Aller au contenu

Install Endpoint Protection with a Script

Script-based installation installs boost-endpoint-cli and its background daemon on developer endpoints. Use this option for endpoints that do not use the VS Code extension, or when you want to centrally manage the deployment of the Endpoint protection across Windows, macOS, and Linux endpoints.

This is the recommended option for organization-wide rollout through an EDR or MDM tool.

Requirements

Before installing Endpoint Protection with a script, make sure you have:

  • The Endpoint Protection script package from your Boost account manager.
  • The Windows PowerShell scripts (.ps1) for Windows endpoints.
  • The shell scripts (.sh) for macOS and Linux endpoints.
  • Administrator privileges on Windows, or root privileges on macOS and Linux.
  • A Boost API key with the Endpoint permission. You can generate one by following How to Create an API Key, or request one from a member of your AppSec team.

Deployment Options

You can run the scripts in two ways:

  • Local installation - Run the scripts manually on a single endpoint. This is useful for testing the installation flow or validating configuration.
  • EDR or MDM deployment - Upload and run the scripts through an endpoint deployment tool to install Endpoint Protection across multiple developer endpoints.

Note: Boost has tested script deployment with EDR tools such as SentinelOne. The exact steps to upload, configure, and run scripts vary by vendor, including SentinelOne, CrowdStrike, and similar tools.

Configuration

The install and upgrade scripts are configured with environment variables.

Variable Required Description
BOOST_API_KEY Yes Boost API key with the Endpoint permission.
BOOST_INTERVAL No How often the endpoint is scanned and updates are sent to Boost, in seconds. Default: 43200 seconds, or 12 hours.
BOOST_CLI_VERSION No Version of boost-endpoint-cli to install. Omit this variable to install the latest available version.
BOOST_ENDPOINT No Boost API endpoint URL. Default: https://api.boostsecurity.io.
RUST_LOG No Shell install only. Log level written to the daemon configuration. Default: info. Use debug or trace for troubleshooting.

The installer also supports BOOST_CLI_URL and BOOST_CLI_BIN. Use these only when instructed by Boost.

You can provide these variables in either of two ways:

  • Set the variables before running the script, as shown in the examples below.
  • Add the variables directly to the script before deploying it through your EDR or MDM tool.

Install

Use the install script for the endpoint operating system.

Windows

For centralized deployment, add the variables directly to your copy of install.ps1 before uploading it to your EDR or MDM tool:

$env:BOOST_API_KEY = '...'
$env:BOOST_INTERVAL = '43200'
$env:BOOST_CLI_VERSION = '1.2.3'

Then configure the EDR or MDM tool to run the script with administrative privileges:

powershell -ExecutionPolicy Bypass -File install.ps1

Alternatively, if your deployment tool allows you to pass variables and commands in one field you can run the single-line command as shown below:

$env:BOOST_API_KEY='...'; $env:BOOST_INTERVAL='43200'; $env:BOOST_CLI_VERSION='1.2.3'; powershell -ExecutionPolicy Bypass -File install.ps1

For a local test on a single endpoint, run PowerShell as Administrator and use the same command.

If BOOST_CLI_VERSION is not set, the install script downloads and installs the latest available version.

macOS and Linux

For centralized deployment, add the variables directly to your copy of install.sh before uploading it to your EDR or MDM tool:

readonly BOOST_API_KEY="..."
BOOST_INTERVAL="43200"
BOOST_CLI_VERSION="1.2.3"

Then configure the EDR or MDM tool to run the script with root privileges:

sh install.sh

Alternatively, if your deployment tool allows you to pass variables and commands in one field you can run the single-line command as shown below:

BOOST_API_KEY=... BOOST_INTERVAL=43200 BOOST_CLI_VERSION=1.2.3 sh install.sh

For a local test on a single endpoint, run the same command with sudo:

If BOOST_CLI_VERSION is not set, the install script downloads and installs the latest available version.

Upgrade

Use the upgrade script to update boost-endpoint-cli after it has already been installed. The upgrade script delegates to the installed binary's self-update flow, downloads the latest release from the Boost CDN, verifies its SHA-256 checksum, and replaces the binary in place.

You can also use the upgrade script to rotate the API key, change the Boost endpoint, or change the daemon interval. Set only the variables that you want to change.

Windows

Run PowerShell as Administrator:

powershell -ExecutionPolicy Bypass -File upgrade.ps1

To rotate the API key during upgrade:

$env:BOOST_API_KEY = '...'
powershell -ExecutionPolicy Bypass -File upgrade.ps1

macOS and Linux

Update the binary only:

sudo sh upgrade.sh

Update the binary and rotate the API key:

sudo BOOST_API_KEY=... sh upgrade.sh

Update the binary and change the scan interval:

sudo BOOST_INTERVAL=600 sh upgrade.sh

Uninstall

Use the uninstall script to stop and remove boost-endpoint-cli and its daemon.

Windows

Run PowerShell as Administrator:

powershell -ExecutionPolicy Bypass -File uninstall.ps1

macOS and Linux

Run the shell uninstall script as root:

sudo sh uninstall.sh

Security Notes

  • Use an API key scoped to the Endpoint permission, and store it securely in your EDR or MDM deployment tool.
  • On macOS and Linux install, BOOST_API_KEY is briefly passed from the script to self-install as a command-line argument and may be temporarily visible in process command lines. Adding the key directly to install.sh can avoid exposing it in the parent shell environment, but stores the key in the script or deployment payload.
  • On Windows install, BOOST_API_KEY is read from the script process environment instead of being passed on the command line. Adding the key directly to install.ps1 still sets it in that process environment, and it may be visible to tools that capture process environment blocks.