Frontline Agent Scanning

NOTE: Frontline Agent Scanning is an add-on. Please contact Technical Support.

Featuring minimal impact on systems, now you can easily obtain patch scan results automatically and ensure more comprehensive coverage for your vulnerability management program with Frontline Agent Scanning. Agents scan from anywhere with connectivity and relieve scanning systems over a variety networks. Frontline scanning can accommodate remote environments with agents which use local host resources to reduce bandwidth requirements and prevent challenges due to slow network connections. The agent will automatically detect host changes and send them in near real-time to Frontline.Cloud. This automated feature creates a benefit for those scanning large numbers of assets. Instead of running scans that require days to run through all assets, agents can be installed on each asset for faster results with authenticated scans. Additionally, agents ensure endpoints are scanned when they are not accessible via network-based scanning appliances.

Frontline.Cloud's agent is designed to incur minimal impact on the system and the network, to allow the opportunity to gain direct access to the host without system disruption to end-users. After deployment Frontline Agents are self-regulating as they assess local configurations and download updates, without user initiation or reboot requirement.

Frontline macOS Agent requires less than 200 MB of disk space and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 2% usage while scanning.

Frontline Windows Agent requires less than 5 MB of space for the agent, up to 100 MB for logging, and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 8% usage while scanning.

Frontline Linux Agent requires less than 100 MB of disk space and uses roughly 90 MB of RAM. Expect minimal CPU impact when idle at less than 1% utilization, and peaks of 1.5% usage while scanning.

Frontline Agent Scanning requires an internal scanner to be configured for your account. The agents do not use the internal scanner directly, however, the scanner will be associated to the scan results and used for any manual rescans from Frontline.Cloud.

TIP: Currently Frontline Agent Scanning is only supported for the following 64-bit operating systems:
  • Windows 10

  • Windows 11

  • Server 2012 + R2

  • Server 2016

  • Server 2019

  • Server 2022

  • macOS Big Sur

  • macOS Monterey

  • macOS Ventura

  • Amazon Linux 2

  • Ubuntu 20

  • Ubuntu 22

  • Debian 11

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 8

  • Red Hat Enterprise Linux 9

  • Oracle Enterprise Linux 7

  • Oracle Enterprise Linux 8

  • Oracle Enterprise Linux 9

Download the correct agent to coordinate with your operating system and system type.

Use Frontline Agent Scanning

Once the installation is complete, the agents will start sending results back to Frontline.Cloud. All agent scan results are assembled into a scan which is added to Frontline in a recurrence that you specify. Agents will only send back results when they detect a change in the endpoint or are notified of a new agent scanner definitions package.

Agent Download

Download the appropriate agent package for Windows, macOS, and Linux from Frontline.Cloud portal by navigating in the side menu to System > Scanner ManagementAgents. Select the Download Agent button to select the required agent from the drop-down list to download the agent installer.

Agent License Key

To access your Frontline Agent Scanning Key: Navigate to System >Settings. Scroll down to the Scanner and Agent Provisioning section to find the key and copy it into the Installer.

Agent Scan Recurrence

The recurrence of how often scans “may” be created if there are changes detected by the agents, is configured in Settings > Scan Results under the Agent Scanning section. Here you can choose your Scan Recurrence.

NOTE: This does not mean that a scan is created every time on this recurrence, it is just how often Frontline tries to make a scan if agents have sent back scan results.
  1. From the navigation menu, select System > Service Subscriptions.

  2. Additional options found on the Scan Results tab are Include Superseded Microsoft Patches, Include superseded Apple patches, and Deactivate Days

    The superseded patches option is the only agent run time scan option available at this time. The scans performed by Frontline Agents are essentially Patch scans. The Deactivate Days option simply marks agents as inactive if they have not communicated back to Frontline within a specified amount of time.

    NOTE: Deactivating an agent does not reclaim that license for the agent. To reclaim a license, you must uninstall the agent from Frontline. Note that if you do it using add / remove programs or some other means on the endpoint, you will need to also uninstall it from Frontline. The uninstall agent link can be found by drilling into an agent detail from the agent list page and clicking uninstall. Agents uninstalled via Frontline will be automatically uninstalled from the hosts the next time they check into Frontline.
  3. After drilling into an agent, you will see some basic information about the agent and the asset it is installed on, along with option to deactivate or uninstall the agent.

  4. Under Active View System Health click on the Assets tab:

    There is a new icon that displays. This means that the asset has already been scanned by an agent.

  5. You can filter by these agent results.

Agent Installation

Agent Support

Proxy Setup

Frontline Agent can be configured to use an HTTP proxy. Set the proxy host and port number using the frontlineUtils binary for the version of the agent for which you are configuring the proxy.

IMPORTANT: If you set the proxy after the agent has been activated, you may need to restart the service for it to take effect. IF you se the poxy before activating the agent, the change will take effect automatically after activation.

