Managing endpoint tools

Other Tanium solutions use Endpoint Configuration to install client extensions and any other needed tools on endpoints. You can review installed endpoint tools in Endpoint Configuration, and you can use the packages provided by Endpoint Configuration to manage these tools.

For solutions to Solutions cannot perform configuration changes or tool deployment through Endpoint Configuration on endpoints with action locks turned on, you must enable the Manifest Package Ignore Action Lock and Deploy Client Configuration and Support Package Ignore Action Lock settings. To access these settings, from the Endpoint Configuration Overview page, click Settings and select Global. on. As a best practice, do not turn on action locks. For more information about action locks, see Tanium Console User Guide: Managing action locks.

You cannot manage tools using the packages listed in the following sections on endpoints with action locks turned on. For more information about action locks, see Tanium Console User Guide: Managing action locks.

View deployed endpoint tools

View deployed endpoint tools on the Tools page.

  1. Click Tools from the Endpoint Configuration menu.
  2. Expand a tool to view the status of that tool across all endpoints.
  3. (Optional) Click a status category to open question results that contain all endpoints in that category for the tool, or click View question results in Interact  to view all endpoints that have the tool installed.

The Tools page displays cached data that is provided by the Tanium Data Service, and this data includes offline endpoints. If you view the question results for a tool, Interact retrieves real-time data from only online endpoints.

Remove unused endpoint tools

Some tools remain installed on an endpoint even after the associated solution no longer targets that endpoint or after the associated solution is no longer installed. Endpoints that have an endpoint tool installed under these conditions are in the Safe to Remove category for that tool.

To remove an endpoint tool from endpoints where it is no longer needed, deploy the appropriate action to those endpoints.

  1. Click Tools from the Endpoint Configuration menu.
  2. Click the Safe to Remove category.

  3. Beside the tool that you want to remove, click View question results in Interact .

  4. In the question results, select the rows for installed versions that you want to remove, and click Drill Down.
  5. Click Create a Question, and ask one of the following questions to target an appropriate group of endpoints.
    • Windows endpoints: Get Is Windows equals true from all machines
    • Non-Windows endpoints: Get Is Windows equals false from all machines



  6. Select the row from the drill-down question results, and click Deploy Action.
  7. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  8. For Tool Name, select the name of the tool you are uninstalling.

  9. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation.

  10. (Optional) Select Soft uninstall to only remove the tool and preserve databases and logs that might be useful for troubleshooting on the endpoint. To remove all databases and logs for the tool from the endpoints, clear the selection.

  11. (Optional) To remove any tools that were dependencies of the tools you are installing but are not dependencies for other solutions, select Remove unreferenced dependencies.

  12. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  13. Click Show preview to continue.
  14. A results grid appears at the bottom of the page showing you the targeted endpoints for the action. If you are satisfied with the results, click Deploy Action.

Restart installed client extensions

Some changes to client extension settings require restarting client extensions.

  1. In Interact, target the endpoints on which you want to restart client extensions. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is <OS> equals true

  2. In the results, select the appropriate rows, drill down as necessary, and select the targets on which you want to restart client extensions. For more information, see Tanium Interact User Guide: Drill Down.

  3. Click Deploy Action.

  4. For the Deployment Package, select Endpoint Configuration - Restart Client Extensions [Windows] or Endpoint Configuration - Restart Client Extensions [Non-Windows], depending on the endpoints you are targeting.

  5. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  6. Click Show preview to continue.
  7. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Block or unblock tools from installing on an endpoint

Blocking a tool prevents the tool from installing on an endpoint if it is not already installed, or upgrading if it is installed.

Blocking a tool does not prevent the tool from running if it is already installed.

  1. In Interact, ask a question that targets the endpoints on which you want to block or unblock the installation of a tool.

