Skip to content
TruthVouch Docs

Sentinel: Windows Installation

Install and configure the Sentinel Agent on Windows for AI tool monitoring and DLP enforcement.

System Requirements

  • OS: Windows 10 (build 19041+) or Windows 11, Windows Server 2019+
  • Architecture: x86-64 (64-bit)
  • Memory: 256MB minimum, 512MB recommended
  • Disk Space: 100MB for installation
  • Permissions: Administrator privileges required for installation

Installation Methods

Download:

https://download.truthvouch.io/sentinel/windows/latest

Interactive Installation:

  1. Download sentinel-installer.msi
  2. Double-click to open installer
  3. Accept license agreement
  4. Choose installation directory (default: C:\Program Files\TruthVouch)
  5. Click “Install”
  6. Restart computer when prompted

Silent Installation:

Terminal window
# Run as Administrator
msiexec /i sentinel-installer.msi /quiet /norestart

With API Key:

Terminal window
msiexec /i sentinel-installer.msi /quiet `
  SENTINEL_API_KEY="sk-..." `
  ORGANIZATION_ID="org-..." `
  /norestart

Installation Properties:

Terminal window
msiexec /i sentinel-installer.msi /quiet `
  INSTALLDIR="C:\Custom\Path" `
  SENTINEL_API_KEY="sk-..." `
  ORGANIZATION_ID="org-..." `
  CUSTOM_ENDPOINT="https://sentinel.company.local" `
  AUTO_UPDATE=1 `
  /norestart

2. Chocolatey

Terminal window
# Install Chocolatey (if not already installed)
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))


# Install Sentinel
choco install truthvouch-sentinel -y

3. PowerShell Script

Terminal window
# Run as Administrator
$Uri = "https://download.truthvouch.io/sentinel/windows/install.ps1"
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString($Uri)) `
  -ApiKey "sk-..." `
  -OrganizationId "org-..."

Uninstallation

Via Control Panel:

  1. Settings → Apps → Apps & features
  2. Find “TruthVouch Sentinel”
  3. Click “Uninstall”
  4. Restart computer

Via PowerShell:

Terminal window
# Run as Administrator
msiexec /x sentinel-installer.msi /quiet /norestart

Via Chocolatey:

Terminal window
choco uninstall truthvouch-sentinel -y

Group Policy Deployment

Deploy via Group Policy for enterprise environments.

Create GPO

  1. Open Group Policy Management Editor
  2. Create new GPO: “TruthVouch Sentinel”
  3. Link to Organization Unit containing target computers

Deployment Steps

Edit GPO:

Computer Configuration → Policies → Software Settings → Software installation

Add Package:

  • Right-click “Software installation”
  • Select “New” → “Package”
  • Browse to \\share\sentinel-installer.msi
  • Select “Assigned” (installs at startup)

Configure Properties:

Advanced → Modifications

Add sentinel-config.mst transform file for:

  • API endpoint
  • API key
  • Organization ID
  • Monitoring settings

Create Transform File

Terminal window
# Extract MSI to modify
msiexec /a sentinel-installer.msi TARGETDIR=C:\MsiWork /qb


# Edit config.xml in extracted MSI
# Repackage with transform
msiexec /a C:\MsiWork\sentinel-installer.msi TARGETDIR=C:\MsiWork TRANSFORMS=sentinel-config.mst /qb

First-Time Setup

1. Start Service

Terminal window
# Verify service is running
Get-Service -Name "TruthVouchSentinel" | Start-Service


# Check status
Get-Service -Name "TruthVouchSentinel"

2. Configure API Key

Edit config file:

C:\ProgramData\TruthVouch\Sentinel\config.yaml

Add:

cloud:
  api_key: sk-...
  organization_id: org-...

