UI2 - Sensor Deployment and Management Guide
Introduction
This document aims to furnish detailed instructions on installing the GYTPOL Validator Sensor across different operating systems, including Windows, Linux, and macOS.
GYTPOL Sensor location
Navigate to the System Health located in the "Settings" section:
2. Download the GYTPOL Sensor for your respective operating system using the download icon.
Antivirus/EDR Exclusions
To ensure uninterrupted operation of the GYTPOL Sensor and to avoid interference from antivirus or EDR tools, specific directories must be excluded from scanning.
For the full list of required AV/EDR exclusions by platform (Windows, Linux, macOS), please refer to the dedicated guide: https://gytpol.atlassian.net/wiki/x/JgBkFg
Make sure these exclusions are applied across all devices where the sensor is installed to prevent scan failures or data collection issues.
Supported Operating Systems
Microsoft
Endpoints: Windows 7 (x32/x64) and newer
Servers: Windows Server 2008 and newer
Microsoft OS support matrix
OS | Detection | Remediation / Revert |
Windows 7 | V | X (see note) |
Windows 8 / 8.1 | V | X (see note) |
Windows 10 / 11 | V | V |
Windows Server 2008 / 2008 r2 | V | X (see note) |
Windows Server 2012 / 2012 r2 | V | X (see note) |
Windows Server 2016 / 2019 / 2022 / 2025 | V | V |
Note: Remediation / Revert functionality is supported on older versions of Microsoft Windows and Servers as long as Powershell v5.1 and newer are installed.
Linux
Linux distribution matrix, supporting both detection, remediation and revert:
Distribution | Supported Versions | ARM64 Architecture |
|---|---|---|
Alibaba Cloud Linux | 2 and newer | Supported |
Alma | 7 and newer | Supported |
Amazon Linux | 2 and 2023 | Supported |
CentOS | 7 and newer | Supported |
Debian | 10 and newer | Supported |
Red Hat Enterprise Linux (RHEL) | 7 and newer | Supported |
Rocky Linux | 9 and newer | Supported |
SUSE Linux Enterprise Server (SLES) | 12 and newer | Supported |
Ubuntu | 16 and newer | Supported |
macOS
macOS versions, supporting both detection, remediation and revert:
OS | Version | Architecture |
|---|---|---|
macOS | 10.15 (Catalina) and newer | Intel Chipset and Apple Silicon |
Network Devices
OS | Version |
|---|---|
Cisco IOS | IOS 12.x to 15.x |
Cisco IOS XE | 16.x and newer |
Cisco IOS XR Routers | IOS XR 5.x to 7.x |
Windows OS
Pre-Installation
Ports to open:
GYTPOL Sensor to GYTPOL SaaS - port 443
Does the Endpoint or Server need to be a member of the domain?
No
Installation
Open elevated CMD (r. click on CMD > Run as Administrator).
Once opened, please go to the MSI file you wish to install > hold L. Shift > r. click it > click “Copy as Path”.
Go to the elevated CMD you opened in step 1 and paste the path into the CMD window > Enter.
Once finished, the progress window will be disappeared.
Post-Installation
To verify the successful installation of the Sensor, follow these steps:
Open Task Scheduler as an Administrator.
Check for the
gytpolfolder under the main Library.Expand the folder, and you should observe three tasks, as exemplified below:
Where will I see the scanned machine?
Navigate to the System Health located in the "Settings" section.
Select Windows OS
The initial report should be sent within 10-15 minutes after the first full scan. However, it may take up to an hour for the device to fully appear across all screens.
Where is the installation path?
C:\Program Files\WindowsPowerShell\Modules\gytpol
Where are the logs?
C:\Program Files\WindowsPowerShell\Modules\gytpol\log
Log retention policy
Every Windows Sensor is configured to retain up to 10 log files, with each file being 5MB in size. Once the 10-file limit is reached, the oldest log files are automatically deleted to make room for new ones, ensuring efficient log management.
This behavior can be observed in any installed Windows Sensor under the log directory C:\Program Files\WindowsPowerShell\Modules\gytpol\log.
How to check the sensor version
Open Control Panel > Programs > Programs and Features to see the gytpolClient version in a list.
Uninstalling
To uninstall the GYTPOL Sensor
Open "Programs and Features".
Locate "gytpolClient" in the list of installed programs.
Right-click on "gytpolClient" and select "Uninstall".
Linux
Pre-Installation
Ports to open:
GYTPOL Sensor to GYTPOL SaaS - port 443
Does the device need to be a member of the domain?
No
Installation
Command to run:
Debian (Ubuntu, etc.):
sudo dpkg -i <gytpol-Sensor-path>RPM (RHEL, centOS, SUSE etc.):
sudo rpm -ivh <gytpol-Sensor-path>
To manually update the existing client (higher version):
Debian (Ubuntu, etc.): Use the same installation command.
RPM (RHEL, centOS, SUSE etc.):
sudo rpm -Uvh <gytpol-Sensor-path>
Post-Installation
Where will I see the scanned machine?
Navigate to the System Health located in the "Settings" section.
Select Linux OS
How do I see and change the service status?
systemctl stop/start/status gytpol-clientWhere is the installation path?
/opt/gytpol
Where are the logs?
/opt/gytpol/logs
Log retention policy
The Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.
