Fortra VM (FVM) Agent Scans
Featuring minimal impact on systems, now you can easily obtain patch scan results automatically and ensure more comprehensive coverage for your vulnerability management program with FVM Agent Scanning. Agents scan from anywhere with connectivity and relieve scanning systems over a variety networks. FVM scanning can accommodate remote environments with agents which use local host resources to reduce bandwidth requirements and prevent challenges due to slow network connections. The agent will automatically detect host changes and send them in near real-time to Fortra VM. This automated feature creates a benefit for those scanning large numbers of assets. Instead of running scans that require days to run through all assets, agents can be installed on each asset for faster results with authenticated scans. Additionally, agents ensure endpoints are scanned when they are not accessible via network-based scanning appliances.
Fortra VM's agent is designed to incur minimal impact on the system and the network, to allow the opportunity to gain direct access to the host without system disruption to end-users. After deployment FVM Agents are self-regulating as they assess local configurations and download updates, without user initiation or reboot requirement.
FVM macOS Agent requires less than 200 MB of disk space and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 2% usage while scanning.
FVM Windows Agent requires less than 5 MB of space for the agent, up to 100 MB for logging, and uses less than 20 MB of RAM. Expect minimal CPU impact when idle with peaks of around 8% usage while scanning.
FVM Linux Agent requires less than 100 MB of disk space and uses roughly 90 MB of RAM. Expect minimal CPU impact when idle at less than 1% utilization, and peaks of 1.5% usage while scanning.
Agent Scanning requires an internal scanner to be configured for your account. The agents do not use the internal scanner directly, however, the scanner will be associated to the scan results and used for any manual rescans from Fortra VM.
Windows 10
Windows 11
Server 2012 + R2
Server 2016
Server 2019
Server 2022
macOS Monterey
macOS Ventura
Amazon Linux 2
Ubuntu 20
Ubuntu 22
Debian 11
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Oracle Enterprise Linux 7
Oracle Enterprise Linux 8
Oracle Enterprise Linux 9
Download the correct agent to coordinate with your operating system and system type.
Use FVM Agent Scanning
Once the installation is complete, the agents will start sending results back to Fortra VM. All agent scan results are assembled into a scan which is added to Fortra VM in a recurrence that you specify. Agents will only send back results when they detect a change in the endpoint or are notified of a new agent scanner definitions package.
Agent Download
Download the appropriate agent package for Windows, macOS, and Linux from Fortra VM portal by navigating in the side menu to System > Scanner Management > Agents. Select the Download Agent button to select the required agent from the drop-down list to download the agent installer.
Agent License Key
To access your FVM Agent Scans Key: Navigate to System > Settings. Scroll down to the Scanner and Agent Provisioning section to find the key and copy it into the Installer.
Agent Scan Recurrence
The recurrence of how often scans "may" be created if there are changes detected by the agents, is configured in Settings > Scan Results under the Agent Scanning section. Here you can choose your Scan Recurrence.
- From the navigation menu, select System > Service Subscriptions.
- Additional options found on the Scan Results tab are Include Superseded Microsoft Patches, Include superseded Apple patches, and Deactivate Days
The superseded patches option is the only agent run time scan option available at this time. The scans performed by FVM Agents are essentially Patch scans. The Deactivate Days option simply marks agents as inactive if they have not communicated back to Fortra VM within a specified amount of time.
NOTE: Deactivating an agent does not reclaim that license for the agent. To reclaim a license, you must uninstall the agent from Fortra VM. Note that if you do it using add / remove programs or some other means on the endpoint, you will need to also uninstall it from Fortra VM. The uninstall agent link can be found by drilling into an agent detail from the agent list page and clicking uninstall. Agents uninstalled via Fortra VM will be automatically uninstalled from the hosts the next time they check into Fortra VM. - After drilling into an agent, you will see some basic information about the agent and the asset it is installed on, along with option to deactivate or uninstall the agent.
- Under Active View System Health click on the Assets tab:
There is a new icon that displays. This means that the asset has already been scanned by an agent.