Frontline Agent uses the WebSocket protocol for communication with Frontline. If the TCP proxy is not transparent, the Frontline edge-uplink domain (e.g. will need to added to the allow list. See the Frontline Agent Scanning™ section to determine appropriate uplink domain address.

Windows Proxy Setup

On Windows, the frontlineUtils.exe. binary can be found in the \Program Files\Digital Defense\Frontline Agent folder. To configure the proxy settings, execute the following from an elevated command prompt (Administrator):

frontlineUtils.exe proxy -add host:port

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

frontlineUtils.exe proxy --display

Remove proxy settings using the --remove option:

frontlineUtils.exe proxy --remove

Linux Proxy Setup

For Linux systems, use the frontlineUtils binary located in the /var/frontline/bin folder. Execute the following command: 

sudo /var/frontline/bin/frontlineUtils proxy -add host:port

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /var/frontline/bin/frontlineUtils proxy --display

Remove proxy settings using the --remove option:

sudo /var/frontline/bin/frontlineUtils proxy --remove

MacOS Proxy Setup

On macOS systems, use the frontlineUtils binary located in the /usr/local/bin folder. Execute the following command: 

sudo /usr/local/bin/frontlineUtils proxy -add host:port

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /usr/local/bin/frontlineUtils proxy --display

Remove proxy settings using the --remove option:

sudo /usr/local/bin/frontlineUtils proxy remove-proxy


For general uninstallation, use the Uninstall button in Frontline. It can be found once an agent is selected after navigating to System > Scanner Management > Agents.

Clicking on an agent in this list will show an option to "Deactivate scanning" and "Uninstall the agent". Once the Uninstall process has been initiated here, the agent will be completely removed on the system it was installed on. Note that this process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.

NOTE: This process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.

Frontline Windows Agent

The agent can be uninstalled via add / remove programs in Windows. Once this is complete, use the Uninstall process in Frontline to complete the removal of the agent.

Frontline macOS Agent

There are three options for uninstalling the Frontline macOS agent. The agent can be uninstalled by using the script directly, via the frontlineUtils or following the Uninstall process in Frontline.

Uninstalling using the script:

sudo /Applications/Frontline\

Uninstalling using frontlineUtils:

sudo /usr/local/bin/frontlineUtils uninstall

Frontline Linux Agent

For manual uninstallation, choose one of the following commands to execute on the command line of the linux server, depending on whether the system is a Debian variant or a Red Hat variant:

Debian based Linux:

sudo dpkg -r frontline-agent

Red Hat based Linux:

sudo rpm -e frontline-agent

Both using the Uninstall button in Frontline and execution of either of these commands will completely remove the agent, including the folder it was installed under.


If you have issues with your Frontline Agent, you may have to add a few domains to the allow list if you are using a web proxy or some other security technology that may block the agent’s outbound connection to Frontline.

The specific domains (for prod US lineup) are:


The domains are different for each lineup:

UK lineup


JP lineup


Trial uses, so they need the following:


Testing Connectivity

Run the following utility to verify the agent appears to be working as prescribed. The command will check various connectivity related issues, including network connection, Frontline.Cloud domain lookup, agent configuration, scan configuration, comm configuration, update functions, and site license validation. If there are any issues found during the verify checks, they will be displayed on the console to help either identify the issue or rule out connectivity prior to requiring support.

  • Windows OS: 
    frontlineUtils.exe verify

    TIP: The command file is located in the install directory of the agent. If you have not specified a custom path for the agent, the default path is:
    C:\Program Files\Digital Defense\Frontline Agent
  • macOS: 
    /usr/local/bin/frontlineUtils verify

  • Linux OS:
    /var/frontline/bin/frontlineUtils verify
    change the directory to the /var/frontline/bin folder and executing:
    ./frontlineUtils verify

The command checks connectivity and then prints a status message to the command line declaring the status of the verification as either "OK" or "Failed".

If the agent verify command shows that the agent can reach the required domains, but is failing on the messaging check; verify that the connection to the uplink subdomain isn't being blocked by a web proxy or other similar network security device.

NOTE: The agents use a TLS encrypted binary protocol to communicate with Frontline.Cloud, not HTTPS. This may require the connection to edge-uplink.<lineup domain> to be added to an allow list for security devices that block the outbound connection to port 443 when it's not HTTPS.

If you further exploration of a connectivity issue is needed, try running the following commands to test basic TCP connectivity to the required domains. If the tests are successful you should see something similar to the following "Connection to port 443 [tcp/https] succeeded!". If not, one or more of the domains may need to be allowed out.

  • Windows OS 
  • Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName ''"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName ''"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName ''"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName ''"
  • macOS or Linux
  • nc -v 443
    nc -v 443
    nc -v 443
    nc -v 443

If any of these tests fail the agent will not run correctly. Check that you have added the appropriate host to the allow list for port 443 and check connectivity again.