Fortra VM (FVM) Agent Scans

Overview

NOTE: FVM Agent Scans is an add-on. Contact Fortra Technical Support for assistance.

Featuring minimal impact on systems, now you can easily obtain patch scan results automatically and ensure more comprehensive coverage for your vulnerability management program with FVM Agent Scanning. Agents scan from anywhere with connectivity and relieve scanning systems over a variety networks. FVM scanning can accommodate remote environments with agents which use local host resources to reduce bandwidth requirements and prevent challenges due to slow network connections. The agent will automatically detect host changes and send them in near real-time to Fortra VM. This automated feature creates a benefit for those scanning large numbers of assets. Instead of running scans that require days to run through all assets, agents can be installed on each asset for faster results with authenticated scans. Additionally, agents ensure endpoints are scanned when they are not accessible by way of network-based scanning appliances.

Fortra VM's agent is designed to incur minimal impact on the system and the network, to allow the opportunity to gain direct access to the host without system disruption to end-users. After deployment FVM Agents are self-regulating as they assess local configurations and download updates, without user initiation or reboot requirement.

FVM macOS Agent requires less than 200 MB of disk space and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 2% usage while scanning.

FVM Windows Agent requires less than 5 MB of space for the agent, up to 100 MB for logging, and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 8% usage while scanning.

FVM Linux Agent requires less than 100 MB of disk space and uses roughly 90 MB of RAM. Expect minimal CPU impact when idle at less than 1% utilization, and peaks of 1.5% usage while scanning.

Agent Scanning requires an internal scanner to be configured for your account. The agents do not use the internal scanner directly, however, the scanner will be associated to the scan results and used for any manual rescans from Fortra VM.

Supported Operating Systems

FVM Agent Scans is supported for the following 64-bit operating systems:

Windows

  • Windows 10

  • Windows 11

  • Windows Server 2012 + R2

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

macOS

  • macOS Monterey

  • macOS Ventura

  • macOS Sonoma

Linux

  • Amazon Linux 2

  • Ubuntu 20

  • Ubuntu 22

  • Debian 11

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 8

  • Red Hat Enterprise Linux 9

  • Oracle Enterprise Linux 7

  • Oracle Enterprise Linux 8

  • Oracle Enterprise Linux 9

Download the correct agent to coordinate with your operating system and system type.

Use FVM Agent Scanning

Once the installation is complete, the agents will start sending results back to Fortra VM. All agent scan results get assembled into a scan and then added to Fortra VM in a recurrence that you specify. Agents will only send back results when they detect a change in the endpoint or notification of a new agent scanner definitions package. All recurrence intervals are relative to midnight UTC on January 1st of every year, regardless of the time or date of the agent installation or activation of the agent scanning service in Fortra VM.

The scan would be created in Fortra VM, assuming there are new agent scan results to present, at approximately midnight UTC on the day the recurrence schedule runs and every interval thereafter for recurrence rules that are less than one day. See Agent Scan Recurrence for all available intervals.

Agent Download

Download the appropriate agent package for Windows, macOS, and Linux from Fortra VM portal by selecting Scan SettingsAgents from the side menu. Select Download Agent, and then select the desired agent from the list.

Agent Site License Key

To access your Agent Site License Key, select Scan Settings > Settings. Scroll down to the Scanner and Agent Provisioning section to find the key and then copy it into the installer.

Agent Scan Recurrence

To configure the recurrence of how often scans may be created when changes are detected by agents, select Scan Settings > Settings from the navigation menu. Then, under the Agent Scanning section, select the desired option from the Scan recurrence list.

NOTE: The Scan recurrence setting determines how often Fortra VM attempts to create a scan if agents have sent back scan results. It does not create a scan every time on the selected recurrence.

Other available Agent Scanning options:

  • Include superseded Microsoft Patches and Include superseded Apple patches - Currently, these are the only agent runtime scan options available in Fortra VM. Scans performed by FVM Agents are essentially patch scans.

  • Deactivate Days - Marks agents as inactive if they have not communicated back to Fortra VM within a specified time.

Deactivating an Agent

NOTE: Deactivating an agent does not reclaim that license for the agent. To reclaim a license, you must uninstall the agent from Fortra VM. If you uninstall the agent using add/remove programs in Windows or some other means on the endpoint, you will need to also uninstall it from Fortra VM. You can find the uninstall agent link by drilling into an agent's detail from the agent list page, and then selecting Uninstall. Agents uninstalled by way of Fortra VM will be automatically uninstalled from the hosts the next time they check into Fortra VM.

After drilling into an agent, you will see some basic information about the agent and the asset it is installed on, along with option to deactivate or uninstall the agent.

Agent Scan Results

To view the scan results for an agent:

  1. Under Active View System Health, select the Assets tab.

  2. A new icon appears, indicating the asset has already been scanned by an agent.

  3. You can filter by these agent results.

Agent Installation

Agent Support

Support Policy

The Fortra VM Agent is generally supported on an OS, as long as the vendor continues to support the version of the OS the Fortra VM Agent is installed on. Once an OS is no longer supported by the vendor, the Fortra VM Agent will continue to be supported for an additional three months on the end of life OS.

The agents will start returning a new detection titled "FVM Scan Notification: Agent Approaching End of Support for Host OS" to help identify agents that are running on an end of life OS and are approaching the end of support.

After the additional three month period, the Fortra VM Agent may continue to work as expected but no additional support or bug fixes will be provided. A Fortra VM Agent that is no longer supported on the OS will start to run a detection titled "FVM Scan Notification: Unsupported Agent OS" to help identify agents running on an unsupported host.

Proxy Setup

FVM Agent can be configured to use an HTTP proxy. Set the proxy host and port number using the frontlineUtils binary for the version of the agent for which you are configuring the proxy.

