The agent can be exposed and identified if installed in environments with antivirus or in environments managed by expert technicians.
To prevent this from happening, a substitute, the scout agent, is sent at installation to installed the target device and check the environment.
Once installed, the scout agent appears in the target page after the first synchronization. Its icon, similar to the agent one, indicates the platform where it is installed. For example:
After installation is completed, the scout agent acquires evidence:
After the scout agent acquires evidence, it must be checked to decide whether the installation environment is safe for the agent.
If the environment is safe, the agent can be updated; the scout agent is replaced by the agent.
If the environment is not safe, the scout agent must be closed.
Updating the scout agent installs the agent and the scout agent icon is replaced by the agent icon in the target page.
An agent will perform synchronization only if:
An agent behaves differently according to the Internet connection availability:
If the Internet connection is... | Then... |
---|---|
not available |
if the agent has modules enabled, it starts to record data in the device. |
available |
if first synchronization has been run on the agent, you can:
Tip: start creating an agent and only enable synchronization and the device module. Then, once installed, and upon receiving the first synchronization, gradually enable the other modules, according to the device capabilities and the type of evidence you want to collect. |
Agent activities can be temporarily suspended without uninstalling the agent by simply disabling all the modules and leaving only synchronization active.
To test a configuration before production use, create an agent in Demo mode (
The agent is created in demo mode, behaving according to the given configuration, with the sole difference that it clearly signals its presence on the device (with audio, led and screen messages). Signaling permits easy identification of an infected device used for testing.
NOTE: in case evidence is not received from an agent in demo mode, this may be due to a server settings error or impossibility of reaching the address of the set Collector (i.e.: due to network settings problems).
Agent configuration (basic or advanced) can be repeatedly edited. When saved, a copy of the configuration is created and saved in the configuration log.
At the next synchronization, the agent will receive the new configuration (Sent time) and communicate successful installation (Activated). From that point on, any changes can only be made by saving a new configuration.
NOTE: If Sent time and Activated are null, the current settings can still be edited.
For a description of agent configuration log data