Configuring the agent for VDI environments

This article describes how to configure the RocketCyber agent for use in Virtual Desktop Infrastructure (VDI) environments as part of Kaseya MDR agent deployment.

This configuration is required only for non‑persistent or image‑based virtual desktops where multiple machines are created from a shared base image. It must be applied during image preparation, before agent deployment at scale.

This article does not describe device management, monitoring behavior, or troubleshooting after deployment.

When this configuration is required

Apply this configuration if your environment uses:

  • Non‑persistent VDI pools

  • Golden images or base VM templates

  • Cloned virtual desktops where hardware identifiers are shared

For traditional endpoints (laptops, desktops, servers), this configuration is not required.

Why special configuration is needed for VDI

The RocketCyber agent identifies devices using a fingerprinting mechanism. This fingerprint is generated from attributes such as:

  • Hostname

  • MAC address

  • Hardware serial numbers

This approach works reliably for physical devices and persistent virtual machines.

In VDI environments, however, multiple virtual desktops may share the same underlying hardware image, making fingerprint‑based identification unreliable.

Without a VDI‑specific configuration, multiple virtual desktops derived from a single image may appear as the same device.

How VDI registration works

For VDI environments, the agent can be configured to:

  • Disable hardware‑based fingerprint reuse, and

  • Register devices uniquely based on hostname

This ensures each virtual desktop instance appears as a distinct device in Kaseya MDR.

Configuration steps (gold image)

Apply the following steps on the gold image only, before distributing or cloning it.

  1. Install the RocketCyber agent on the gold image.

  2. Immediately stop the agent service.

    • Using the Service Control Manager

    • From an elevated command prompt: sc stop rocketagent.

  3. Open the configuration file: C:\Program Files\RocketAgent\rocketagent.ini

  4. Locate the [agent] section and remove the following lines:

    • uid=XXXXXX

    • uid_hash=XXXXXXX

  5. In the same [agent] section, add the following line: enable_alternate_registration=true

  6. Save the file.

After this configuration is applied, deploy or clone the gold image as required for your VDI environment.

Resulting behavior

With this configuration in place:

  • Each VDI client registers uniquely using its hostname

  • Device duplication caused by shared hardware fingerprints is avoided

  • Agent behavior remains unchanged for telemetry, detection, and SOC workflows

This configuration affects device registration only. It does not change:

  • Detection logic

  • Investigation behavior

  • Response capabilities

  • Device visibility after deployment

  • Scope clarification