Installation Overview

Installation Overview

List view

Quick Start

User Guide

Discovered Apps

Private Applications

Secure AI Portal

Policies & GuardRails

Policy Creation

Policy Precedence

File Attachments

GuardRail: Behavioral Activity

GuardRail: PCI DSS

GuardRail: Data Protection

GuardRail: Harmful Response Prevention (Beta)

GuardRail: Model Identity Protection

GuardRail: Model Protection

GuardRail: Organizational Behavior (Beta)

GuardRail: Risk Analysis

Witness Anywhere: Remote Device Security

Witness Anywhere Overview

Installation Overview

Azure Intune: Single-User VDI

Azure Intune: Multi-User VDI

CrowdStrike (Windows)

Jamf (macOS) (Beta)

Witness Anywhere: FAQ

Installation Overview

Witness Attack

Witness Attack: AI Red Teaming

Administrator Guide

Witness Anywhere Binary Installer Overview

Windows

The Witness Anywhere (WA) Windows binary installer is a Go based executable that incorporates the WA registration and flush workflows for multiple Mobile Device Management (MDM) vendors and device configurations.

Single executable, multiple uses: Customers no longer need separate scripts for each MDM or device configuration — the same signed executable can be invoked with command-line arguments to install all supported combinations.

Code-signed for integrity: The executable is digitally code-signed by WitnessAI to prevent tampering and to improve trust during deployment.

Native implementation: The binary interacts with the Windows platform using native Windows APIs, without invoking PowerShell or cmd commands. This reduces false positives from endpoint protection products and eliminates reliance on scripting interpreters.

Minimized exposure of sensitive data: Unlike script-based deployments that require embedding enrollment tokens or other sensitive values in files pushed to endpoints, the binary installer accepts sensitive parameters as runtime arguments and does not store those values to disk. This removes the security risk of distributing script files containing enrollment tokens or secrets to user machines.

Performance: Registration and flush operations complete faster than the previous script-based implementation due to compiled performance and direct API usage.

Security & operational benefits: code signing, reduced script surface, fewer antivirus and endpoint detection alerts, simplified deployment (single artifact).

MacOS

The WA macOS deliverable focuses on converting the registration component to a code signed binary. (Pending validation)

Due to Apple platform controls, certain system changes (notably Certificate Trust and Proxy PAC configuration) must be applied via MDM configuration profiles and cannot be fully implemented by a local executable alone.

Signed binary for registration/flush: The existing registration shell script can be converted into a code-signed native binary that performs the same registration and flush logic locally.

MDM profile requirement: Installing the certificate into the system trust store and applying PAC/proxy settings still requires an MDM profile. As a result, a two-step approach is necessary:

Run the WA binary to perform registration/flush

Deploy the MDM profile (certificate + PAC configuration) via the customer’s MDM (e.g., Jamf).

Jamf consideration: If Jamf (or another MDM) supports pushing and executing a code-signed binary with arguments, we can use one binary to perform both registration and flush logic. This capability should be validated for each customer MDM implementation.

Witness Anywhere Binary Installer Overview Windows MacOS