Using Tanium Client-related Tanium content

The Tanium Core Platform includes Tanium content that facilitates Tanium Client administration.

Default Content

The Tanium Server imports the Tanium™ Default Content pack when you initially sign into the Tanium Console. The pack contains a key set of saved questions, packages, and sensors for collecting information from endpoints and taking actions. The pack also includes saved questions and scheduled actions that relate to the deployment of the Tanium Client. To familiarize yourself with Tanium Client-related content, access the following Tanium Console pages from the Main menu:

• Administration > Actions > Scheduled Actions: Review the actions that are scheduled to run against the Default action group.
• Administration > Content > Sensors: Search for client-related sensors.
• Administration > Content > Packages: Search for client-related packages.
• Administration > Content > Saved Questions: Search for client-related questions.

Client Upgrade

The Client Upgrade content pack facilitates upgrading the Tanium Client on Windows endpoints. It is available in all deployments and is categorized as core content on the Administration > Configuration > Solutions page. Contact Tanium Support to import the ClientUpgradeNonWindows content pack for upgrading the Tanium Client on non-Windows endpoints. You must manually upgrade non-Windows endpoints using an installer package (available from the Client Management Home page) or use third-party software. Contact Tanium Support for additional guidance.

 Table 1: Client Upgrade content pack for Windows endpoints

Content	Object name	Description
Saved questions	Windows Clients Older Than <version> For Targeting	The results of this question indicate which Tanium Clients on Windows endpoints do not have the latest client version.
Packages	Update Tanium Client <version>	Files: SetupClient.exe, set-service-permissions-back-to-default.vbs Command: cmd /c start /B "" cmd /c "cscript.exe set-service-permissions-back-to-default.vbs & net stop "Tanium Client" & net stop "TaniumClient" & taskkill /f /im taniumclient.exe & SetupClient.exe /S & net start "Tanium Client" & net start "TaniumClient"" Timeout: 900
Sensors	Client Brand	Use to fine-tune a targeting question.
Scheduled actions	Update Any Tanium Client to <version>	By default, the Tanium Server deploys this action hourly and distributes the deployment over 15 minutes.

To upgrade Tanium Clients on Windows endpoints, see Upgrading Tanium Clients.

Client Service Hardening

The Client Service Hardening content pack includes saved questions, packages, and scheduled actions that you can use to restrict user access to the Tanium Client from a local Windows host endpoint.

The Tanium Client installs as a normal application on Windows. While the protocols that the client uses to communicate with TaaS the Tanium Server and peer clients are designed to be secure and prevent rogue sensors or actions, it is still imperative to protect the Tanium Client itself from an attacker or a tinkering end user.

 Table 2: Client Service Hardening content pack

Content	Object name	Description
Categories	Client Service Hardening	Contains the dashboards that this table lists.
Dashboards	Control Service State Permissions	Controls which accounts have permission to start and stop services. Many organizations have given some or all of their end users permissions to be a local administrator. For this reason, Tanium typically recommends that you restrict service control to the local SYSTEM account instead. This restriction is often the first and most effective way to protect the integrity of your Tanium Client deployment.
	Set Client Directory Permissions	Controls which accounts have permission to view or modify files in the Tanium Client directory. Set the file system permissions to SYSTEM. Default permissions allow several user types to view or modify files in the Tanium Client directory. Though digital signing prevents an attacker from causing the client to run sensors or packages that TaaS the Tanium Server did not issue, unnecessary permissions could lead to performance issues or extra bandwidth consumption while information is re-synchronized.
	Hide From Add-Remove Programs	Controls whether the Tanium Client is hidden from the Windows Add/Remove Programs list. Hiding the Tanium Client from the Windows Add/Remove Programs list or the Programs menu does not by itself directly affect the security of the client. A user with permissions to uninstall an application could also launch the uninstallation manually. This dashboard helps to reduce accidental uninstallations and preempt inquisitive end users from trying to tamper with the client. Hide the client from the Add/Remove Programs list and perform regular audits of unmanaged assets to look for systems with missing or non-functioning clients.
Saved questions	Tanium Client Service Control Permissions	Issues the following question: Get Tanium Client Service Control Status contains Service Control from all machines with Tanium Client Service Control Status contains Service Control
	Tanium Client Directory Permissions	Issues the following question: Get Tanium Client Directory Permissions from all machines
	Tanium Client Visible in Add-Remove Programs	Issues the following question: Get Tanium Client Uninstall Hidden contains No from all machines with Tanium Client Uninstall Hidden contains No
	Tanium Client Hidden From Add-Remove Programs	Issues the following question: Get Tanium Client Uninstall Hidden contains Yes from all machines with Tanium Client Uninstall Hidden contains Yes
Scheduled actions	Control Service State Permissions	Grants permission to start or stop the Tanium Client service to only the local administrator or local system account.
	Hide From Add-Remove Programs	Hides the Tanium Client from the Add/Remove Programs list.
Packages	Client Service Hardening - Allow Only Local Admins to Control Service	Files: allow-only-admins-to-control-service.vbs Command: cmd /c cscript.exe allow-only-admins-to-control-service.vbs Timeout: 900
	Client Service Hardening - Allow Only Local SYSTEM to Control Service	Files: allow-only-local-system-to-control-services.vbs Command: cmd /c cscript.exe allow-only-local-system-to-control-services.vbs Timeout: 600
	Client Service Hardening - Reset permissions on Tanium Client directory	Files: reset_directory_permissions.vbs Command: cmd /c cscript //T:60 reset_directory_permissions.vbs Timeout: 600
	Client Service Hardening - Set SYSTEM only permissions on Tanium Client directory	Files: modify_directory_permissions.vbs Command: cmd /c cscript //T:60 modify_directory_permissions.vbs Timeout: 600
	Client Service Hardening - Set Service Permissions to Defaults	Files: set-service-permissions-back-to-default.vbs Command: cmd /c cscript.exe set-service-permissions-back-to-default.vbs Timeout: 600
	Client Service Hardening - Hide Client from Add-Remove Programs	File: hide-client-from-add-remove.vbs Command: cmd /c cscript.exe hide-client-from-add-remove.vbs Timeout: 600
	Client Service Hardening - Show Client in Add-Remove Programs	Files: show-client-in-add-remove-programs.vbs Command: cmd /c cscript.exe show-client-in-add-remove-programs.vbs Timeout: 600
Sensors	Tanium Client Directory Permissions	Returns the current status of the Tanium Client directories permissions and whether they are set as restricted to SYSTEM. Example result: Restricted - SYSTEM
	Tanium Client Service Control Status	Returns whether the Tanium Client service has special permissions set such that regular users, or non-SYSTEM users, can control the service. Example result: Service Control Restricted to Administrators
	Tanium Client Uninstall Hidden	Returns whether the Tanium Client is hidden from the Add/Remove Programs list. Example result: Yes

The following workflow shows how to use the Client Service Hardening content pack to hide the Tanium Client from the Windows Add/Remove Programs list:

1. From the Main menu, go to Administration > Configuration > Solutions, scroll to the Content section, select the Client Service Hardening solution, and click Import Content.
2. Review the list of content objects and click Import.
3. Contact Tanium Support to import the Client Service Hardening content pack into TaaS.
4. From the Interact Home page, scroll to the Content section.
5. In the Categories panel, select Client Service Hardening.
6. From the Saved Questions panel, click a saved question to immediately ask the question.
7. Drill down as necessary. Select the appropriate results row and click Deploy Action.
8. Verify the package and action details and then click Show preview to continue.
9. Click Deploy Action.

The Action Summary page opens.

10. Review the status to confirm expected results.