Fortra VM (FVM) Agent Scans

NOTE: FVM Agent Scans is an add-on. Please contact Technical Support.

Featuring minimal impact on systems, now you can easily obtain patch scan results automatically and ensure more comprehensive coverage for your vulnerability management program with FVM Agent Scanning. Agents scan from anywhere with connectivity and relieve scanning systems over a variety networks. FVM scanning can accommodate remote environments with agents which use local host resources to reduce bandwidth requirements and prevent challenges due to slow network connections. The agent will automatically detect host changes and send them in near real-time to Fortra VM. This automated feature creates a benefit for those scanning large numbers of assets. Instead of running scans that require days to run through all assets, agents can be installed on each asset for faster results with authenticated scans. Additionally, agents ensure endpoints are scanned when they are not accessible via network-based scanning appliances.

Fortra VM's agent is designed to incur minimal impact on the system and the network, to allow the opportunity to gain direct access to the host without system disruption to end-users. After deployment FVM Agents are self-regulating as they assess local configurations and download updates, without user initiation or reboot requirement.

FVM macOS Agent requires less than 200 MB of disk space and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 2% usage while scanning.

FVM Windows Agent requires less than 5 MB of space for the agent, up to 100 MB for logging, and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 8% usage while scanning.

FVM Linux Agent requires less than 100 MB of disk space and uses roughly 90 MB of RAM. Expect minimal CPU impact when idle at less than 1% utilization, and peaks of 1.5% usage while scanning.

Agent Scanning requires an internal scanner to be configured for your account. The agents do not use the internal scanner directly, however, the scanner will be associated to the scan results and used for any manual rescans from Fortra VM.

TIP: Currently FVM Agent Scans is only supported for the following 64-bit operating systems:
  • Windows 10

  • Windows 11

  • Server 2012 + R2

  • Server 2016

  • Server 2019

  • Server 2022

  • macOS Big Sur

  • macOS Monterey

  • macOS Ventura

  • Amazon Linux 2

  • Ubuntu 20

  • Ubuntu 22

  • Debian 11

  • Red Hat Enterprise Linux 7

  • Red Hat Enterprise Linux 8

  • Red Hat Enterprise Linux 9

  • Oracle Enterprise Linux 7

  • Oracle Enterprise Linux 8

  • Oracle Enterprise Linux 9

Download the correct agent to coordinate with your operating system and system type.

Use FVM Agent Scanning

Once the installation is complete, the agents will start sending results back to Fortra VM. All agent scan results are assembled into a scan which is added to Fortra VM in a recurrence that you specify. Agents will only send back results when they detect a change in the endpoint or are notified of a new agent scanner definitions package.

Agent Download

Download the appropriate agent package for Windows, macOS, and Linux from Fortra VM portal by navigating in the side menu to System > Scanner ManagementAgents. Select the Download Agent button to select the required agent from the drop-down list to download the agent installer.

Agent License Key

To access your FVM Agent Scans Key: Navigate to System >Settings. Scroll down to the Scanner and Agent Provisioning section to find the key and copy it into the Installer.

See the full FVM agent details in the article, FVM Agent Scanning.

Agent Scan Recurrence

The recurrence of how often scans “may” be created if there are changes detected by the agents, is configured in Settings > Scan Results under the Agent Scanning section. Here you can choose your Scan Recurrence.

NOTE: This does not mean that a scan is created every time on this recurrence, it is just how often Fortra VM tries to make a scan if agents have sent back scan results.
  1. From the navigation menu, select System > Service Subscriptions.

  2. Additional options found on the Scan Results tab are Include Superseded Microsoft Patches, Include superseded Apple patches, and Deactivate Days

    The superseded patches option is the only agent run time scan option available at this time. The scans performed by FVM Agents are essentially Patch scans. The Deactivate Days option simply marks agents as inactive if they have not communicated back to Fortra VM within a specified amount of time.

    NOTE: Deactivating an agent does not reclaim that license for the agent. To reclaim a license, you must uninstall the agent from Fortra VM. Note that if you do it using add / remove programs or some other means on the endpoint, you will need to also uninstall it from Fortra VM. The uninstall agent link can be found by drilling into an agent detail from the agent list page and clicking uninstall. Agents uninstalled via Fortra VM will be automatically uninstalled from the hosts the next time they check into Fortra VM.
  3. After drilling into an agent, you will see some basic information about the agent and the asset it is installed on, along with option to deactivate or uninstall the agent.

  4. Under Active View System Health click on the Assets tab:

    There is a new icon that displays. This means that the asset has already been scanned by an agent.

  5. You can filter by these agent results.

Agent Installation

Agent Support

Support Policy

The Fortra VM Agent is generally supported on an OS, as long as the vendor continues to support the version of the OS the Fortra VM Agent is installed on. Once an OS is no longer supported by the vendor, the Fortra VM Agent will continue to be supported for an additional three months on the end of life OS.

The agents will start returning a new detection titled "FVM Scan Notification: Agent Approaching End of Support for Host OS" to help identify agents that are running on an end of life OS and are approaching the end of support.

After the additional three month period, the Fortra VM Agent may continue to work as expected but no additional support or bug fixes will be provided. A Fortra VM Agent that is no longer supported on the OS will start to run a detection titled "FVM Scan Notification: Unsupported Agent OS" to help identify agents running on an unsupported host.

Proxy Setup

FVM Agent can be configured to use an HTTP proxy. Set the proxy host and port number using the frontlineUtils binary for the version of the agent for which you are configuring the proxy.

