Perform the following to build the MSI.

1. Download, install and configure the latest Snare Agent on the machine you are building the MSI on.
2. Download the latest version of Snare for Windows Custom MSI from the SLDM portal. The file is called MSI3.1.0.zip (where 3.1.0 is the version, and may vary)  
3. Unzip MSI3.1.0.zip onto your local computer.  This will extract the file MSIBuilder.exe. 
4. MSI may be created from any directory on your local computer, for example C:\msi.  In this msi folder add the following:
   
   • MSIBuilder.exe
   • a copy of the Snare .exe installer (e.g. Snare-Windows-Agent-v5.7.1-x64.exe)
   • the license file (optional)
   • template.inf  (optional .inf file created from an existing agent and used with option 'Use configuration from an existing file')

   • Sysmon executable, i.e. Sysmon64.exe (optional, if user wishes to deploy Sysmon side-by-side with Snare Agent.  Note: Sysmon is a 3rd party tool, not maintained or distributed by Intersect Alliance.

   • Sysmon configuration file (optional, if custom configuration of Sysmon is required)

     Starting from Snare for Windows Custom MSI version 3.1.0, it is possible to include Microsoft Sysmon in the same MSI package with Snare Agent for easy deployment via Group Policy.

     Sysmon is a 3rd party tool for System Monitoring that is not distributed or maintained by Intersect Alliance or Snare Development Team.

     Customer will need to download Sysmon themselves, and optionally configure it as per their needs, prior to packaging it in MSI with Snare Agents.

5. To execute the creation of an MSI file, open a command prompt as Administrator from the \msi directory and type:
   > MSIBuilder.exe
6. A check for the WIX installation is performed, followed by the prompts:
   
   • Select Product - agents that are currently installed are displayed. Select the number for the corresponding product. Click Enter.
   • Select Agent configuration method - Select from:
     
     • 1) Use configuration of local agent  By default, the build process will export and use the settings of the locally installed agent.
     • 2) Use configuration from an existing file template.inf should already be in current directory.
   • Upgrade or Reinstall the target machine's agent - Select from:
     
     • 1) Upgrade This produces an MSI which installs a new agent, but leaves existing settings/objectives unchanged.

     • 2) Reinstall This produces an MSI which installs a new agent, and resets settings/objectives to settings on the MSI build machine.

   • Select installer exe to be added to the MSI - Any supported Snare executable files found in the \msi directory will be listed.  If only one file is found in the Snare installation folder then that file will be listed. Select the number for the corresponding product.
   • Select License file option - Select from:
     
     • 1) Use a license file If selected will display a list of available licenses found in the MSI directory.

     • 2) Do not use a license file Will ignore the listing of licenses.

1. • Include Microsoft Sysmon in this MSI - Select from: 
     • 1) Yes, I agree to Sysinternals Software License Terms as outlined in the Eula.txt file downloaded with the Sysmon package from a trusted source. By selecting this option you acknowledge that you have read, understood and agree to be bound by the terms and conditions of EULA as published by Microsoft with Sysmon tool. If you do not accept this EULA, please select No.

     • 2) No, I do not wish to install Sysmon, or I do not accept Sysmon EULA
       

       If option 2, "No...", is selected, the next three steps related to Sysmon will be skipped.

   • Select Sysmon file to be added to the MSI - this option is displayed only if option 1 was selected above, and allows to select Sysmon executable file to be included. 

   • Would you like to set Sysmon configuration (Y/N) - this option is displayed only if a Sysmon executable was selected in the previous step. Enter Y for YES if you wish to use custom Sysmon configuration XML file, otherwise enter N.
   • Input the Sysmon configuration file - this option is displayed only if Y was selected in the previous step. Enter the name of the Sysmon configuration file located in \wix directory. For example SysmonConfig.xml

   • Summary of Selected options - A summary of options selected is displayed, followed by the building of the MSI.
     
     

     Note

     The yellow font in the console output is from other triggered programs, such as the Snarecore service, WIX or Candle.

7. On completion the MSI file is created. Press Enter to exit.

8. The log file is written into the \wix directory and is called MSIBuilder.log

9. The customized MSI is available in the \msi directory, for example C:\msi\ SNARE ENTERPRISE AGENT v5.1.0[reinstall].msi

Test the MSI

To install the MSI, type the following from the command line:
>msiexec /i SNARE ENTERPRISE EPILOG v5.1.0[upgrade].msi

Upon execution you will see the following dialog box:

To include logging, on a deployment, (recommended for acceptance testing) type the following from the command line:
>msiexec /l*v [logname].log /i [msiname].msi

To ensure the agent is working correctly, check the Latest Events page in the web UI of the Snare agent.

To uninstall the MSI, type the following from the command line:

>msiexec /x SNARE ENTERPRISE EPILOG v5.1.0[upgrade].msi

If running this command shows the error then running the same install command again will silently uninstall the Snare

>msiexec /i SNARE ENTERPRISE EPILOG v5.1.0[upgrade].msi