Deploy & Uninstall Evo Agent via PowerShell
Evo Agent Installer (v2.5+)
This article contains a PowerShell script to install, upgrade, or remove the Evo Agent on Windows systems. It supports both interactive and silent operation modes, enabling easy integration into manual admin workflows or automated deployment systems.
There are currently two methods for Agent Deployment. First option in this article is the Deployment Token. Second is the Access Token. Please follow the below directions for the type of token you chose for install.
Deployment Token
After you’ve generated a Deployment Token, you can deploy the Evo Agent through your preferred RMM tool using a single install parameter.
Step 1: Download the latest deployment script
Download the most recent Evo Agent deployment scripts from our GitHub repository here: Deployment Scripts.
Step 2: Import the script into your RMM
Add the script to your RMM platform (e.g., as a PowerShell script) and configure it as you normally would for agent deployments.
Step 3: Deploy using the Deployment Token parameter
When running the script, provide only the -DeploymentToken parameter. The token encapsulates your tenant and deployment configuration, allowing the agent to install and register with the correct settings automatically.
Additional parameters below can be used with a Deployment Token:
-Remove | Uninstalls the Evo Credential Provider |
-CustomPrompt | Optional string to customize the login prompt |
-CustomImage | Optional path to custom login image (URL or local file path) |
Example parameter:
.\InstallEvoAgent.ps1 -DeploymentToken "yourdeploymenttoken" -CustomPrompt "businesslogin" -CustomImage "https://imagelocation.com"
Removal
.\Install-EvoAgent.ps1 -Remove
Access Token / Secret Key ( Legacy )
After you’ve generated a Access Token, you can deploy the Evo Agent through your preferred RMM tool using install parameters.
Step 1: Download the latest deployment script
Download the most recent Evo Agent deployment scripts from our GitHub repository here: Deployment Scripts.
Step 2: Import the script into your RMM
Add the script to your RMM platform (e.g., as a PowerShell script) and configure it as you normally would for agent deployments.
Step 3: Deploy using Necessary parameters
.\InstallEvoAgent.ps1 -EnvironmentUrl "https://myorg.evosecurity.com" -EvoDirectory "Domain" -AccessToken "abc123" -Secret "xyz789"
Additionally, our installation script includes additional parameters that allow for a more robust and customizable deployment, should you wish to extend beyond the basic installation script. Note: The parameters listed below provide additional options for customizing the behavior of the Evo Agent. These settings can also be configured during the creation of a Deployment Token, allowing you to predefine them and simplify the installation process.
Parameter | Description | Default |
-EnvironmentUrl | Evo portal base URL (e.g., https://yourorg.evosecurity.com) | |
-EvoDirectory | Your Evo organization/directory name | |
-AccessToken | Evo API access token | |
-Secret | Evo API secret | |
-FailSafeUser | Optional username to use as a fallback if Evo login fails | See Note Below |
-MFATimeOut | Optional grace period to not require MFA for an unlock (in minutes from previous MFA prompt) | 0 |
-CredentialMode | SecureLogin, ElevatedLogin, or SecureAndElevatedLogin | SecureAndElevatedLogin |
-OnlyEvoLoginCredential | If set, Evo becomes the only credential provider | 0 |
-RememberLastUserName | Optional flag to remember the last username used | 1 |
-DisableUpdate | Optional flag to disable auto updates | 0 |
-JitMode | Optional flag to enable Just-In-Time admin accounts | 0 |
-EndUserElevation | Optional flag to enable end-user elevation | 0 |
-UserAdminEscalation | Optional flag to prompt admins with the end-user elevation prompt instead of the standard UAC prompt | 0 |
-CustomPrompt | Optional string to customize the login prompt | |
-CustomImage | Optional path to custom login image (URL or local file path) | |
-NoElevatedRDP | Optional flag to disable elevation for RDP sessions when Evo is the sole login agent | 1 |
-UACExtension | Optional setting to enable UAC extension (0=disabled, 1=enabled, other credential providers available in UAC dialog, 2=enabled, Evo exclusive in UAC dialog ) | 0 |
-DisableEvoLogin | Optional setting to disable the Evo credential on the login screen (Minimum supported agent = 2.4) | 0 |
-DisableEvoUac | Optional setting to disable the Evo credential in the UAC dialog (Minimum supported agent = 2.4) | 0 |
-UnlimitedExtendedUacSession | Optional setting to enable unlimited extended UAC session (Minimum supported agent = 2.4) | 0 |
-PersistentRequest | Optional setting to enable persistent elevation request notifications instead of having a 10 second timeout (Minimum supported agent = 2.4) | 0 |
-MSIPath | Optional path to .msi or .zip file | |
-Upgrade | Ensure only newer versions replace installed ones | |
-Remove | Uninstalls the Evo Credential Provider | |
-Interactive | Runs installer with UI instead of silent mode | |
-Log | Enables install/uninstall logging | |
-Beta | Pulls installer from Evo's beta channel | |
-Json | Legacy option to supply a JSON config blob or file | |
-Help | Displays built-in help text |
Fail Safe User
- The Fail-safe User parameter should be used when setting the Credential Provider to "
-OnlyEvoLoginCredential". This user will be a LocalAdmin that can bypass MFA in case the machine is taken offline or off the network.
- If the computer is attached to a domain, then this setting should be DOMAIN\USERNAME where DOMAIN is the Windows Active Directory domain and USERNAME is the username for the user on that domain.
- If the computer is not attached to a domain, it is preferable that it would be WORKGROUP\USERNAME where WORKGROUP should be the literal string “WORKGROUP” (without quotes) and USERNAME will be the login name for that machine.
Features
- Installs the Evo Credential Provider MSI or ZIP package (automatically extracts ZIP)
- Automatically downloads the latest stable or beta version if no path is provided
- Supports uninstall/removal logic
- Upgrade-safe: checks version before proceeding
- Includes integrated
Helpfunctionality and CLI examples
Removal
.\Install-EvoAgent.ps1 -Remove
Notes
- Admin Rights Required: Must be run from an elevated shell unless
Interactiveis used.
- Automatically detects both x64 and ARM64 architectures.
- Logs (if enabled) are written to the system temporary folder. (e.g.,
C:\Users\<Username>\AppData\Local\Temp).
Evo Security has also set up a new Git Repo for this deployment script. If you want to help change anything in there, feel free to open a pull request. If you find an issue, you can use the GitHub issues to let us know.