How to Install and Setup AlienVault HIDS Agent on a Windows Host

Last Updated:

Follow through this guide to learn how to install and setup AlienVault HIDS Agent on a Windows Host.

Install AlienVault HIDS Agent on a Windows Host

There are two ways in which AlienVault HIDS agent can be installed on a Microsoft Windows system.

  • Automatically install a pre-configured agent on the host from the AV server or download it and install it on the host yourself. The pre-configured installer has the server IP and authentication key configured automatically.
  • Download a binary installer and manually install and configure it on the host yourself.

Installing HIDS agent using a Pre-configured Binary Installer

Download Pre-configured HIDS agent Binary Installer from AlienVault

To install AlienVault HIDS agent using a pre-configured binary installer, login to AV and navigate to Environment > Detection > HIDS > AGENTS.

Under AGENT INFORMATION page, select an agent for a specific Windows host you want to monitor (only if the agent has been added). As an example, my Windows host IP address is See the screenshot below.

Install and Setup AlienVault HIDS Agent on a Windows  Host

Click on the down preconfigured button for the specific Windows host under the actions column to generate and download the pre-configured agent installer. The installer will be named as ossec_installer_ID.exe where ID is the ID number of the host agent on the server.

Install Pre-configured HIDS agent Binary Installer on Windows

Once downloaded, copy the installer to the host, right click it and run it as administrator to install it. When installation is complete, you should see a screen like the one shown in screenshot below.

winhost agent

Check Agent Status on Windows

Click Close button to exit the installer. The agent is installed at C:\Program Files (x86)\ossec-agent.

To check the status of the agent, navigate to install folder and run the win32ui.exe application to launch the agent manager from where you can check that status, restart, or view agent logs, view server IP and authentication code.

agent manager

Alternatively, you can deploy the agent automatically from the server. Click on the win autodeploy button. This opens up Automatic Deployment Window where you need to enter the domain, the user and the password for remote host to perform deployment. The account used needs to have administrator rights.

Installing and configuring Windows agent manually

Download OSSEC HIDS Agent for Windows

Download the binary installer from here, copy it to the host.

Install and Register OSSEC Agent on Windows

Run the installer  as administrator to install it. When installation completes, click Next and then the Finish button to start Agent Manager.

On OSSEC Agent Manager window, enter the IP address of the server and extract the agent authentication key from the server and paste in on the agent manager. After that save the configurations. When configurations are saved, the agent ID, Name and IP address is displayed. This should match with the details of the agent on the server.


Start the OSSEC HIDS Agent

Once the agent is added, click on the Manage Tab and start OSSEC agent.

agent started

The agent is now running. You can click on the View > View logs to view the agent logs.

If you login back to the server, the agent status must have changed from disconnected to active state.

That is all it takes to install and setup AlienVault HIDS  agent on a Windows host.

You may also be interested in checking our previous article on Installing AlienVault HIDS agent on a Linux host.


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “How to Install and Setup AlienVault HIDS Agent on a Windows Host”

  1. Hi,
    I have a question.
    How can I modify the configuration of the preconfigured agent so that the new agent contains the new configuration immediately?

    • Hi Patrick
      Well, I am not sure if I understood your question but, the preconfigured agent is a binary and you can edit its configuration file (C:\Program Files (x86)\ossec-agent\ossec.conf) after installing and restart the agent.


Leave a Comment