Hardware and operating system requirements

This article describes the minimum hardware and operating system requirements your endpoints need for EDR and its related applications to perform properly.

EDR agent

The Datto EDR platform uses software agents to record and remotely store system-level behaviors of your endpoints. An endpoint security agent must be deployed to each endpoint that you want monitored and protected.

To use the Datto EDR, Datto AV, Ransomware, and Rollback and File Recovery functionality, there is no additional agent deployment required on your part. You only need to associate and configure the Datto EDR, Datto Antivirus and/or Ransomware Detection policy with the desired devices. Then, the endpoint security agent will take care of installing any required agents or enabling the functionality.

Each functionality has its own minimum operating system requirements for which your endpoints must comply.

Hardware requirements

You can successfully run any combination of Datto EDR, Datto AV, Ransomware Detection, and Rollback and File Recovery with the following minimum hardware requirements.

RAM: 4 GB
CPU: Quad-core
Disk: 4 GB free space

Individual components can function with a minimum of 2 GB RAM, dual-core CPU, and 2 GB of free disk space. However, it is recommended you use the higher specifications above to avoid resource issues that can occur when running monitoring, scanning, and detection security services.

Supported operating systems

The minimum operating system requirements for each application are specified below.

Application	Windows	Mac	Linux
Datto EDR	Workstation: Win 10 (Home, prod, education, and enterprise) and above. Server: 2012 and 2012 R2 32 and 64-bit and above. IMPORTANT: The EDR agent may run on older Windows versions. However, you may encounter installation or upgrade issues due to legacy operating systems not containing required DLLs or other files supported by current versions of Windows. If the EDR agent cannot be upgraded to the latest release because of the Windows version on the endpoint, the EDR/AV support team will not be able to assist.	macOS X El Capitan and above	32 and 64-bit systems that contain system, system/init.d and upstart. IMPORTANT: Our agent supports Linux distributions that are actively maintained by their official vendors or associated communities. To be eligible for support, the operating system must be within its official maintenance lifecycle and continue to receive regular security updates and patches. Distributions that have reached End-of-Life (EOL) or End-of-Support (EOS) and are no longer receiving security updates are not supported.
Datto AV	Current Installer: Workstation: Win 10 21H2 (Home, prod, education, and enterprise) and above. Server: 2016 with Azure Code Signing (ACS) 21H2 and above.	macOS version 13 (Ventura) and above	N/A
Ransomware Detection	Workstation: Win 10 (Home, prod, education, and enterprise) and above. Server: 2012 and 2012 R2 32 and 64-bit and above. IMPORTANT: Ransomware Detection is not supported on Windows devices using ARM based processors.	N/A	N/A
Ransomware Rollback	Workstation: Win 10 (Home, prod, education, and enterprise) and above. Server: 2012 and 2012 R2 32 and 64-bit and above. IMPORTANT: Ransomware Rollback is not supported on Windows devices using ARM based processors.	N/A	N/A

Datto AV Considerations

The Datto AV legacy installer (for Windows Server 2012 R2 and earlier) will automatically enable Windows Firewall. This behavior should be considered before deploying to legacy Windows systems. Requirements for using the legacy installer include: the server must be running Windows Server 2012 or later, Azure Code Signing must be enabled, and all Windows patches must be fully up to date.
Datto AV is not supported on Windows devices using ARM based processors. It is recommended you create a Windows Defender policy and apply it to those devices. Refer to the article, Leveraging Microsoft Defender Antivirus with Datto EDR.
Currently, Datto AV is not supported on hosts using FSLogix for roaming user profiles in virtual desktop environments due to compatibility conflicts. It is recommended you create a Windows Defender policy and apply it to those devices. Refer to the article, Leveraging Microsoft Defender Antivirus with Datto EDR.
By default, Datto DNS Secure blocks UDP traffic on ports 80 and 443 to disable the HTTP/3 QUIC protocol. This setting is not configurable. If UDP access on these ports is required, it is recommended you create and deploy a Windows Defender policy to the affected devices. Refer to the article, Leveraging Microsoft Defender Antivirus with Datto EDR

Revision	Date
Edited Datto EDR: Linux Important note.	4/17/25
Added Important for Ransomware Detection, Rollback: Not supported on Windows devices using ARM based processors.	5/1/25
Datto AV - added Important: Currently, Datto AV is not supported on hosts using FSLogix for roaming user profiles...	5/9/25
Added section Datto AV Considerations.	6/2/25

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.