This article brings together common customer questions and practical answers based on typical Secureframe workflows, compliance situations and unique tech stacks.

It is meant as quick reference material for day-to-day use of the product.

Agent behavior and scope

Can I create custom checks for the Secureframe Agent on Linux to support distributions or tests that aren't currently covered?

• While custom checks aren't a self-service feature, there is a workaround. If you can write valid SQL queries compatible with OSQuery, submit them to your Secureframe support contact, who will forward them to our Automation team for review. Approved queries can be added to the Agent, extending coverage for your Linux environment.

Does the secureframe agent notify employees when an operating system is not up to date?

• No, the Secureframe Agent does not notify employees directly if their operating system is out of date.

   

  Instead, the Agent collects data about the device, including the operating system version, and reports this information back to the Secureframe platform. This allows administrators and compliance teams to monitor OS versions across devices and identify which endpoints may be out of compliance. Any follow-up communication or remediation typically comes from your internal IT or security team, not the Agent itself.

   

  You can view OS version data in the Secureframe platform under the Devices section, where flagged devices may indicate outdated operating systems depending on your configuration and compliance requirements.

How can I find and access the master index article for SecureFrame Agent?

• You can find and access the Master Index article for the Secureframe Agent here:

   

  https://support.secureframe.com/hc/en-us/articles/39604302500371--Master-Index-Secureframe-Agent

   

  This Master Index serves as a centralized hub that links out to all key articles related to the Secureframe Agent—such as installation instructions, supported systems, troubleshooting guides, and more. It's a great starting point if you're looking to understand or manage any aspect of the agent.

Is my device’s operating system too old to support the Secureframe Agent?

• If your operating system is outdated, the Secureframe Agent may not install or run properly.

  - You’ll need to upgrade your OS and then download a new Agent build from your Secureframe dashboard.
  - After installation, your device should begin syncing again.

My Secureframe Agent is working — now what?

• If you’ve:
  - Reinstalled the Secureframe Agent,
  - Verified the OS is supported,
  - Uploaded Agent logs (if applicable),
  - Synced successfully with the platform…

  …and your device now appears in Asset Inventory — success! You’re good to go.

My serial number was provided — what happens next with the Secureframe Agent?

• If your serial number is already in our internal system:
  - We’ll re-sync your Secureframe Agent connection to try and restore visibility in Asset Inventory.

  If your serial number is not found, we’ll walk you through additional troubleshooting steps to reinstall or rebuild your Agent package.

What if my Secureframe Agent build was deleted?

• If your build was previously removed:

  1. We’ll delete any corrupted or outdated versions.
  2. You’ll be asked to re-download a new Secureframe Agent build from your dashboard.
  3. Reinstall the new build and wait a few minutes for the device to sync.

  Once complete, your device should begin reporting to the Asset Inventory.

What should I do if the Secureframe agent is showing as offline?

• The Secureframe Agent needs to be online for at least 5 minutes to properly connect and sync. Please ensure your device maintains internet connectivity for this duration.

Why did the Secureframe Agent lose its connection and require the customer to manually reconnect?

• This was caused by a temporary network issue on Secureframe's end that affected a small number of agent connections. It was not related to expired credentials, device connectivity, or an outdated operating system. Secureframe proactively reconnected the affected sessions, though in this case the customer had already reconnected on their own before the team reached it. As a general note, because the Secureframe Agent does not store customer credentials, agent connections should not be disabled under these circumstances -- this is a known gap that has been flagged internally for improvement.

Why does the screen lock for Secureframe agent (Windows) need to be 15 mins or less?

• Most frameworks require this, and while they don’t always specify time, PCI specifically requires it to be 15 minutes or less. The test controls provide more details for each framework.

Why is the Secureframe Agent download button stuck spinning?

• When you open the “Employee Onboarding → Agent Installation” page, Secureframe generates a unique Agent installer package just for you. This process happens in the background and usually only takes a few minutes.

  However, in rare cases, something may prevent the download from completing. This will cause the download button to appear stuck with a spinning indicator.

  Why does this happen?
  Each Secureframe Agent build is customized per user and device type. When your company connects the Secureframe Agent integration, two jobs are automatically triggered:

  One to generate a Mac installer package for your company

  Another to create unique Agent packages for each of your team members

  When you visit the installation page, Secureframe checks if your personalized Agent package is ready. If not, it begins building it. The spinner indicates we’re waiting for that build to complete. If something goes wrong during the build, the spinner may never complete.

  What you can try:
  Wait a few minutes and refresh the page.

  Try opening the Agent Installation page in an incognito or private browser window.

  If the issue continues for more than 10 minutes, contact Secureframe Support. We’ll investigate and help you complete the installation.

Installation and coverage

Can the SecureFrame agent be installed in mass by a system administrator, instead of individual users?

• Currently, the Secureframe Agent is not designed for mass deployment or scripted installation. Each user must download and install their unique Agent build from the Secureframe dashboard, as it’s tied to their individual profile.

How can I confirm if Secureframe agent is installed?

• Check the task manager, in the services tab, for a service named “orbit osquery” (orbit.exe). The device appears in asset inventory after its first check-in during an agent sync.

How can I find out which other device has the Secureframe Agent installed?