  2. Select the results for the endpoints you want to target, and click Deploy Action.
  3. For the Deployment Package, select one of the following packages:

    • To block installation, select Endpoint Configuration - Block Tool [Windows] or Endpoint Configuration - Block Tool [Non-Windows], depending on the endpoints you are targeting.
    • To unblock installation, select Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows], depending on the endpoints you are targeting.
  4. For Tool Name, select the tool to block or unblock, or to block or unblock all tools, select All Module Tools.

    If you select All Module Tools, the package blocks or unblocks all endpoint tools except for core-cx and cx-config.

  5. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  6. Click Show preview to continue.
  7. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Disable all installed client extensions

You can temporarily disable all client extensions that are installed on an endpoint using the Endpoint Configuration - Disable Client Extensions [Windows] or Endpoint Configuration - Disable Client Extensions [Non-Windows] package.

Disable client extensions only at the direction of Tanium Support.

Re-enable client extensions using the Endpoint Configuration - Enable Client Extensions [Windows] or Endpoint Configuration - Enable Client Extensions [Non-Windows] package.

Some components have packages to disable only specific client extensions, such as the Index - Disable Extension [Windows] package, which disables only the Index client extension.

Uninstall tools installed by Endpoint Configuration

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:

    Get Endpoint Configuration - Tools Status from all machines with Is <OS> equals true

  2. In the results, select the row for the tool you want to uninstall, drill down as necessary, and select the targets from which you want to remove Endpoint Configuration tools. For more information, see Tanium Interact User Guide: Drill Down.

  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  5. For Tool Name, select the tool to uninstall, or to uninstall all tools, select All Module Tools.

    If you select All Module Tools, the package uninstalls all endpoint tools except for core-cx and cx-config.

  6. (Optional) By default, after the tools are removed, they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation was blocked manually or during a previous uninstallation, you must unblock it manually:

    • To allow Endpoint Configuration to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Endpoint Configuration databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, such as Recorder or Index, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data, such as recorded events (in the case of Recorder) or file indexes (in the case of Index). If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool. To help determine what data a tool stores on endpoints, go to https://docs.tanium.com/ and review the documentation for the tool or for the Tanium solution that installed it, and contact Tanium Support for additional help.

  8. (Optional) To also remove any tools that were dependencies of the Endpoint Configuration tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.
  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Reinstall tools installed by Endpoint Configuration

  1. In Interact, ask a question that targets the endpoints on which you want to reinstall a tool.

  2. Select the results for the endpoints you want to target, and click Deploy Action.
  3. For the Deployment Package, select Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows], depending on the endpoints you are targeting.

  4. For Tool Name, select the tool to reinstall, or to reinstall all tools, select All Module Tools.

    If you select All Module Tools:

    • The package reinstalls all endpoint tools except for core-cx and cx-config.

    • Reinstallation of all tools honors the Distribute Over Time tools installation setting: see Tools installation settings.

  5. (Optional) To reinstall any dependencies of the tool being installed, select Reinstall Dependencies.
  6. If reinstallation of the tool was previously blocked, select Unblock Tool.
  7. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  8. Click Show preview to continue
  9. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

  • If you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package, it overrides the Distribute Over Time setting for tools installation: see Tools installation settings.
  • Each Tanium solution includes one or more Endpoint Tooling Cache - Tool name [#] packages. Do not manually deploy these packages to endpoints.

Review tool installations that are scheduled for a retry

Ask a question using the Endpoint Configuration - Tools Retry Status sensor to view tool installations that previously failed and that Endpoint Configuration will retry. For example, ask the question: Get Computer Name and IP Address and Endpoint Configuration - Tools Retry Status from all machines with all Endpoint Configuration - Tools Retry Status not matches "(No Tools Pending Retry|^N\/A.*$)".

The sensor returns the following columns:

  •  Tool Name: The tool for which Endpoint Configuration will retry installation

  • Targeted Version: The version of the tool that Endpoint Configuration is attempting to install
  • Retry Backoff Seconds: The current delay between the failed installation and retrying the installation. This value increases each time the installation fails.
  • Retry Count: The number of times the installation has been retried, within a range
  • Next Retry: The approximate time until the next retry