- You can filter by these agent results.
Agent Installation
FVM Windows Agent
System Requirements:
-
64-bit: Windows 10, 11, Server 2012 + R2, Server 2016, Server 2019, Server 2022
-
TLS version 1.2
-
Port 443 open outbound
-
Internal scanner configured
Using either the MSI installer package, the command line mass install method, or your own organization’s software distribution process (SCCM, etc.) install. Using the MSI installer package, follow the steps provided through the Wizard.
Installing via the command line can be done by running the following command from a command prompt that has been "run as administrator": msiexec /i FrontlineAgentInstaller64.msi /quiet /log C:\Path\to\log\file\install.log
Licensing Windows Agent
The following command is used to activate the Windows agent where C: may need to be replaced depending on the install location of the Agent and <site license> is replaced with the site license obtained from the Fortra VM portal:
"C:\Program Files\Digital Defense\Frontline Agent\frontlineUtils.exe" activate --activatekey <site license>
Agent Logs
Installation Logs
Agent Installer logs can be found in the location specified if you ran:
msiexec /i FrontlineAgentInstaller64.msi /quiet /log <path_to_log_files>
If more verbose installer logs are needed run the following command in the cmd window:
msiexec /i frontlineagentinstaller64.msi /quiet /l*v C:\Path\to\log\file\install.log
Auto-Update logs
Auto-update logs can be found in the following location:
C:\Windows\Temp\faupdate.log
Agent Logs
FVM Agent logs can be found in the following location:
\Program Files\Digital Defense\Frontline Agent\log
FVM macOS Agent
MacOS Agents are installed using the GUI installer, or via the command-line.
System Requirements:
-
macOS Big Sur, macOS Monterey, or macOS Ventura
-
TLS version 1.2
-
Internal scanner configured
-
Port 443 open outbound
Multiple agents running on a single host are not supported.
Command Line Agent Install
Run:
sudo installer -target / -pkg </path/to/installer/package>
Example:
sudo installer -target / -pkg FrontlineAgentInstaller.pkg
License the Agent
Run:
sudo /usr/local/bin/frontlineUtils activate -activatekey <agent site license>
Example:
sudo /usr/local/bin/frontlineUtils activate --activatekey xxxxxxx-xxx-xxx-xxx-xxxxxxxxxxxx
Install the Agent
Agent Install Location The default install location is /Applications/Frontline Agent.app.
Agent Logs
The agent log for all MacOS versions is located in the /Library/Logs/com.digitaldefense.Frontline-Agent folder. Log files for the main service are prefixed with "agent" followed by the date of the first log message written to the file.
For example: agent20231018.log.
This file can be opened or manipulated by any standard Unix utility such as vi, cat, tail, etc.
Updating
Automatic Software Updates
The agent will check for updates once a day. If the version of the installed agent is less than the agent available to update to, the installed agent will download the new version and update itself. Additionally, if the agent sends scan results to Fortra VM that are rejected due to a version mismatch then the agent will also check for updates to both scan definition and agent version. It will also update if the service is restarted.
Scan Definition Updates
The agent will check for new scan definition updates once a day at the same time it checks for updates to the agent binaries. It will also check for new updates if the agent receives a negative status message (such as wrong scan version) from the Controller when submitting scan results.
FVM Linux Agent
Linux Agent Installers
The Linux Agent is offered in two available installation packages:
-
Linux Agent (64-bit Debian format)
-
Linux Agent (64-bit RPM format)
See Agent Download for download location in Fortra VM.
System Requirements:
-
64 bit: Amazon Linux 2, Ubuntu 20, Ubuntu 22, Debian 11, Red Hat Enterprise Linux 7, Red Hat Linux 8, Red Hat Linux 9, Oracle Enterprise Linux 7, Oracle Enterprise Linux 8, or Oracle Enterprise Linux 9
-
TLS version 1.2
-
Internal scanner configured
-
Port 443 open outbound
Multiple agents running on a single host are not supported.