• The Secureframe Agent can only be installed on one device per user account. If you attempt to install the Agent on multiple devices (for example, both a Mac and a Windows machine), this can cause inconsistencies and the Agent may not function properly.

  To check which device currently has the Agent installed under your account:
  Go to the Personnel tab in the Secureframe platform.

  Select your user profile.

  Navigate to the Devices tab.

  You will see a list of all devices associated with your user account, including the operating system and device name.

  If you see more than one device listed, the Agent may be installed on both. To fix this, you’ll need to remove the Agent from one of the devices.

I reinstalled the Secureframe Agent — why is the device still not appearing?

• If the Agent installation appears successful, but your device still isn’t reporting:

  1. Confirm that the device is on a supported OS
  2. Verify that Agent logs exist
  3. Check if your Agent build was previously deleted (this sometimes happens during reassignments or resets)

  If a prior build was deleted, we may need to trigger a new one.

Is it possible for users to have the Secureframe Agent installed and recognized under two different instances? For example, a Secureframe Customer A is managed by Customer B, and there are two users who have installed the Agent under both instances.

• No, the Agent can only be installed for 1 company at a time.

   

  Our recommendation is that you pick one company to install Agent packages from.

On installation of the Secureframe Agent for Linux, the .deb file installs another piece of software called "orbit-osquery". What is this?

• Orbit is a runtime that manages the osquery runtime (updating, installing, etc.). Osquery is what our agent uses to pull information from the system like encryption state, screensaver, etc.

What information does Secureframe Support need to troubleshoot Secureframe Agent installation issues?

• To help us investigate why the Secureframe Agent isn’t reporting your device, please provide:
  - Your device’s serial number
  - Your operating system version
  - A copy of your Secureframe Agent logs

  You can upload this information to your Secureframe support ticket.

Why does macOS block the Secureframe Agent installer with a “could not verify” error?

• If you see the following error when trying to install the Secureframe Agent on your Mac:

  “secureframe-agent.pkg” Not Opened
  Apple could not verify “secureframe-agent.pkg” is free of malware that may harm your Mac or compromise your privacy.

  This typically means macOS was unable to verify the integrity of the package due to a missing or outdated signature. This can sometimes happen if the installer is partially downloaded or an older version is being used.

  How to resolve:
  Uninstall the current Secureframe Agent from your device.

  Re-download the newest Agent package from the Employee Onboarding → Agent Installation page in your Secureframe dashboard.

  Reinstall the freshly downloaded version.

  If you still see this warning, try the following:

  Right-click (or Control + click) the .pkg file

  Choose Open from the context menu

  Click Open again in the warning dialog to proceed with installation

  This bypasses Apple’s Gatekeeper for one-time approved apps.

Troubleshooting

When examining the stderr log for the SecureFrame Agent on the Mac, it is full of errors concerting Windows and Linux resources it is trying to access. Why is that?

• This is expected behavior and not a cause for concern. The agent is functioning correctly and reporting all expected data. However, due to Fleet limitations, it runs queries intended for Windows and Linux devices even on macOS, resulting in repeated “no such table” errors for OS-specific tables like windows_security_center or deb_packages. These errors do not impact agent performance. While they may cause logs to grow in size, the logs can be safely deleted or truncated at any time without affecting functionality.

Additional customer questions

Does the agent connect into the device and pull the information OR does the device push the information to the agent?

• The agent is installed on the device, and it connects to a server that instructs the agent on what information to pull and send back to the server.

How can I verify if my organization has implemented a specific software agent?

To check if a software agent (like Secureframe Agent or MDM/Endpoint applications) is implemented:

Go to Settings → Integrations
This page lists all integrations and agent-based tools currently connected to your organization’s Secureframe account.

Look for the relevant application and if the integration is listed as “Connected” or “Installed,” it means the agent is implemented.

(Optional) Verify deployment in Asset Inventory
After confirming the agent is connected, go to Asset Inventory → Devices to see which devices are reporting in, confirming actual deployment across your org.

🔒 Note: Only admins have access to the Integrations and Asset Inventory pages. If you do not have access, please contact your Secureframe admin.

How many master indexes are available?

Secureframe has three main Master Index articles that serve as central hubs for key documentation and resources.

Is it necessary to verify properties and ensure the startup type is set to Automatic?

No action is needed on your end. Once the Secureframe Agent is installed, it is automatically configured to run. This is built into how the agent works by default.

What should I do if a device has been inactive for several years but has not been removed from my account?

Devices should automatically be removed from your account 30 days after once the Secureframe Agent is uninstalled.

However, if a device remains listed after being inactive for an extended period, you can contact our support team for help.

Please email support@secureframe.com with the device name and any other identifying details (e.g., last known user, operating system), and we’ll manually remove it from the backend.

Does Secureframe support Windows Hello (PIN/biometric) as a valid alternative for password policy checks on Windows 11 Pro devices where "Only allow Windows Hello sign-in" is enabled?

Not currently, and there's no planned update to the agent/test logic at this time. That said, we don't recommend disabling Windows Hello just to pass the test, especially given it's the Microsoft-recommended approach. Customers in this situation can upload evidence manually to satisfy the check. If you'd like to see native Windows Hello support added, please submit a feature request so we can add it to our backlog.