Prerequisites

This page summarizes requirements you should understand before you attempt to deploy the Tanium™ Client to endpoints.

Host system requirements

The following table summarizes basic requirements endpoint host systems. Hardware resource requirements vary according to the actions that may be taken on the endpoint. For hardware resource guidance, consult with your technical account manager (TAM).

Table 1:   Supported OS versions
Operating system OS Version Tanium Client Version
Microsoft Windows Server
  • Windows Server 2016 *
  • Windows Server 2012, 2012 R2
  • Windows Server 2008, 2008 R2

* Nano Server not supported.

7.2.314.3211,
7.2.314.2962,
6.0.314.1540,
6.0.314.1450
Windows Server 2003, 2003R2 6.0.314.1540,
6.0.314.1450
Microsoft Windows Workstation
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Vista
7.2.314.3211,
7.2.314.2962,
6.0.314.1540,
6.0.314.1450
Windows XP (including Embedded) 6.0.314.1540,
6.0.314.1450
macOS
(Intel processor only)
  • macOS 10.13 High Sierra
  • macOS 10.12 Sierra
  • OS X 10.11 El Capitan
  • OS X 10.10 Yosemite
  • OS X 10.9 Mavericks
  • OS X 10.8 Mountain Lion
7.2.314.3236,
7.2.314.2962,
6.0.314.1579,
6.0.314.1442
Linux
  • Amazon Linux 2 LTS (2017.12)
  • Amazon Linux AMI 2018.03 (Use the Tanium Client installer that is provided for Amazon Linux AMI 2017.09)
  • Amazon Linux AMI 2017.09
7.2.314.3211
Amazon Linux AMI 2016.09 7.2.314.3211,
7.2.314.2962,
6.0.314.1579
Debian 9.x, 8.x 7.2.314.3211
Debian 7.x, 6.x 7.2.314.3211,
7.2.314.2962,
6.0.314.1579,
6.0.314.1442
Oracle Enterprise Linux 7.x, 6.x 7.2.314.3211,
7.2.314.2962,
6.0.314.1579
Oracle Enterprise Linux 5.x 7.2.314.3236,
7.2.314.2962
  • Red Hat Enterprise Linux (RHEL) 7.x, 6.x
  • CentOS 7.x, 6.x
7.2.314.3211,
7.2.314.2962,
6.0.314.1579,
6.0.314.1442
  • Red Hat Enterprise Linux (RHEL) 5.x
  • CentOS 5.x
7.2.314.3236,
7.2.314.2962,
6.0.314.1579,
6.0.314.1321
  • SUSE Linux Enterprise Server (SLES) 12
  • openSUSE 12.x
7.2.314.3211,
7.2.314.2962,
6.0.314.1579
  • SUSE Linux Enterprise Server (SLES) 11
  • openSUSE 11.x
7.2.314.3211,
7.2.314.2962,
6.0.314.1579,
6.0.314.1442
Ubuntu 18.04 LTS 7.2.314.3211
Ubuntu 16.04 LTS 7.2.314.3211,
7.2.314.2962,
6.0.314.1579
Ubuntu 14.04 LTS 7.2.314.3211,
7.2.314.2962,
6.0.314.1579,
6.0.314.1442
Ubuntu 10.04 LTS 6.0.314.1579,
6.0.314.1442
AIX
  • IBM AIX 7.2
  • IBM AIX 7.1 TL1SP10 and higher *
  • IBM AIX 6.1 TL7SP10 and higher *

* 64-bit only, requires xlC.rte 12.1.0.1 or greater.

6.0.314.1437
Solaris
  • Oracle Solaris 11 SPARC *
  • Oracle Solaris 11 x86 *
  • Oracle Solaris 10 U8 SPARC or higher *
  • Oracle Solaris 10 U8 x86 or higher *

* Requires SUNWgccruntime.

6.0.314.1321

Admin account

On Windows, the Tanium Client is installed as a service that runs in the context of the Local System account.

On AIX, Linux, macOS, and Solaris, it is installed as a system service.

Network connectivity and firewall

Tanium components use TCP/IP to communicate over IPv4 networks and IPv6 networks (support for IPv6 requires version 7.3 or later on both the Tanium Server and Tanium Client). You must work with your network administrator to ensure that the Tanium components are provisioned IP addresses and that DNS can be used to resolve hostnames.

Host and network firewalls may need to be configured to allow the Tanium Client process to send/receive TCP via ports 17472.

In addition to the client-to-server TCP communication that takes place on port 17472, Tanium Clients also communicate to peers on port 17472. Clients dynamically communicate with peers based on proximity and latency. Peer chains form to match an enterprise topology automatically. For example, endpoints in California form one chain, while endpoints in Germany form a separate chain. With this dynamic configuration in mind, you must allow bi-directional TCP communication on port 17472 between clients on the same local area network, but not necessarily between all clients on the internal network.

Host system security exceptions

Some environments use security software to monitor and block unknown host system processes. Work with your network and security team to whitelist Tanium processes. Define exclusions to allow the Tanium™ platform components to operate smoothly and at optimal performance. Typically, this means configuring the security software to exempt the Tanium™ Client installation directories from real-time inspection as well as setting a policy to ignore I/O from the Tanium binaries.

If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and output TCP traffic across port 17472 on any endpoints to be managed.

If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.

The Tanium Client uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing operating system and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.

Table 2 lists Tanium Client folders that should be excluded from on-access or real-time scans by antivirus or other host-based security applications. Default values are shown. Include subfolders of these locations when you create the exception rules. If you have changed the defaults, create rules based on the actual locations.

Tanium solution modules may have their own requirements for the client. For a comprehensive list, including solution module requirements, see the Tanium Support Knowledge Base article (login required).

Table 2:   Tanium Client installation paths
OS Installation Folder
Windows 32-bit \Program Files\Tanium\Tanium Client\
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client\
macOS /Library/Tanium/TaniumClient
Linux, UNIX /opt/Tanium/TaniumClient

The following system processes must be allowed (not blocked, quarantined, or otherwise processed):

  • TaniumClient.exe (Windows)
  • TaniumExecWrapper.exe (Windows)
  • TaniumClient or taniumclient (macOS, Linux, UNIX)

Last updated: 9/18/2018 6:06 PM | Feedback