Deploy & Uninstall Evo Agent via PowerShell – Evo Security

Evo Agent Installer (v2.5+)

This article contains a PowerShell script to install, upgrade, or remove the Evo Agent on Windows systems. It supports both interactive and silent operation modes, enabling easy integration into manual admin workflows or automated deployment systems (e.g., RMM tools, Intune, GPO, etc.).

There are currently two methods for Agent Deployment. First option in this article is the Deployment Token. Second is the Access Token. Please follow the below directions for the type of token you chose for install.

Deployment Token

After you’ve generated a Deployment Token, you can deploy the Evo Agent through your preferred RMM tool using a single install parameter.

Step 1: Download the latest deployment script

Download the most recent Evo Agent deployment script from our GitHub repository (recommended to ensure you’re using the latest version and improvements).

Step 2: Import the script into your RMM

Add the script to your RMM platform (e.g., as a PowerShell script) and configure it as you normally would for agent deployments.

Step 3: Deploy using the Deployment Token parameter

When running the script, provide only the -DeploymentToken parameter. The token encapsulates your tenant and deployment configuration, allowing the agent to install and register with the correct settings automatically.

Additional parameters below can be used with a Deployment Token:

`-Remove`	Uninstalls the Evo Credential Provider
`-CustomPrompt`	Optional string to customize the login prompt
`-CustomImage`	Optional path to custom login image (URL or local file path)

Example parameter:

.\InstallEvoAgent.ps1 -DeploymentToken "yourdeploymenttoken" -CustomPrompt "businesslogin" -CustomImage "https://imagelocation.com"

Removal

.\Install-EvoAgent.ps1 -Remove

Access Token / Secret Key

.\InstallEvoAgent.ps1 -EnvironmentUrl "https://myorg.evosecurity.com" -EvoDirectory "Domain" -AccessToken "abc123" -Secret "xyz789"

Note: if you’re looking to install a beta agent, please append -Beta to your Basic Install Script.

NinjaRMM Example - Using an Access Token

In NinjaRMM you can go to Administration > Library > Automation and Click + Add > New Script. From here you can go to our GitHub where we have our InstallEvoAgent.ps1 script and Copy & Paste the entire script into Ninja.

On the right hand side you will then name the script, choose PowerShell for the language, operating system, Architecture & what it will Run as.

Then in parameters you would click add and then input your desired parameters which include -EviromentURL, -EvoDirectory, -AccessToken, -Secret Example: -EnvironmentUrl "https://myorg.evosecurity.com" -EvoDirectory "Domain" -AccessToken "abc123" -Secret "xyz789"

Once all of that is configured you can hit “Save” on the top right and then you can proceed to go to your devices in Ninja > Run Automation > Script and choose the newly saved Evo Install.PS1 script you just configured.

Once ran and completed you will see so in Ninja.

Additionally, our installation script includes additional parameters that allow for a more robust and customizable deployment, should you wish to extend beyond the basic installation script.

Parameter	Description	Default
`-EnvironmentUrl`	Evo portal base URL (e.g., `https://yourorg.evosecurity.com`)
`-EvoDirectory`	Your Evo organization/directory name
`-AccessToken`	Evo API access token
`-Secret`	Evo API secret
`-FailSafeUser`	Optional username to use as a fallback if Evo login fails	*See Note Below*
`-MFATimeOut`	Optional grace period to not require MFA for an unlock (in minutes from previous MFA prompt)	0
`-CredentialMode`	`SecureLogin`, `ElevatedLogin`, or `SecureAndElevatedLogin`	SecureAndElevatedLogin
`-OnlyEvoLoginCredential`	If set, Evo becomes the only credential provider	0
`-RememberLastUserName`	Optional flag to remember the last username used	1
`-DisableUpdate`	Optional flag to disable auto updates	0
`-JitMode`	Optional flag to enable Just-In-Time admin accounts	0
`-EndUserElevation`	Optional flag to enable end-user elevation	0
`-UserAdminEscalation`	Optional flag to prompt admins with the end-user elevation prompt instead of the standard UAC prompt	0
`-CustomPrompt`	Optional string to customize the login prompt
`-CustomImage`	Optional path to custom login image (URL or local file path)
`-NoElevatedRDP`	Optional flag to disable elevation for RDP sessions when Evo is the sole login agent	1
`-UACExtension`	Optional setting to enable UAC extension (0=disabled, 1=enabled, other credential providers available in UAC dialog, 2=enabled, Evo exclusive in UAC dialog )	0
`-DisableEvoLogin`	Optional setting to disable the Evo credential on the login screen (Minimum supported agent = 2.4)	0
`-DisableEvoUac`	Optional setting to disable the Evo credential in the UAC dialog (Minimum supported agent = 2.4)	0
`-UnlimitedExtendedUacSession`	Optional setting to enable unlimited extended UAC session (Minimum supported agent = 2.4)	0
`-PersistentRequest`	Optional setting to enable persistent elevation request notifications instead of having a 10 second timeout (Minimum supported agent = 2.4)	0
`-MSIPath`	Optional path to `.msi` or `.zip` file
`-Upgrade`	Ensure only newer versions replace installed ones
`-Remove`	Uninstalls the Evo Credential Provider
`-Interactive`	Runs installer with UI instead of silent mode
`-Log`	Enables install/uninstall logging
`-Beta`	Pulls installer from Evo's beta channel
`-Json`	Legacy option to supply a JSON config blob or file
`-Help`	Displays built-in help text
`-DeploymentToken`	Method to deploy the agent that simplifies the use of multiple paramter fields ( -EnvironmentURL, -EvoDirectory, -AccessToken, -SecretToken and other settings)into one Parameter.

Note:

The -FailSafeUser parameter should be used when setting the Credential Provider to "-OnlyEvoLoginCredential". This user will be a LocalAdmin that can bypass MFA in case the machine is taken offline or off the network.

If the computer is attached to a domain, then this setting should be DOMAIN\USERNAME where DOMAIN is the Windows Active Directory domain and USERNAME is the username for the user on that domain.

If the computer is not attached to a domain, it is preferable that it would be WORKGROUP\USERNAME where WORKGROUP should be the literal string “WORKGROUP” (without quotes) and USERNAME will be the login name for that machine.

If Using -DeploymentToken you can no longer use -EnviromentURL, -EvoDirectory, -AccessToken & -Secret since the Deployment Token now has that information imbedded into it. If not using a deployment token you can still deploy and use old settings as expected.

Features

Installs the Evo Credential Provider MSI or ZIP package (automatically extracts ZIP)

Automatically downloads the latest stable or beta version if no path is provided

Supports uninstall/removal logic

Silent mode support for unattended installations

Upgrade-safe: checks version before proceeding

Accepts legacy JSON blob configs or individual parameters

Includes integrated Help functionality and CLI examples

Removal

.\Install-EvoAgent.ps1 -Remove

Legacy JSON Blob

.\Install-EvoAgent.ps1 -Json '{ "EnvironmentUrl": "...", "EvoDirectory": "...", "AccessToken": "...", "Secret": "..." }’

Legacy JSON File

.\Install-EvoAgent.ps1 -Json 'c:\path\to\install.json’

Notes

Admin Rights Required: Must be run from an elevated shell unless Interactive is used.

Supports both x64 and ARM64 architectures.

Logs (if enabled) are written to the system temporary folder. (e.g., C:\Users\<Username>\AppData\Local\Temp).

Evo Security has also set up a new Git Repo for this deployment script. If you want to help change anything in there, feel free to open a pull request. If you find an issue, you can use the GitHub issues to let us know.

Evo Security GitHub Link

Please contact support@evosecurity.com for assistance.