Windows - Configuration - Start Rapid7 Insight Agent Service

What the Rapid7 Insight Agent Service starter does

This Automox Worklet™ verifies that the Rapid7 Insight Agent Service is running on your Windows endpoints. The Worklet checks both 32-bit and 64-bit registry hives to confirm the Rapid7 Insight Agent is installed, then verifies the service status.

If the service is not running, the Worklet automatically starts it. This maintains continuous security monitoring and vulnerability detection without requiring manual intervention from your IT team.

Why maintain continuous Rapid7 monitoring

Rapid7 Insight Agent provides vulnerability scanning, asset inventory, and security monitoring, but the service occasionally stops due to Windows updates, resource conflicts, or service dependencies. When the Insight Agent stops, your vulnerability management system loses visibility into that endpoint. Scan results become stale, new vulnerabilities go undetected, and compliance reports show inaccurate data.

Security and compliance teams rely on current vulnerability data to prioritize patching, respond to zero-day announcements, and satisfy audit requirements. When agent services stop, those teams operate on outdated information that misrepresents your actual security posture. You might believe an endpoint is patched and secure when in reality it has not checked in for weeks and hosts critical vulnerabilities.

Rapid7's console displays last-seen timestamps, but identifying which endpoints have stopped services versus which are legitimately offline requires manual investigation. In organizations with thousands of endpoints, this investigation consumes hours of analyst time and delays remediation of real service failures.

Virtual machines, particularly in cloud environments with snapshot capabilities, can experience agent failures when restored from checkpoints or after live migration events. These technical issues create silent failures where the endpoint continues normal operations but the monitoring agent provides no data.

How Rapid7 service verification and recovery works

1. Evaluation phase: The Worklet checks the registry at HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall for the Rapid7 Insight Agent, examining both the 64-bit and 32-bit registry hives. If installed, it queries the service display name to confirm the service is running.

2. Remediation phase: If the Rapid7 Insight Agent Service is found but not running, the Worklet executes Start-Service using PowerShell to start the service immediately. If the service fails to start, the Worklet reports the failure for investigation.

Rapid7 Agent service requirements

• Windows 7, Windows 10, Windows 11, or Windows Server 2008 R2 and later

• Rapid7 Insight Agent must be installed on the endpoint

• PowerShell 2.0 or later with local administrator privileges

• Sufficient permissions to query and start Windows services

Expected Rapid7 service status after remediation

The Rapid7 Insight Agent service starts immediately and resumes normal operation. The service transitions from Stopped to Running, and the agent begins its standard initialization and check-in process. Within minutes, the agent contacts Rapid7's cloud infrastructure to upload queued data and receive updated scan configurations.

The endpoint appears in the Rapid7 InsightVM console with a current last-seen timestamp. Vulnerability scan data updates to reflect the endpoint's actual state. Asset inventory records refresh with current software versions, installed patches, and configuration data.

Scheduled vulnerability scans run on their normal cadence. The agent collects system information, installed software inventory, running services, and configuration settings. This data feeds into your vulnerability management workflow and compliance reporting dashboards.

The service continues running until the next reboot or service failure. This Worklet only starts the service, it does not change service startup type or add monitoring to prevent future failures. You should investigate why the service stopped to address the root cause.