Using Tanium Client-related Tanium content
The Tanium Core Platform includes Tanium content that facilitates Tanium Client administration.
- Administration > Actions > Scheduled Actions: Review the actions that are scheduled to run against the Default action group.
- Administration > Content > Sensors: Search for client-related sensors.
- Administration > Content > Packages: Search for client-related packages.
- Administration > Content > Saved Questions: Search for client-related questions.
The Client Upgrade content pack facilitates upgrading the Tanium Client on Windows endpoints.
|Saved questions||Windows Clients Older Than <version> For Targeting||The results of this question indicate which Tanium Clients on Windows endpoints do not have the latest client version.|
|Packages||Update Tanium Client <version>||Files:
Command: cmd /c start /B "" cmd /c "cscript.exe set-service-permissions-back-to-default.vbs & net stop "Tanium Client" & net stop "TaniumClient" & taskkill /f /im taniumclient.exe & SetupClient.exe /S & net start "Tanium Client" & net start "TaniumClient""
|Sensors||Client Brand||Use to fine-tune a targeting question.|
|Scheduled actions||Update Any Tanium Client to <version>||By default, the Tanium Server deploys this action hourly and distributes the deployment over 15 minutes.|
To upgrade Tanium Clients
The Client Service Hardening content pack includes saved questions, packages, and scheduled actions that you can use to restrict user access to the Tanium Client from a local Windows host endpoint.
The Tanium Client installs as a normal application on Windows. While the protocols that the client uses to communicate with
|Categories||Client Service Hardening||Contains the dashboards that this table lists.|
|Dashboards||Control Service State Permissions||
Controls which accounts have permission to start and stop services.
Many organizations have given some or all of their end users permissions to be a local administrator. For this reason, Tanium typically recommends that you restrict service control to the local SYSTEM account instead. This restriction is often the first and most effective way to protect the integrity of your Tanium Client deployment.
|Set Client Directory Permissions||
Controls which accounts have permission to view or modify files in the Tanium Client directory.
Set the file system permissions to SYSTEM. Default permissions allow several user types to view or modify files in the Tanium Client directory. Though digital signing prevents an attacker from causing the client to run sensors or packages that
|Hide From Add-Remove Programs||
Controls whether the Tanium Client is hidden from the Windows Add/Remove Programs list.
Hiding the Tanium Client from the Windows Add/Remove Programs list or the Programs menu does not by itself directly affect the security of the client. A user with permissions to uninstall an application could also launch the uninstallation manually. This dashboard helps to reduce accidental uninstallations and preempt inquisitive end users from trying to tamper with the client.
Hide the client from the Add/Remove Programs list and perform regular audits of unmanaged assets to look for systems with missing or non-functioning clients.
|Saved questions||Tanium Client Service Control Permissions||Issues the following question: Get Tanium Client Service Control Status contains Service Control from all machines with Tanium Client Service Control Status contains Service Control|
|Tanium Client Directory Permissions||Issues the following question: Get Tanium Client Directory Permissions from all machines|
|Tanium Client Visible in Add-Remove Programs||Issues the following question: Get Tanium Client Uninstall Hidden contains No from all machines with Tanium Client Uninstall Hidden contains No|
|Tanium Client Hidden From Add-Remove Programs||Issues the following question: Get Tanium Client Uninstall Hidden contains Yes from all machines with Tanium Client Uninstall Hidden contains Yes|
|Scheduled actions||Control Service State Permissions||Grants permission to start or stop the Tanium Client service to only the local administrator or local system account.|
|Hide From Add-Remove Programs||Hides the Tanium Client from the Add/Remove Programs list.|
|Packages||Client Service Hardening - Allow Only Local Admins to Control Service||
Command: cmd /c cscript.exe allow-only-admins-to-control-service.vbs
|Client Service Hardening - Allow Only Local SYSTEM to Control Service||
Command: cmd /c cscript.exe allow-only-local-system-to-control-services.vbs
|Client Service Hardening - Reset permissions on Tanium Client directory||
Command: cmd /c cscript //T:60 reset_directory_permissions.vbs
|Client Service Hardening - Set SYSTEM only permissions on Tanium Client directory||
Command: cmd /c cscript //T:60 modify_directory_permissions.vbs
|Client Service Hardening - Set Service Permissions to Defaults||
Command: cmd /c cscript.exe set-service-permissions-back-to-default.vbs
|Client Service Hardening - Hide Client from Add-Remove Programs||
Command: cmd /c cscript.exe hide-client-from-add-remove.vbs
|Client Service Hardening - Show Client in Add-Remove Programs||
Command: cmd /c cscript.exe show-client-in-add-remove-programs.vbs
|Sensors||Tanium Client Directory Permissions||
Returns the current status of the Tanium Client directories permissions and whether they are set as restricted to SYSTEM.
Example result: Restricted - SYSTEM
|Tanium Client Service Control Status||
Returns whether the Tanium Client service has special permissions set such that regular users, or non-SYSTEM users, can control the service.
Example result: Service Control Restricted to Administrators
|Tanium Client Uninstall Hidden||
Returns whether the Tanium Client is hidden from the Add/Remove Programs list.
Example result: Yes
The following workflow shows how to use the Client Service Hardening content pack to hide the Tanium Client from the Windows Add/Remove Programs list:
- From the Main menu, go to Administration > Configuration > Solutions, scroll to the Content section, select the Client Service Hardening solution, and click Import Content.
- Review the list of content objects and click Import.
- Contact Tanium Support to import the Client Service Hardening content pack into TaaS.
- From the Interact Home page, scroll to the Content section.
- In the Categories panel, select Client Service Hardening.
- From the Saved Questions panel, click a saved question to immediately ask the question.
- Drill down as necessary. Select the appropriate results row and click Deploy Action.
- Verify the package and action details and then click Show preview to continue.
The Action Status page opens.
- Review the status to confirm expected results.
Last updated: 8/2/2021 4:31 PM | Feedback