What is the Portnox AgentP?
In this topic, you will learn what is the Portnox™ AgentP software and how it works.
Portnox AgentP is a lightweight software agent for installation on user devices. AgentP is not necessary to use Portnox Cloud but without it, some functions of Cloud are not available.
The following are the benefits of using Portnox AgentP:
-
More information about the device: With AgentP, Portnox Cloud has access to additional information about the device. It knows the device type, operating system, user, IP address, system configuration, installed applications, and more.
-
Easier onboarding: Onboarding with AgentP is easier and faster than by configuring connections manually, especially if you want to use certificates for user/device authentication.
-
Risk policies: Since AgentP has access to more information about the device, it is possible to use it to build the device risk policy, and then control network access based on the risk level. For example, you can use AgentP to discover that an Android phone has risky software installed, or that a Windows disk encryption is not active.
-
Remediation: AgentP also lets you perform automatic remediation actions on user devices. For example, if it discovers that the device’s antivirus software is out of date or turned off, it can update it and turn it on.
Installation requirements
AgentP is available on the following platforms:
- Microsoft Windows (7 SP3 and higher)
- Apple macOS (10.9 Mavericks and higher)
- Apple iOS (7 and higher)
- Android (5 Lollipop and higher)
- Linux (Ubuntu 14.04 and higher, Debian 7 and higher, Mint 17 and higher, CentOS 7.2 and higher, RHEL 7.1 and higher)
Resource requirements:
-
Memory and disk consumption:
- Windows: Approximately 75 MB RAM and approximately 9 MB of disk space.
- MacOS: Approximately 24 MB RAM and approximately 12 MB of disk space.
-
CPU consumption: A prolonged test using a 2012 Intel i7 Dual-Core processor has shown AgentP consuming 0.1 % of CPU peek during normal operation. CPU only spiked higher during initial provisioning and other one-off tasks of interacting with the AgentP UI.
-
Network bandwidth consumption: Negligible. AgentP performs full synchronization with Portnox Cloud once an hour and also detects risk posture changes in real time. In a prolonged test, the consumption for these tasks averaged 211 bps up (241 total packets) and 122 bps (115 total packets).
Note: There are a few cases when AgentP reports a new device status to Portnox Cloud immediately:- After Internet availability has changed
- If a new IP address is assigned to the device
- If a security center status has changed, for example, an antivirus or firewall was enabled or disabled
- If the device has just woken up from sleep
- If a Windows service controlled by a risk policy was started or stopped
User interface options
Desktop
The following is an explanation of user interface options:
-
Notifications: This tab contains notifications from Portnox Cloud concerning the risk assessment policy. These notifications are also sent as system notifications.
-
Last update: The date and time of the last sync between AgentP and Portnox Cloud.
Note: AgentP automatically synchronizes with Portnox Cloud every 1 hour. If a sync operation fails, it means your device has connectivity problems with Portnox Cloud. For example, this may happen if you’re connected to the organization network and your device configuration is considered unsafe by the risk assessment policy. -
Sync now: Manually synchronize information between AgentP and Portnox Cloud.
-
Connection: Name of the network that the device is connected to. This may be the name of a Wi-Fi or a wired network. If the device is connected using multiple interfaces to both Wi-Fi and wired networks, the Wi-Fi network name is displayed.
-
Company, User, Portnox device ID: Information as configured in Portnox Cloud: your company name, your enrolled user, and an automatically generated unique ID for the device.
-
Application version: The version number of the AgentP application.
-
Deactivate: Unenroll the current user (log out the current user). To use AgentP again, you will have to enroll it again.
-
Uninstall: Completely uninstall AgentP from your operating system.
Note: On macOS, this option is available in the AgentP menu in the menu bar on top of the screen. You cannot uninstall AgentP on macOS by dragging its icon to Trash. -
Networks: The list of secure networks provisioned by AgentP.
Mobile
The following is an explanation of user interface options:
-
Last tick: The date and time of the last sync between AgentP and Portnox Cloud.
Note: AgentP automatically synchronizes with Portnox Cloud every 1 hour. If a sync operation fails, it means your device has connectivity problems with Portnox Cloud. For example, this may happen if you’re connected to the organization network and your device configuration is considered unsafe by the risk assessment policy. -
Tick: Manually synchronize information in AgentP with Portnox Cloud.
Connection: Name of the network that the device is connected to. This may be the name of a Wi-Fi network or a cellular network.
Roaming: Shows if the device is not in its native cellular network.
On-premise: Shows if the device is connected to a network provisioned by AgentP.
The following options are available after pressing the ≡ icon:
-
System:
-
Company, User, In Organization, Portnox device ID: Information as configured in Portnox Cloud: your company name, your enrolled user, organization name (if available), and an automatically generated unique ID for the device.
