Keep the Following in Mind

  • To install Threat Defender, you need an installation file. cognitix provides an .iso file via the cognitix Free Trial website.
  • If you install the software on a headless device using a serial console, there may be issues when using special characters. Try to avoid this, e.g. by using an EN keyboard layout.

  • Any data existing on the USB flash drive will be deleted.

  • Since there are several programs for creating installation media, we cannot provide support for all of them. As an example, we describe the creation using Linux below. The steps explained there will work in most cases.
  • Naturally, you can choose your preferred method for creating the installation media (USB flash drive / DVD).

  • In the installation wizard, select OK or Yes to confirm the dialog windows and proceed to the next step.

  • To make sure that the Threat Defender will be able to get software and license updates, you need to enter a reachable network gateway (pay attention to the CIDR notation) and DNS server (step 10) for the management interface.
    (You can also do this via the user interface when the installation is complete.)

  • Depending on your hardware equipment, autonegotiation for the network ports may have to be disabled (best case: device and switch). Otherwise, the Threat Defender may configure the management interface before the network card has a proper IP state for the dedicated management LAN port, for example. The Threat Defender may then start without having an IP address.

Prepare the USB Drive 

In the following, we describe the preparation of the USB drive via Linux as an example. You can also prepare the USB drive using your preferred method.

Please note that there are a lot of tools for different operating systems for this purpose. Therefore, we cannot support this procedure but want to illustrate one way which works in most cases.

First make sure that the USB drive is unmounted and you know the name of the device.

In this example, we assume the USB drive is /dev/sdb but it may be different on your setup.

Access the command line interface and run the following command:

sudo cp pw_installer.iso /dev/sdb && sync
# Alternatively, you can also use
sudo dd if=pw_installer.iso of=/dev/sdb bs=1M && sync

Start the Installation

When the USB flash drive is prepared, connect it to your appliance and make sure that it boots from USB first. The following image shows a BIOS screen from an appliance we use for testing.

The "Samsung Flash Drive" is the USB drive we want to boot from.


Now, with the flash drive inserted and with the correct booting order, reboot your appliance.

(Interactive) Installation Process

1. The appliance boots from the flash drive and starts the installation. 

    In the first screen, choose Interactive Installation to configure the network settings of the appliance.


NoteInteractive Installation is the default option that is selected automatically after 30 seconds.

The "Non-Interactive Installation" requires no user input. It rolls out the software as follows:

  • It enables all PCI network cards (not USB) supported by the OS.
  • The Management interface is configured as follows:
    • if all network cards are supported by Threat Defender as well, we use the first one
    • if the network cards are supported by the OS but not by Threat Defender, we use the first one
    • the IP setting is
  •     The hostname is set to "td-[mac address of the management interface]", e.g. "td-0060e064c8c7".

2. Select Yes to confirm that the installer may delete your hard disk:


3. Select the time zone as per your needs. 

This can be changed afterwards via the GUI as well, see Changing hostname and time-settings.

4. You are asked to check the system date and time.

5. The system checks the usable network cards.

6. Select the interface for out-of-band management:


The installer automatically detects usable network interfaces. If an interface is connected to a switch, the connection speed is indicated after the MAC address of that interface.

To verify a selected interface, use the Identify option. This will cause the LEDs of the selected interface to flash.

You can Rename all interfaces in this dialog if you wish to have more convenient names, e.g. "management" for your management interface.

7. You need to enter the host name of the appliance. Do not use fully qualified domain names, e.g. Only use "td" in this case.


8. Then, enter the IP address of the management interface in CIDR format. For example, is equivalent to IP with netmask


9. Optionally, enter the IP address of your gateway, if there is any. If you want to receive software and signature updates via the Internet, entering this information is mandatory.


10. Optionally, enter the IP address of your (or any reachable) DNS server.


11. The last screen displays a summary of the settings for confirmation.


12. Click Yes to proceed with the installation.

The installer creates a new file system.


After a few minutes, the installation is complete and the appliance shuts down. Some boxes do not shut down, but halt instead.

13. Switch your appliance off (if required) and then restart it.


After (re)starting, you're ready to protect your network using cognitix Threat Defender.


On the console, you see a summary of your appliance. To configure it, open the specified URL in your browser.

We recommend using Chrome or Firefox.

For the first login, see our article First Sign-In.