Introduction
This document describes how to use the CLI Switch for the Cisco Secure Endpoint Installer.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on this component:
- AMP Connector for Windows
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background information
The Installer has built-in command line switches. You can use them with a deployment software to automate Secure Endpoint deployment.
Command Line Switches
Starting in version 5.1.13 of the AMP Connector for Windows, the first argument passed needs to be ' /R ' which is a dummy switch that is stripped off and the next argument is processed.
Any command line that installs, updates, and uninstalls needs to include this argument as the first argument.
Silent Install Examples:
v5.1.13 or newer: amp_install_package.exe /R /S
v5.1.11 or older: amp_install_package.exe /S
Uninstall Example:
v5.1.13 or newer: amp_install_package.exe /R /S /remove 1
v5.1.11 or older: amp_install_package.exe /S /remove 1
Available Switches
Command Line Switch |
Command Description |
Special Notes |
/R /S
|
Used to put the installer into silent mode.
|
This must be specified as the first parameter for v5.1.13 or newer.
|
/S
|
Used to put the installer into silent mode.
|
This must be specified as the first parameter for v5.1.11 or older.
|
/temppath
|
Used to specify a custom temporary location for installation files to be extracted and executed.
|
/temppath C:\
|
/desktopicon 0
|
Used to specify that a desktop icon is not created.
|
This is the default configuration and does not need to be provided.
|
/desktopicon 1
|
Used to specify that a desktop icon is created.
|
|
/startmenu 0
|
Start Menu shortcuts are not created.
|
|
/startmenu 1
|
Start Menu shortcuts are created.
|
This is the default configuration and does not need to be provided.
|
/contextmenu 0
|
Disables Scan Now from the right-click context menu.
|
|
/contextmenu 1
|
Enables Scan Now in the right-click context menu.
|
This is the default configuration and does not need to be provided.
|
/remove 0
|
Uninstalls the connector and leaves files for later reinstallation.
|
XML files with the UUID remain and allow you to reuse the existing computer object when reinstalling the connector. Log files are preserved as well.
|
/remove 1
|
Uninstalls the connector and removes all associated files.
|
|
/uninstallpassword [Connector Protection Password]
|
Allows you to uninstall the Connector when you have Connector Protection enabled in your policy.
|
You must supply the Connector Protection password with this switch.
|
/skipdfc 1
|
Skip installation of the DFC driver.
|
Any connectors installed with this flag must be in a group with a policy that has Network > Device Flow Correlation (DFC) > Enable DFC unchecked.
|
/skiptetra 1
|
Skip installation of the TETRA driver.
|
Any connectors installed with this flag must be in a group with a policy that has File > Engines > Offline Engine set to Disabled.
|
/D=[PATH]
|
Used to specify which directory to perform the install. For example, /D=C:\
|
This must be specified as the last parameter.
For the /D= command line switch, the default installation directory varies from Operating System. Here are the default installation directories on Microsoft Windows XP with Service Pack 3 or later:
For x86 Platforms:
C:\Program Files (x86)\Cisco\AMP
For x64 Platforms:
C:\Program Files\Cisco\AMP
|
/goldenimage 1
|
Installs connector to prepare for Golden images |
This flag is designed to help prepare golden images in virtual environments. Using this flag prevents the connector from starting and registering during Golden Image creation. For more information, please see: How To Prepare a Golden Image with Secure Endpoints https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/214462-how-to-prepare-a-golden-image-with-amp-f.html
|
Default Switches
Install with Remote Deployment Tools
When used with remote deployment tools, this additional flag is used and is declared first:
v5.1.13 or newer: /R /S
v5.1.11 or older: /S
Install without Specification of a Switch
If you run the command line installer and do not specify any switches, it is equivalent to these switches being enabled:
/desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0
Unsupported Operating Systems (OS)
If a version of Windows Operating System is currently unsupported by FireAMP, to install a Secure Endpoint for testing purposes, use this switch:
/skiposcheck 1
The switch is used as shown here:
AMPSetup.exe /skiposcheck 1
Uninstallation
Note: The switch for uninstallation must be run against the installation package and not uninstall.exe.
To perform a silent and complete uninstallation of connectors 5.1.11 or older, the switch is:
FireAMPSetup.exe /S /remove 1
To perform a silent and complete uninstallation of connectors v5.1.13 or newer, the switch is:
FireAMPSetup.exe /R /S /remove 1
You can also perform these in non-silent modes by removing the /S switch.
Related Information