-
MDM activated: Informs whether the device is managed using a mobile device management system.
-
Application version: The version number of the AgentP application.
Location reporting: Available on Android only. Allows you to turn on or off the option of sending geolocation information to Portnox Cloud (this information has an impact on risk assessment policies).
-
-
Network: The list of secure Wi-Fi networks provisioned by AgentP.
-
Deactivate: Unenroll the current user (log out the current user). To use AgentP again, you will have to enroll it again.
-
Support: Use to open or follow up on a support ticket. Press the Send Email button to send logs to support and add any relevant information to the email.
Install certificate: Available on Android only. Allows you to install certificates in the operating system (Android does not allow applications to install certificates automatically).
Unenrolling AgentP
-
To unenroll AgentP from the user interface, click or tap on the Deactivate button in the user interface.
-
To unenroll AgentP from the command-line on Windows, execute the following commands from a command line window with administrative privileges:
net stop PortnoxAgentP "C:\Program Files\Portnox AgentP\AgentP.exe" -d net start PortnoxAgentP
Note: If AgentP was enrolled automatically, it will enroll automatically again so you will not see any difference in the user interface.
Uninstalling AgentP
-
On Windows, Android, and iOS platforms, to uninstall AgentP, follow standard operating system procedures:
-
Windows: Go to Apps & features or Add or remove programs.
-
Android: Find Portnox AgentP in the Play Store and click on the Uninstall button or long-press the AgentP icon in the Launcher and then select the Uninstall menu option.
-
iOS: Long-press the AgentP icon and then select the Remove App menu option.
Standard operating system uninstalling also removes all certificates and profiles installed by AgentP.
-
-
On macOS, follow one of the following procedures:
-
Select the Uninstall option in the menu bar on the top of the screen. This also removes the configuration profile.
-
If the Uninstall option is not available:
-
Open a Terminal app and execute the following command:
sudo /Applications/Portnox\ AgentP.app/Contents/Resources/preinstall
-
Then, execute the following command to remove the configuration profile:
/usr/bin/profiles -R -p com.portnox.agentpwifi
-
-
AgentP for Android – permissions
When installing AgentP for Android, the installer asks you for certain permissions. These permissions are optional, but the lack of some permissions may prevent certain functions of AgentP from working.
-
Allow AgentP to access this device’s location?
This permission is needed so that AgentP has access to the geographical location of the device. This information may be used by risk assessment policies. If you do not give AgentP this permission, and if risk assessment policies include geolocation information, you may be unable to access the company network.
-
Allow AgentP to access your contacts?
This permission is needed so that AgentP can get list of registered accounts. This information is displayed by AgentP but it is not needed for risk assessment policies. If you do not give AgentP this permission, it will simply not display this information.
-
Allow AgentP to make and manage phone calls?
This permission is needed so that AgentP can know the name and the type of the cellular network that your phone is connected to. This information is displayed by AgentP but it is not needed for risk assessment policies. If you do not give AgentP this permission, it will simply not display this information.
-
Allow AgentP to access photos and media on your device?
This permission is needed to send logs to Portnox if you need our help with troubleshooting. If you do not give AgentP this permission, it will not be able to access log files or send them to our support.
Data collected by AgentP
Desktop:
Data type | More information |
---|---|
Administrative vulnerabilities | Windows only (local administrators, guests, Users with non-expiring or weak passwords, anonymous access) |
Application installation source | macOS – from where applications are allowed to be installed |
Auto-login | |
Bitlocker | |
Network adapters | |
Operating system | |
Processor | |
General computer information | Manufacture, name, domain |
Critical software | Java.net versions, Adobe plugins |
FileVault status | macOS only |
Firewall | |
Hosts file data | |
Installed applications | |
Installed certificates | On a machine level, not per user |
Logged-in user information | |
Location | |
Disk drives | |
Operating memory | |
Motherboard | |
Network adapters | |
Open network connections | |
Open ports | |
Passcode policy | macOS only |
Peripheral devices | |
Running process | |
Running services | |
Security products | Antivirus, anti-spyware, anti-malware |
Installed hotfixes | |
TPM status | |
Logged-in user browser | Account, extensions, plugins |
Windows features | Windows only |
Windows update settings | Status, WSUS |
Direct access status |
Mobile:
Data type | More information |
---|---|
Are unknown source apps allowed | Android only |
Device accounts | |
Encryption status | |
Form factor | |
GSM network information | |
GSM settings | |
Installed applications | iOS: only if MDM-enrolled |
Internal storage information | |
Is the device jailbroken? | |
Location | |
Model | |
Push notification registration status | iOS only |
Open connections | |
Open ports | |
OS version | |
Passcode status | |
Timezone | |
Wi-Fi network information |