Agent Policies Configuration
Policies are handled via the ‘Endpoint Security’ section (‘Security Controls' tab)
Admins can configure agent tracking behavior by modifying the agent policies — windows AV settings:
Monitor Mode: only alerts administrators of policy violations
Enforce Mode: actively adjusts device settings to comply with security policies
Policies should be configured at the global level, from which they will be automatically inherited by all customer tenants.
It is also possible to override the global policies at the individual customer level, if tenant-specific configurations are required.
Admins can define exclusions to prevent false positives in Windows Defender
Go to the ‘Microsoft Defender Exclusions’ section, enable it, and click on the ‘Plus’ button.
Add file paths, processes, or extensions to exclude.
Please note: exclusions can be defined globally or per customer and are available for agents version 1.3 and above
It is highly recommended to define these policies prior to agent deployment to ensure consistent behavior across all environments.
Guardz Agent Installation Instructions
Prerequisites:
Windows (10, 11) & Windows Server (2016, 2019, 2022)
macOS (Intel & M1/M2)
Deployment Methods
Script-Based Deployment (RMM, PowerShell, Bash)
Installer Package (MSI/PKG)
GPO (Group Policy) Deployment for Windows
How to Install Guardz Device Agent - Step-by-Step
Option 1 - Via Script for manual or bulk deployment (RMM)
This script is intended for use in the admin's RMM platform to enable bulk deployment across multiple devices.
Download the relevant script
Run the script through your RMM tool
Option 2 = with Installer
Log into Guardz, navigate to ‘Security Controls’ tab and open the ‘Endpoint Security’ section
Click on ‘Manage’
Download the Agent Installer (MSI for Windows, PKG for macOS)
Run the Installer:
Windows: Right-click and select Run as Administrator
macOS: Open .pkg and follow the on-screen instructions
5. Verify Installation:
Open Task Manager (Windows) or Activity Monitor (Mac) and check for GuardzAgent.exe.
The device should now appear in Guardz Dashboard > Devices.
You may use MDM (Mac) or GPO (Windows) to deploy across multiple devices.
Org Key is a unique identifier generated at the tenant level. It is required during the installation process, as each agent must be associated with an Org Key.
Troubleshooting Common Issues Post-installation:
Issue: Installation Blocked
Solution:
Check if another security tool is preventing installation.
Temporarily disable antivirus/firewall and retry.
Issue: Agent Not Reporting to Dashboard
Solution:
Ensure the device has an active internet connection.
Restart Guardz Agent:
Windows:
net stop GuardzAgent && net start GuardzAgentMac:
sudo launchctl stop com.guardz.agent && sudo launchctl start com.guardz.agent
Issue: Device Not Appearing in Dashboard
Solution:
Check installation logs (C:\ProgramData\Guardz\Logs).
Reinstall and restart the device.
Issue: Defender Policies Not Applying
Solution:
Verify Defender Policy Settings in Guardz Dashboard.
Check for conflicting third-party security tools.
Uninstallation Process for Guardz Agents
1. Automatic Procedure
Admins can initiate automatic uninstallation process for Guardz agents (versions 1.4 and above) directly from the dashboard:
Go to the ‘Devices’ tab
Verify the view is filtered as ‘Agent Status’ equals ‘Active’
Devices with One Agent Installed (Guardz Agent):
Locate the relevant device and click on the ‘Uninstall Agent’ button
Approve the uninstall request by clicking on the ‘Uninstall’ button
Once the uninstall is triggered, the device moves to the ‘Pending Uninstall’ status
When the process is complete, the record moves to the ‘Uninstalled’ filter
Devices with Two Agents Installed (both Guardz and SesntinelOne)
Locate the relevant device and click on the ‘Uninstall Agent’ button
Select the relevant agent
Approve the uninstall request by clicking on the ‘Uninstall’ button
During the uninstall process, the device will be visible under both the ‘Active’ and the ‘Pending Uninstall’ statuses (as it had 2 agents)
Once the process is complete, the device will remain under ‘Active’ status, reflecting only the agent that remains installed
Each action such as "Uninstall requested" or "Uninstall finished" - will be recorded in the Audit Log, visible in the drawer.
2. Manual Procedure
Manual Removal of the Agent from a Windows Device:
1. Agents of 1.4 version and above:
Open Settings and navigate to Apps > Installed Apps, then delete the Guardz Agent app.
2. For older versions, follow the instructions below:
Open PowerShell with administrator privileges and run the following commands:
sc.exe stop "Guardz Agent"
sc.exe delete "Guardz Agent"
Open Settings and navigate to Apps > Installed Apps and delete the Guardz Agent app.
Open File Explorer and delete the following directories:
%SystemRoot%\System32\config\systemprofile\AppData\Roaming\com.guardz
%ProgramData%\com.guardz
Manual Removal of the Agent from a Mac Device by Terminal:
1. Agents of 1.4 version and above:
sudo '/Applications/Guardz Agent.app/Contents/MacOS/Guardz Agent' --mode uninstall
2. For older versions, follow the instructions below:
Open Terminal and run the following commands:
sudo launchctl bootout system/com.guardz.daemon
sudo rm -r /var/root/Library/Application\ Support/com.guardz
sudo rm -r /var/root/Library/Logs/com.guardz
sudo rm -r /Library/Application\ Support/com.guardz
Open Finder and navigate to the /Applications folder.
Right-click the Guardz Agent app and select Move to Trash.
You can use the following one-liner script as well:
Mac script - ends with .sh
Windows script - ends with ps1
Make sure you run them for every machine that has the installed Guardz agents with sudo (or as root).