IMPORTANT: If you set the proxy after the agent has been activated, you may need to restart the service for it to take effect. If you set the proxy before activating the agent, the change will take effect automatically after activation.
Windows Proxy Setup

On Windows, the frontlineUtils.exe. binary can be found in the \Program Files\Digital Defense\Frontline Agent folder. To configure the proxy settings, execute the following from an elevated command prompt (Administrator):

frontlineUtils.exe proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

frontlineUtils.exe proxy --display

Remove proxy settings using the --remove option:

frontlineUtils.exe proxy --remove         
Linux Proxy Setup

For Linux systems, use the frontlineUtils binary located in the /var/frontline/bin folder. Execute the following command: 

sudo /var/frontline/bin/frontlineUtils proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /var/frontline/bin/frontlineUtils proxy --display                

Remove proxy settings using the --remove option:

sudo /var/frontline/bin/frontlineUtils proxy --remove
MacOS Proxy Setup

On macOS systems, use the frontlineUtils binary located in the /usr/local/bin folder. Execute the following command: 

sudo /usr/local/bin/frontlineUtils proxy --add host:port                

Set the host to the IP address for host of the proxy and set the port to the appropriate port number.

Display proxy settings using the --display option:

sudo /usr/local/bin/frontlineUtils proxy --display                    

Remove proxy settings using the --remove option:

sudo /usr/local/bin/frontlineUtils proxy --remove                    

Uninstalling

For general uninstallation, use the Uninstall button in Fortra VM. It can be found once an agent is selected after navigating to System > Scanner Management > Agents.

Clicking on an agent in this list will show an option to "Deactivate scanning" and "Uninstall the agent". Once the Uninstall process has been initiated here, the agent will be completely removed on the system it was installed on. Note that this process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.

NOTE: This process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.

FVM Windows Agent

The agent can be uninstalled via add / remove programs in Windows. Once this is complete, use the Uninstall process in Fortra VM to complete the removal of the agent.

FVM macOS Agent

There are three options for uninstalling the FVM macOS agent. The agent can be uninstalled by using the uninstall.sh script directly, via the frontlineUtils or following the Uninstall process in Fortra VM.

Uninstalling using the script:

sudo /Applications/Frontline\ Agent.app/Contents/Resources/uninstall.sh

Uninstalling using frontlineUtils:

sudo /usr/local/bin/frontlineUtils uninstall

FVM Linux Agent

For manual uninstallation, choose one of the following commands to execute on the command line of the linux server, depending on whether the system is a Debian variant or a Red Hat variant:

Debian based Linux:

sudo dpkg -r frontline-agent

Red Hat based Linux:

sudo rpm -e frontline-agent

Both using the Uninstall button in Fortra VM and execution of either of these commands will completely remove the agent, including the folder it was installed under.

Troubleshooting

If you have issues with your FVM Agent, you may have to add a few domains to the allow list if you are using a web proxy or some other security technology that may block the agent’s outbound connection to Fortra VM.

The specific domains (for prod US lineup) are:

  • edge-uplink.us.frontline.cloud
  • us.frontline.cloud
  • checkpoint.us.frontline.cloud
  • updates.us.frontline.cloud

The domains are different for each lineup:

UK lineup

  • edge-uplink.uk.frontline.cloud
  • uk.frontline.cloud
  • checkpoint.uk.frontline.cloud
  • updates.uk.frontline.cloud

JP lineup

  • edge-uplink.jp.frontline.cloud
  • jp.frontline.cloud
  • checkpoint.jp.frontline.cloud
  • updates.jp.frontline.cloud

Trial uses tryfrontline.cloud, so they need the following:

  • edge-uplink.tryfrontline.cloud
  • checkpoint.tryfrontline.cloud
  • tryfrontline.cloud
  • updates.tryfrontline.cloud

Testing Connectivity

Run the following utility to verify the agent appears to be working as prescribed. The command will check various connectivity related issues, including network connection, Fortra VM domain lookup, agent configuration, scan configuration, comm configuration, update functions, and site license validation. If there are any issues found during the verify checks, they will be displayed on the console to help either identify the issue or rule out connectivity prior to requiring support.

  • Windows OS: 

    frontlineUtils.exe verify
    TIP: The command file is located in the install directory of the agent. If you have not specified a custom path for the agent, the default path is:
    C:\Program Files\Digital Defense\Frontline Agent
  • macOS: 

    /usr/local/bin/frontlineUtils verify
  • Linux OS:

    /var/frontline/bin/frontlineUtils verify 

    OR
    change the directory to the /var/frontline/bin folder and executing:

    ./frontlineUtils verify

The command checks connectivity and then prints a status message to the command line declaring the status of the verification as either "OK" or "Failed".

If the agent verify command shows that the agent can reach the required domains, but is failing on the messaging check; verify that the connection to the uplink subdomain isn't being blocked by a web proxy or other similar network security device.

NOTE: The agents use a TLS encrypted binary protocol to communicate with Fortra VM, not HTTPS. This may require the connection to edge-uplink.<lineup domain> to be added to an allow list for security devices that block the outbound connection to port 443 when it's not HTTPS.

If you further exploration of a connectivity issue is needed, try running the following commands to test basic TCP connectivity to the required domains. If the tests are successful you should see something similar to the following "Connection to updates.us.frontline.cloud port 443 [tcp/https] succeeded!". If not, one or more of the domains may need to be allowed out.

  • Windows OS 
  • Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'checkpoint.us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'edge-uplink.us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'us.frontline.cloud'"
    Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'updates.us.frontline.cloud'"
  • macOS or Linux
  • nc -v updates.us.frontline.cloud 443
    nc -v us.frontline.cloud 443
    nc -v edge-uplink.us.frontline.cloud 443
    nc -v checkpoint.us.frontline.cloud 443

If any of these tests fail the agent will not run correctly. Check that you have added the appropriate host to the allow list for port 443 and check connectivity again.