IMPORTANT: If you set the proxy after the agent has been activated, you may need to restart the service for it to take effect. If you set the proxy before activating the agent, the change will take effect automatically after activation.

Windows Proxy Setup

On Windows, the frontlineUtils.exe. binary can be found in the \Program Files\Digital Defense\Frontline Agent folder. To configure the proxy settings, execute the following from an elevated command prompt (Administrator):

frontlineUtils.exe proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

frontlineUtils.exe proxy --display

Remove proxy settings using the --remove option:

frontlineUtils.exe proxy --remove         

Linux Proxy Setup

For Linux systems, use the frontlineUtils binary located in the /var/frontline/bin folder. Execute the following command: 

sudo /var/frontline/bin/frontlineUtils proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /var/frontline/bin/frontlineUtils proxy --display                

Remove proxy settings using the --remove option:

sudo /var/frontline/bin/frontlineUtils proxy --remove

MacOS Proxy Setup

On macOS systems, use the frontlineUtils binary located in the /usr/local/bin folder. Execute the following command: 

sudo /usr/local/bin/frontlineUtils proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /usr/local/bin/frontlineUtils proxy --display                    

Remove proxy settings using the --remove option:

sudo /usr/local/bin/frontlineUtils proxy --remove                    

Uninstalling

Generally, you can use the Uninstall function in Fortra VM which is available after you select an agent and go to Scan Settings > Agents.

Selecting an agent in this list will show an option to "Deactivate scanning" and "Uninstall the agent." Once the Uninstall process has been initiated, the agent will be completely removed on the system it was installed on. Note that this process will not be immediate and may take up to half an hour for the agent to check in and receive the uninstall command.

NOTE: This process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.

FVM Windows Agent

To uninstall the agent in Windows, use Add or remove programs and then use the Uninstall process in Fortra VM to complete the removal of the agent.

FVM macOS Agent

There are three options for uninstalling the FVM macOS agent. The agent can be uninstalled by using the uninstall.sh script directly, by way of the frontlineUtils, or following the Uninstall process in Fortra VM.

To uninstall using the uninstall.sh script:

sudo /Applications/Frontline\ Agent.app/Contents/Resources/uninstall.sh

To uninstall using frontlineUtils:

sudo /usr/local/bin/frontlineUtils uninstall

FVM Linux Agent

For manual uninstallation, choose one of the following commands to execute on the command line of the linux server, depending on whether the system is a Debian variant or a Red Hat variant:

Debian based Linux:

sudo dpkg -r frontline-agent

Red Hat based Linux:

sudo rpm -e frontline-agent

Both using the Uninstall button in Fortra VM and execution of either of these commands will completely remove the agent, including the folder it was installed under.

Troubleshooting

If you have issues with your FVM Agent, you may have to add a few domains to the allow list if you are using a web proxy or some other security technology that may block the agent’s outbound connection to Fortra VM.

Domains are different for each lineup:

  • US
    • edge-uplink.us.frontline.cloud
    • us.frontline.cloud
    • checkpoint.us.frontline.cloud
    • updates.us.frontline.cloud
  • UK 

    • edge-uplink.uk.frontline.cloud

    • uk.frontline.cloud

    • checkpoint.uk.frontline.cloud

    • updates.uk.frontline.cloud

  • JP 

    • edge-uplink.jp.frontline.cloud

    • jp.frontline.cloud

    • checkpoint.jp.frontline.cloud

    • updates.jp.frontline.cloud

Trial uses tryfrontline.cloud and require the following:

  • edge-uplink.tryfrontline.cloud
  • checkpoint.tryfrontline.cloud
  • tryfrontline.cloud
  • updates.tryfrontline.cloud

Testing Connectivity

Run the following utility to verify the agent appears to be working as prescribed. The command will check various connectivity related issues, including network connection, Fortra VM domain lookup, agent configuration, scan configuration, comm configuration, update functions, and site license validation. If there are any issues found during the verify checks, they will be displayed on the console to help either identify the issue or rule out connectivity prior to requiring support.

  • Windows OS 

    frontlineUtils.exe verify
    TIP: The command file is located in the install directory of the agent. If you have not specified a custom path for the agent, the default path is C:\Program Files\Digital Defense\Frontline Agent.
  • macOS 

    /usr/local/bin/frontlineUtils verify
  • Linux OS

    /var/frontline/bin/frontlineUtils verify 

    OR
    change the directory to the /var/frontline/bin folder and executing:

    ./frontlineUtils verify

The command checks connectivity and then prints a status message to the command line declaring the status of the verification as either OK or Failed.

If the agent verify command shows that the agent can reach the required domains, but is failing on the messaging check; verify that the connection to the uplink subdomain is not being blocked by a web proxy or other similar network security device.

NOTE: The agents use a TLS encrypted binary protocol to communicate with Fortra VM, not HTTPS. This may require you to add the connection to edge-uplink.<lineup domain> to an allow list for security devices that block the outbound connection to port 443 when it is not HTTPS.

If you further exploration of a connectivity issue is needed, try running the following commands to test basic TCP connectivity to the required domains. If the tests are successful you should see something similar to the following "Connection to updates.us.frontline.cloud port 443 [tcp/https] succeeded!". If not, one or more of the domains may need to be allowed out.

  • Windows OS 
  • Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'checkpoint.us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'edge-uplink.us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'updates.us.frontline.cloud'"
  • macOS or Linux

    nc -v updates.us.frontline.cloud 443
    nc -v us.frontline.cloud 443
    nc -v edge-uplink.us.frontline.cloud 443
    nc -v checkpoint.us.frontline.cloud 443

If any of these tests fail the agent will not run correctly. Check that you have added the appropriate host to the allow list for port 443 and check connectivity again.