OSSEC HIDS

by OSSECv3.7.0

Last updated Jun 8, 2026

OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS).

Install with winget

$ winget install --id OSSEC.OSSECAgent --exact --version 3.7.0

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for OSSEC HIDS

OSSEC HIDS uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x86, machine scope)

ossec-agent-win32-3.7.0-24343.exe /S

See the full silent install reference for OSSEC HIDS →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v3.7.0

Architecture	Type	Scope	Install	Download
x86	EXE NSIS	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

8 known CVEs via NVD

high7.5Patched in wingetCVE-2021-28040affects v3.6.0Mar 5, 2021
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped...
medium5.5Patched in wingetCVE-2020-8448affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.
Vendor advisory
critical9.8Patched in wingetCVE-2020-8447affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec...
Vendor advisory
medium5.5Patched in wingetCVE-2020-8446affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
Vendor advisory
critical9.8Patched in wingetCVE-2020-8445affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed...
Vendor advisory
critical9.8Patched in wingetCVE-2020-8444affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by os...
Vendor advisory
critical9.8Patched in wingetCVE-2020-8443affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd pro...
Vendor advisory
high8.8Patched in wingetCVE-2020-8442affects >=2.7 and <=3.5.0Jan 29, 2020
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.
Patch Vendor advisory

Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install OSSEC HIDS on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id OSSEC.OSSECAgent --exact --version 3.7.0. winget downloads the installer from OSSEC and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install OSSEC HIDS silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id OSSEC.OSSECAgent --exact 3.7.0 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for OSSEC HIDS?

OSSEC HIDS uses EXE (NSIS). Run the downloaded installer with: ossec-agent-win32-3.7.0-24343.exe /S. The silent switches are /S.

How do I uninstall OSSEC HIDS via winget?

Run: winget uninstall --id OSSEC.OSSECAgent --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from OSSEC HIDS's Apps & Features entry.

Is OSSEC HIDS free?

OSSEC HIDS is distributed under GNU General Public License (version 2). Refer to the publisher (https://www.ossec.net/) for the full license terms - Wingetly itself does not charge for installation.

Does OSSEC HIDS work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls OSSEC HIDS directly from the publisher.

How do I keep OSSEC HIDS up to date?

Run winget upgrade --id OSSEC.OSSECAgent --exact, or winget upgrade --all to update everything winget tracks. We index 2 versions of OSSEC HIDS from microsoft/winget-pkgs.

Recent versions

3.7.0latest
3.6.0