Silent Install

Owned by Andrew Madge
Last updated: Feb 01, 2023 by Mirza Muzammil Baig
3 min read

The silent install option is provided for system administrators wishing to automate the process of installing Snare for Windows.

Command line options

The Snare installer has a number of command line options to support silent, automated installations:

  • /VerySilent – The Wizard will be hidden for the duration of the installation process. Any message boxes will still be displayed.
  • /SuppressMsgBoxes – Any messages boxes will be dismissed with the default answer.
  • /Log="filename" – Two log files will be created: filename and filename.Snare.log. The Wizard installation log will be written to filename and a detailed Snare installation log will be written to filename.Snare.log.
  • /LoadInf="INFfile" – The INFfile is a template file produced by another Snare installation. It contains all the necessary information to complete the installation and configure the agent for normal operations. See below for more details on how to produce this file.
  • /SnarePass="ZPass" – For security reasons, some parts of the INFfile are encrypted and require a decryption password. ZPass is decryption password and is produced when creating the INFfile.
  • /Reinstall – Tell the installer to overwrite any existing installation.
  • /Upgrade – Tell the installer to upgrade the existing installation. If no existing installation is detected, the installer will abort. This option will only upgrade the Snare files, all configuration settings will remain untouched and the "LoadInf" file will be ignored.
  • /UseHostIP – To enable the address resolution feature, to use the host IP address.  Value 0 for off, and 1 to allow.
  • /Destination– Set the IP address or hostname which the event records are sent.
  • /DestPort – Set the destination port for e.g Snare, syslog.
  • /SocketType –Set the protocol you would like the agent to use when sending events.  Values 0 (UDP),1(TCP),2 (TLS/SSL),3 (TLS_AUTH).
  • /TLSAuthKey – This option must be provided  when protocol is 3 (TLS_AUTH). The length of TLSAuthKey must be between (8-4096) characters and allowed characters include A-Za-z0-9\~!@$%^*()_+=`-
  • /RemoteLocal – To allow remote connections to the agent from localhost only. Value 0 for off, and 1 to allow.  Ensure /RemoteAllow and /AccessKey are also set with this option.
  • /RemoteAllow – To enable the remote access of the agent. Value 0 for off, and 1 to allow.  Ensure /AccessKey is also set with this option.
  • /AccessKey - if /RemoteAllow is set, then the password must also be set.  Set the password text for the remote access of the agent.
  • /Audit – Set whether Snare is to automatically set the system audit configuration. Set this value to 0 for no or 1 for Yes (default).
  • /EpilogImport - Set whether the Snare agent is to import Logs and Filters settings from the Snare Epilog agent (if installed in the same machine). Set this value to 0 for No (default) or 1 for Yes.
  • /License - Specify the file name of the license, for example /license="20180206-SnareAgent-Evaluation-AZP-CYT.sl". The license file must reside in the same directory. [available from v5.1]

If enabling web access with the command line options using /RemoteAllow and /RemoteLocal ensure the the password is set with /AccessKey.


Silent Install Setup Information File (INF)

To silently deploy a completely configured agent, the installer requires the help of a Setup Information File, also known as an INF file. To produce a working INF file, follow these steps:

  1. Install the Snare agent using the Wizard.
  2. Using the web interface, configure the agent's Network and Remote Control settings.
  3. Configure one or more audit policies.
  4. Ensure you have administrator rights, open a command prompt and browse to the directory where Snare is installed.
  5. Execute the following commands: 
  • To export the information and error messages, along with the INF file contents to the screen: 

SnareCore.exe -x

  • To write the INF file contents to a file, where <INFfile> is a file for use with the /LoadInf command line option

SnareCore.exe -x INFfile

  • You will be prompted with with the following if you are using a custom service account:
    Please enter the Encryption Password for sensitive information
    Enter and re-enter the password as directed for the Service Account encryption. 
  • Your encrypted Installation Password will be displayed.  Note down the Installation Password. The /SnarePass command line option will accept this encrypted password and use it to decrypt the sensitive information in INFfile.

Silent Deployment

To install using the silent installer:

  1. Copy the Snare binary to your Snare installation e.g. c:\program files\snare
  2. Ensure you have administrator rights, open a command prompt and browse to the directory where the setup program is stored.
  3. To install the Snare application with the options specified in the mysettings.INF file, and not display any pop-up windows and create installation log files, run the file:
    Snare-Windows-Agent-v{Version}-{Architecture}.exe /verysilent /suppressmsgboxes /LoadInf="mysettings.inf" /Log="c:\temp\mylogfile"
    This option is suitable for packaging and non-interactive installations. 

  4. To reinstall the Snare application with the options specified in the mysettings.INF file, and not display any pop-up windows, run the file:

    Snare-Windows-Agent-v{Version}-{Architecture}.exe /reinstall /verysilent /suppressmsgboxes /LoadInf="mysettings.inf"

    This option is suitable for reinstalling Snare with settings non-interactively.

  5. To install the agent using the network configuration settings allowing access to the remote control interface with password set:
    Snare-Windows-Agent-v{Version}-{Architecture}.exe /usehostip=1 /destination=10.1.1.1 /destport=514 /sockettype=0 /reinstall /verysilent /remoteallow=1 /accesskey=mypassword