Restart service:

Terminal window
Restart-Service TruthVouchSentinel

3. Verify Installation

Terminal window
# Check if service is running
Get-Service TruthVouchSentinel


# View logs
Get-EventLog -LogName "Application" -Source "TruthVouch" -Newest 10

Configuration

Config File Locations

# User config
C:\ProgramData\TruthVouch\Sentinel\config.yaml


# Logs
C:\ProgramData\TruthVouch\Sentinel\logs\


# Database
C:\ProgramData\TruthVouch\Sentinel\data\sentinel.db

Edit Configuration

Terminal window
# Open in Notepad
notepad "C:\ProgramData\TruthVouch\Sentinel\config.yaml"


# Reload after editing
Restart-Service TruthVouchSentinel

Auto-Update

Enable Auto-Update

Edit config:

advanced:
  auto_update: true
  update_check_interval: 24  # hours

Manual Update

Terminal window
# Check for updates
& "C:\Program Files\TruthVouch\Sentinel\sentinel.exe" --check-update


# Install update
& "C:\Program Files\TruthVouch\Sentinel\sentinel.exe" --install-update


# Force update
msiexec /i sentinel-installer.msi REINSTALL=ALL /quiet /norestart

Windows Firewall

The installer automatically adds firewall exceptions for:

  • Outbound HTTPS to api.truthvouch.io
  • Outbound HTTPS to custom endpoints (if configured)

Verify:

Terminal window
Get-NetFirewallRule -DisplayName "*TruthVouch*"

Manual Exception:

Terminal window
New-NetFirewallRule -DisplayName "TruthVouch Sentinel" `
  -Direction Outbound `
  -Action Allow `
  -Program "C:\Program Files\TruthVouch\Sentinel\sentinel.exe" `
  -Protocol TCP `
  -RemotePort 443

Event Logging

View Sentinel events:

Terminal window
# Open Event Viewer
eventvwr.msc


# Or via PowerShell
Get-EventLog -LogName "Application" -Source "TruthVouch" -Newest 20


# Filter by event level
Get-EventLog -LogName "Application" -Source "TruthVouch" -EntryType Error

Permissions

Sentinel requires:

  • Network access — Outbound HTTPS to TruthVouch cloud
  • File system access — Read/write to C:\ProgramData\TruthVouch\
  • Process monitoring — System-level process monitoring
  • Clipboard access — Optional, if enabled in config

Runs as SYSTEM account by default (full system privileges).

Troubleshooting

Service Won’t Start

Terminal window
# Check service status
Get-Service TruthVouchSentinel


# View detailed status
Get-Service TruthVouchSentinel | Get-Member


# Check logs
Get-EventLog -LogName "Application" -Source "TruthVouch" -Newest 20

Network Connectivity Issues

Terminal window
# Test connection to API
Test-NetConnection -ComputerName api.truthvouch.io -Port 443


# Check DNS resolution
Resolve-DnsName api.truthvouch.io


# Test HTTPS connection
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest https://api.truthvouch.io/health

Configuration Not Loaded

Terminal window
# Validate config
& "C:\Program Files\TruthVouch\Sentinel\sentinel.exe" --validate-config


# Reload config
Restart-Service TruthVouchSentinel


# Check config file permissions
icacls C:\ProgramData\TruthVouch\Sentinel\

High CPU Usage

Terminal window
# Check running processes
Get-Process sentinel


# Monitor real-time
Get-Counter -Counter "\Process(sentinel)\% Processor Time" -SampleInterval 1


# Disable CPU-intensive features
# Edit config.yaml and set:
# monitoring:
#   clipboard_monitoring: false
#   network_monitoring: false

Performance Optimization

Reduce Memory Footprint

config.yaml
database:
  max_size_mb: 50  # Reduce from 100


advanced:
  offline_grace_period_days: 7

Reduce Network Traffic

reporting:
  interval: 120  # Sync every 2 hours instead of 1


monitoring:
  tools:
    # Disable monitoring for unused tools
    - name: "Unused Tool"
      enabled: false

Optimize Monitoring

monitoring:
  process_mode: "selective"  # Instead of automatic
  tools:
    # Monitor only configured tools
    - name: ChatGPT
      enabled: true
    - name: "GitHub Copilot"
      enabled: true

Integration with MDM

For mobile device management (Intune, Microsoft Configuration Manager):

Configuration Manager (SCCM):

Software Center → Applications → TruthVouch Sentinel → Install

Intune:

Intune → Apps → Windows apps → Upload app

Upload sentinel-installer.msi with:

  • Command line: /quiet /norestart
  • Detection rule: Registry path check for installed version

See Configuration Reference and Policy Sync for detailed options.