If you run a linux distribution such as Debian, Ubuntu, or any other that uses .deb packages, the 64-bit Debian format needs to be selected to download. However, those running Red Hat, Oracle Linux, or another Red Hat-variant distro should choose the 64-bit RPM format.
For example, when running Ubuntu with the RPM tool suite installed the Debian format should be chosen over the RPM installer.
Install Agent
Once the installer is chosen for the specific distro to target, the downloaded installer can be copied to the appropriate Linux system using the scp command.
scp frontline-agent-LATEST-1.58.3.x86_64.rpm admin@my-redhat-server:/home/admin
Once the installer has been copied to the servers, the admin should log in and execute the following commands to install the agent:
sudo su
rpm -i <installer_file_name> (if on a Red Hat system) / dpkg -i <installer_file_name> (if on an Ubuntu system)
The agent MUST be installed with root permissions. If all dependencies are met and the agent installs without error, it will be started automatically through systemd.
Register the agent using the site license key.
Activate Agent
Use the following instructions to activate the agent using the frontlineUtils binary.
Obtain your site license key in Fortra VM by navigating, see Agent License Key for details.
To ensure the agent activates, execute the following commands:
cd /var/frontline/bin
./frontlineUtils activate --activatekey <site_license_key>
Agent Logs
To retrieve Linux agent logs, run the following command:
journalctl -u frontline-agent
Agent Support
Support Policy
The Fortra VM Agent is generally supported on an OS, as long as the vendor continues to support the version of the OS the Fortra VM Agent is installed on. Once an OS is no longer supported by the vendor, the Fortra VM Agent will continue to be supported for an additional three months on the end of life OS.
The agents will start returning a new detection titled "FVM Scan Notification: Agent Approaching End of Support for Host OS" to help identify agents that are running on an end of life OS and are approaching the end of support.
After the additional three month period, the Fortra VM Agent may continue to work as expected but no additional support or bug fixes will be provided. A Fortra VM Agent that is no longer supported on the OS will start to run a detection titled "FVM Scan Notification: Unsupported Agent OS" to help identify agents running on an unsupported host.
Proxy Setup
FVM Agent can be configured to use an HTTP proxy. Set the proxy host and port number using the frontlineUtils binary for the version of the agent for which you are configuring the proxy.
Windows Proxy Setup
On Windows, the frontlineUtils.exe. binary can be found in the \Program Files\Digital Defense\Frontline Agent folder. To configure the proxy settings, execute the following from an elevated command prompt (Administrator):
frontlineUtils.exe proxy --add host:port
Set the host to the IP address for host of the proxy and set the port to the appropriate port number.
Display proxy settings using the --display option:
frontlineUtils.exe proxy --display
Remove proxy settings using the --remove option:
frontlineUtils.exe proxy --remove
Linux Proxy Setup
For Linux systems, use the frontlineUtils binary located in the /var/frontline/bin folder. Execute the following command:
sudo /var/frontline/bin/frontlineUtils proxy --add host:port
Set the host to the IP address for host of the proxy and set the port to the appropriate port number.
Display proxy settings using the --display option:
sudo /var/frontline/bin/frontlineUtils proxy --display
Remove proxy settings using the --remove option:
sudo /var/frontline/bin/frontlineUtils proxy --remove
MacOS Proxy Setup
On macOS systems, use the frontlineUtils binary located in the /usr/local/bin folder. Execute the following command:
sudo /usr/local/bin/frontlineUtils proxy --add host:port
Set the host to the IP address for host of the proxy and set the port to the appropriate port number.
Display proxy settings using the --display option:
sudo /usr/local/bin/frontlineUtils proxy --display
Remove proxy settings using the --remove option:
sudo /usr/local/bin/frontlineUtils proxy --remove
Uninstalling
For general uninstallation, use the Uninstall button in Fortra VM. It can be found once an agent is selected after navigating to System > Scanner Management > Agents.
Clicking on an agent in this list will show an option to "Deactivate scanning" and "Uninstall the agent". Once the Uninstall process has been initiated here, the agent will be completely removed on the system it was installed on. Note that this process will not be immediate. It may take up to half an hour for the agent to check in and receive the uninstall command.