This behavior can be observed in any installed Linux Sensor under the directory /opt/gytpol/log.
Sensor version check
To check the Linux sensor version, run the following commands:
sudo /opt/gytpol/gytlnx --versionThe output should show the version number:
Where are the configuration folder?
/opt/gytpol/config
config.json file example:
{
"HttpVerifyCert": false,
"HttpTimeout": 10000000000,
"ServerAddress": "https://q1w2e3r4.execute-api.us-east-2.amazonaws.com/prod",
"ArchivedFilePath": "archive",
"ArchivedEncryptedReportName": "encrypted-report.json",
"metricConfigPath": "configs/metrics.json",
"cloudCfg": {
"Region": "us-east-2",
"AccessKeyID": "++AccessKeyID_String==",
"SecretAccessKey": "++SecretAccessKey_String==",
"ReportsBucket": {
"scanner-report": "gytpol-CUSTOMER-us-analyzer-reports",
"remediation-report": "gytpol-CUSTOMER-us-analyzer-reports",
"log-report": "gytpol-CUSTOMER-us-analyzer-reports"
}
}
}Uninstalling
Debian:
sudo dpkg --remove gytpol-clientUse the “--purge” instead of “--remove” to also delete the logs, archive etc.
RPM:
sudo rpm -e gytpol-client
Both rpm and dpkg commands listed above may remove certain configuration files associated with GYTPOL. Deleting files that may result in loss is at your own risk, so ensure that no critical data is being removed before proceeding.
It is highly recommended to take a backup of important data before making any changes to the system to mitigate any potential data loss. Always exercise caution when executing commands that may impact system configurations.
macOS
Pre-Installation:
Ports to open:
GYTPOL Sensor to GYTPOL SaaS - port 443
Does the Endpoint need to be a member of the domain?
No
Installation:
Before proceeding with the installation, determine the platform architecture by checking the "About this Mac." This information will help ensure that the correct version of the software is installed for your system.
To identify the platform architecture through a terminal command, you can use uname -p command.
Identify and choose the right package according to the table below:
Platform | Architecture | Terminal output | Package file |
|---|---|---|---|
macOS | Intel chipset | i386 | gytpol-client-<version>_amd64.pkg |
macOS | Apple silicon | arm | gytpol-client-<version>_arm64.pkg |
Command to run:
sudo /usr/sbin/installer -pkg <pkg_path> -target /
example:
sudo /usr/sbin/installer -pkg ~/Downloads/gytpol-client-0.5.1.0-0_arm64.pkg -target /To check that the launch daemon is running run:
sudo launchctl list | grep com.gytpol.gytmacIf the daemon is currently running, you can identify its process by checking the process ID (PID) on the left side of the output. The PID is highlighted in red for easy identification:
For further information run:
sudo launchctl list com.gytpol.gytmacIf you are using an Intel processor, ensure that you run the correct binary with the "_amd64" designation (e.g., gytpol-client-1.2.1.2-28_amd64.pkg).
While an amd64 binary can run on an arm64 processor, it is not recommended and is not officially supported. It is advisable to use the binary that corresponds to your processor architecture for optimal performance and compatibility.
Your output should look like this:
Post-Installation
Where will I see the scanned machine?
Navigate to the System Health located in the "Settings" section.
Select macOS
How do I see and change the service status?
sudo launchctl stop/start/list com.gytpol.gytmacWhere is the installation path?
/opt/gytpol
Where are the logs?
/opt/gytpol/logs
Log retention policy
The Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.
This behavior can be observed in any installed macOS Sensor under the directory /opt/gytpol/log.
Sensor version check
To check the macOS sensor version, run the following commands:
cd /opt/gytpol
sudo ./gytmac -versionThe output should show the version number:
Where are the configuration folder?
“config.json ” for Sensor’s configuration to a dedicated server
“metrics.json” for metrics configuration.
config.json
This file contains Sensor’s configuration:
{
"HttpVerifyCert" : false,
"HttpTimeout" : 10000000000,
"ServerAddress" : "_gytpol",
"ArchiveFolderPath" : "archive"
}
Fields explanations:
HttpVerifyCert - Indicate whether to validate the server’s certificate when using HTTP requests.
HttpTimeout - Determine the timeout (in Nano Seconds) for HTTP requests.
ServerAddress - The address of the GYTPOL server.
ArchiveFolderPath - Folder (relative to /opt/gytpol) in which reports are being saved to before sending them to the server.
Uninstalling
Stop the launch daemon.
sudo launchctl stop com.gytpol.gytmac
Unload the launch daemon from launchctl.
sudo launchctl unload -w /Library/LaunchDaemons/com.gytpol.gytmac.plist
Delete the lauanch daemon configuration plist file.
sudo rm -rf /Library/LaunchDaemons/com.gytpol.gytmac.plist
Discard receipt data.
sudo pkgutil --forget com.gytpol.gytmac
Deleting files that may lead to loss is at your own risk, please make sure that nothing important is being removed before deleting! It's always a good idea to take a backup of important data before making any changes to the system.
Network Devices
For detailed networking and connectivity requirements, including firewall rules, routing, and access control lists (ACLs), please refer to the Deploying the Network Devices Misconfiguration Sensor .
This guide outlines the necessary conditions for successful communication between the GYTPOL Network Sensor and the managed network devices.