Introduction
This document describes a list of available switches in the Cisco Secure Endpoint Installer. The Installer has built-in command line switches. You can use them with a deployment software to automate Secure Endpoint deployment.
Caution: If your network is live, ensure that you understand the potential impact of any command.
Command Line Switches
Starting in version 5.1.13 of the AMP Connector for Windows, the first argument passed needs to be ' /R ' which is just a dummy switch that is stripped off and the next argument is processed. Any command line installs, updates and uninstall need to include this argument as the first argument. See below for examples.
Silent Install Examples:
v5.1.13 or newer: amp_install_package.exe /R /S
v5.1.11 or older: amp_install_package.exe /S
Uninstall Example:
v5.1.13 or newer: amp_install_package.exe /R /S /remove 1
v5.1.11 or older: amp_install_package.exe /S /remove 1
Available Switches
| Command Line Switch |
Command Description |
Special Notes |
| /R /S |
Used to put the installer into silent mode. |
This must be specified as the first parameter for v5.1.13 or newer. |
| /S |
Used to put the installer into silent mode. |
This must be specified as the first parameter for v5.1.11 or older. |
| /temppath |
Used to specify a custom temporary location for installation files to be extracted and executed. |
/temppath C:\
|
| /desktopicon 0 |
Used to specify that a desktop icon is not created. |
This is the default configuration and does not need to be provided. |
| /desktopicon 1 |
Used to specify that a desktop icon is created. |
|
| /startmenu 0 |
Start Menu shortcuts are not created. |
|
| /startmenu 1 |
Start Menu shortcuts are created. |
This is the default configuration and does not need to be provided.
|
| /contextmenu 0 |
Disables Scan Now from the right-click context menu. |
|
| /contextmenu 1 |
Enables Scan Now in the right-click context menu. |
This is the default configuration and does not need to be provided.
|
| /remove 0 |
Uninstalls the connector leaving behind files for later reinstallation. |
XML files with the UUID will remain allowing you to reuse the existing computer object when reinstalling the connector. Log files will be preserved as well. |
| /remove 1 |
Uninstalls the connector and removes all associated files. |
|
|
/uninstallpassword [Connector Protection Password]
|
Allows you to uninstall the Connector when you have Connector Protection enabled in your policy. |
You must supply the Connector Protection password with this switch. |
| /skipdfc 1 |
Skip installation of the DFC driver.
|
Any connectors installed with this flag must be in a group with a policy that has Network > Device Flow Correlation (DFC) > Enable DFC unchecked.
|
| /skiptetra 1 |
Skip installation of the TETRA driver.
|
Any connectors installed with this flag must be in a group with a policy that has File > Engines > Offline Engine set to Disabled.
|
| /D=[PATH] |
Used to specify which directory to perform the install. For example, /D=C:\
|
This must be specified as the last parameter.
For the /D= command line switch, the default installation directory varies from Operating System. Here are the default installation directories on Microsoft Windows XP with Service Pack 3 or later:
For x86 Platforms:
C:\Program Files (x86)\Cisco\AMP
For x64 Platforms:
C:\Program Files\Cisco\AMP
|
| /overridepolicy 1 |
Replace existing policy.xml file when installed over a previous Connector install. |
The overridepolicy switch must be specified as the last parameter. For example, this command works:
fireamp.exe /S /overridepolicy 1
However, this syntax does not work:
fireamp.exe /overridepolicy 1 /S
|
| /overridepolicy 0 |
Do not replace existing policy.xml file when installed over a previous Connector install. |
| /goldenimage 1 |
Installs connector to prepare for Golden Iamges |
This flag is designed to help prepare golden images in virtual environments. Using this flag prevent the connector from starting and registering during Golden Image creation. For more information, please see:
How To Prepare a Golden Image with Secure Endpoints
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/214462-how-to-prepare-a-golden-image-with-amp-f.html
|
Default Switches
Install with Remote Deployment Tools
When used with remote deployment tools, this additional flag is used and is declared first:
v5.1.13 or newer: /R /S
v5.1.11 or older: /S
Install without Specification of a Switch
If you run the command line installer and do not specify any switches, it is equivalent to these switches being enabled:
/desktopicon 0 /startmenu 1 /contextmenu 1 /skipdfc 0 /skiptetra 0
Unsupported Operating Systems (OS)
If a version of Windows Operating System is currently unsupported by FireAMP, but you want to install a Secure Endpoint for testing purposes, you can use this switch:
/skiposcheck 1
The switch is used as shown here:
AMPSetup.exe /skiposcheck 1
Uninstallation
Note: The switch for uninstallation must be run against the installation package and not uninstall.exe.
To perform a silent & complete uninstallation of connectors 5.1.11 or older, the switch would be:
FireAMPSetup.exe /S /remove 1
To perform a slient & complete uninstallation of connectors v5.1.13 or newer, the swtich would be:
FireAMPSetup.exe /R /S /remove 1
You can aslo perfrom these in non-slient modes by removing the /S switch.
Related Information
Feedback