FVM Windows Agent
The agent can be uninstalled via add / remove programs in Windows. Once this is complete, use the Uninstall process in Fortra VM to complete the removal of the agent.
FVM macOS Agent
There are three options for uninstalling the FVM macOS agent. The agent can be uninstalled by using the uninstall.sh script directly, via the frontlineUtils or following the Uninstall process in Fortra VM.
Uninstalling using the script:
sudo /Applications/Frontline\ Agent.app/Contents/Resources/uninstall.sh
Uninstalling using frontlineUtils:
sudo /usr/local/bin/frontlineUtils uninstall
FVM Linux Agent
For manual uninstallation, choose one of the following commands to execute on the command line of the linux server, depending on whether the system is a Debian variant or a Red Hat variant:
Debian based Linux:
sudo dpkg -r frontline-agent
Red Hat based Linux:
sudo rpm -e frontline-agent
Both using the Uninstall button in Fortra VM and execution of either of these commands will completely remove the agent, including the folder it was installed under.
Troubleshooting
If you have issues with your FVM Agent, you may have to add a few domains to the allow list if you are using a web proxy or some other security technology that may block the agent’s outbound connection to Fortra VM.
The specific domains (for prod US lineup) are:
- edge-uplink.us.frontline.cloud
- us.frontline.cloud
- checkpoint.us.frontline.cloud
- updates.us.frontline.cloud
The domains are different for each lineup:
UK lineup
- edge-uplink.uk.frontline.cloud
- uk.frontline.cloud
- checkpoint.uk.frontline.cloud
- updates.uk.frontline.cloud
JP lineup
- edge-uplink.jp.frontline.cloud
- jp.frontline.cloud
- checkpoint.jp.frontline.cloud
- updates.jp.frontline.cloud
Trial uses tryfrontline.cloud, so they need the following:
- edge-uplink.tryfrontline.cloud
- checkpoint.tryfrontline.cloud
- tryfrontline.cloud
- updates.tryfrontline.cloud
Testing Connectivity
Run the following utility to verify the agent appears to be working as prescribed. The command will check various connectivity related issues, including network connection, Fortra VM domain lookup, agent configuration, scan configuration, comm configuration, update functions, and site license validation. If there are any issues found during the verify checks, they will be displayed on the console to help either identify the issue or rule out connectivity prior to requiring support.
-
Windows OS:
frontlineUtils.exe verify
TIP: The command file is located in the install directory of the agent. If you have not specified a custom path for the agent, the default path is:C:\Program Files\Digital Defense\Frontline Agent -
macOS:
/usr/local/bin/frontlineUtils verify
-
Linux OS:
/var/frontline/bin/frontlineUtils verify
OR
change the directory to the /var/frontline/bin folder and executing:./frontlineUtils verify
The command checks connectivity and then prints a status message to the command line declaring the status of the verification as either "OK" or "Failed".
If the agent verify command shows that the agent can reach the required domains, but is failing on the messaging check; verify that the connection to the uplink subdomain isn't being blocked by a web proxy or other similar network security device.
If you further exploration of a connectivity issue is needed, try running the following commands to test basic TCP connectivity to the required domains. If the tests are successful you should see something similar to the following "Connection to updates.us.frontline.cloud port 443 [tcp/https] succeeded!". If not, one or more of the domains may need to be allowed out.
- Windows OS
- macOS or Linux
Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'checkpoint.us.frontline.cloud'"
Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'edge-uplink.us.frontline.cloud'"
Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'us.frontline.cloud'"
Powershell -command "Test-NetConnection -Port 443 -InformationLevel 'Detailed' -ComputerName 'updates.us.frontline.cloud'"
nc -v updates.us.frontline.cloud 443
nc -v us.frontline.cloud 443
nc -v edge-uplink.us.frontline.cloud 443
nc -v checkpoint.us.frontline.cloud 443
If any of these tests fail the agent will not run correctly. Check that you have added the appropriate host to the allow list for port 443 and check connectivity again.