".

  5. Double-click on the value, and set the value to 1.

  6. Enter services.msc, locate the AWS Agent Service and the AWS Agent Updater Service in the Services window, and restart each process. After both processes have successfully restarted, run the AWSAgentStatus.exe file (see step 5 in Starting or Stopping an Amazon Inspector Agent or Verifying That the Agent is Running). View the status of your agent and verify that it is using the configured proxy.

Uninstalling the Amazon Inspector Agent

To uninstall the agent

  1. Sign in to your EC2 instance running a Windows-based operating system where you want to uninstall the Amazon Inspector agent.

    Note

    For more information about the operating systems that are supported for Amazon Inspector, see Amazon Inspector Supported Operating Systems and Regions.

  2. On your EC2 instance, navigate to Control Panel, Add/Remove Programs.

  3. In the list of installed programs, choose AWS Agent, and then choose Uninstall.