I have downloaded the agent, but my employee onboarding hasn't updated?

• Once you have downloaded and installed the Agent, you will need to click on the "If you have downloaded the agent or your operating system is not listed, click here to pass the onboarding installation step" link in the Employee Onboarding section. (ex, screenshot below)

I have an employee where we retired his computer and we gave him a new computer. How should I handle this in Secureframe so that his previous device is no longer counted, and his new computer gets onboarded?

• First you can mark the old device as 'out of scope of frameworks' from the Asset Inventory page to ensure the old device will not be considered for audits.
• If possible, we do also recommend that you uninstall the agent from the old device to prevent it from pulling any information.

How does the Secureframe Agent work?

• The Secureframe agent runs as a background process that periodically checks in with Secureframe servers to report on device configurations such as whether firewall is enabled, whether hard drive is encrypted, and the strength of the password policy.
• The data being sent to Secureframe is the minimum information required to determine if a device is compliant.

Secureframe Agent is installed, but I don't see it in our Asset Inventory?

• Once the Secureframe agent is installed on your device, or users device, the agent integration will need to be resynced in order for those new devices to show up in your Asset Inventory. The Secureframe Agent integration will automatically sync daily, but an Administrator can also manually sync that integration at any point. This will then allow any newly downloaded and installed agents to register. 

How do I configure the Secureframe Agent for my operating system?

• Please reference the various "check" articles in the Secureframe Agent section of the help center for specific configuration settings on each operating system type.

What technology do you use?

• The Secureframe agent is built using osquery (https://osquery.io/) and fleetdm (https://fleetdm.com/). Osquery exposes operating system information as a relational database and securely communicates with FleetDM servers. FleetDM requests and stores information on devices running Osquery.
• The Secureframe agent installer is generated using Orbit (https://fleetdm.com/docs/using-fleet/adding-hosts#orbit-for-osquery) and handles configuring and updating osquery. Secureframe maintains a fork of the Orbit packaging code that exposes additional configuration options that are present in Orbit to be configured.

Should I use the Secureframe Agent if I already have an MDM solution?

• That depends on the MDM you're currently using, but generally it's best to only run one agent. For example, InTune provides all the required data and the Secureframe Agent does not provide anything additional. 

If a users device is connected to two MDM's (Secureframe Agent, plus another MDM), which takes priority over passing/failing tests?

• Secureframe Agent is given the priority because we control the quality of our tests. If the agent is passing then the test will show passing, and the same for failing.

What are the differences between Secureframe Agent and traditional MDM solutions?

• The Secureframe agent will allow you to see if devices are misconfigured similar to an MDM solution. Unlike a full MDM solution, however, remediation is a manual process. Full MDM solutions can enforce that devices stay correctly configured or take immediate actions when misconfigurations are detected, whereas Secureframe Agent does not provide that functionality.

How does the Secureframe Agent help my organization?

• With the Secureframe Agent, Secureframe will now monitor additional device data to help automate device management related testing for frameworks like SOC2, HIPAA, and ISO. For users of this feature, you should experience significant additional automation.

Do you have plans to add more functionality in the future?

• Yes, we will be adding additional data pulled as needed to support more compliance frameworks.

Will this let my employer spy on me?

• Absolutely not. Please review the above information for the data that Secureframe shares with your employer via the Secureframe dashboard.

How can I tell if the Secureframe Agent is installed?

Windows:

Open the Start Menu and navigate to the "Add or Remove Programs" menu. Search for “Fleet osquery”. If this is present, then the agent is installed correctly.

Mac:

After downloading and installing the agent .dmg, open Terminal and run the following command:

sudo launchctl list com.fleetdm.orbit

This commands needs to run using sudo as the agent is installed with elevated permissions. If the attribute "PID" is present in this output then the agent is installed and running.

Linux:

Open a terminal session and run:

stat /usr/lib/systemd/system/orbit.service

If you get a message with "stat: No such file or directory" then the agent did not install correctly. Please try rebooting your device and then installing it again.

For other errors, run the following to check for output from the service:

journalctl -u orbit

How can I tell if Secureframe Agent running?

Windows:

Open the Start menu and navigate to the “Services” menu. There should be a service named “Fleet osquery” with a status of "Running".

If it is not running, please restart the service and reboot your device.

If the "Fleet osquery" service does not exist at all, please try reinstalling the agent.

Mac:

Same as for installing the Secureframe Agent

sudo launchctl list com.fleetdm.orbit

confirms that the agent is installed and running. The video below demonstrates the installation and confirmation of the Secureframe Agent for a Mac.

Linux:

Open Terminal and run:

sudo systemctl status orbit.service

If you see "Enabled;" and "active (running)", then the agent is running correctly.

If you do not see both enabled and running, please follow the remediation steps in this Zendesk article:

Why doesn't my Linux device check in after restarting?

Many of our employees do not have laptops and would not need the ‘secureframe agent’ installation requirement. How do I turn off this requirement for a specific group?

• In this case, the best course is to create a new group for those users who do need to install the Agent. An example group name might be "Groups with Agent installation" and this would be applied during the Agent installation step under Employee Onboarding. If users are are not in this group, they will not be required or prompted to download the Secureframe Agent.

We did a trial of Secureframe Agent, then decided not to use it...but we are still getting notifications showing Agent not installed?

• In this scenario you will want to make sure you disable Secureframe Agent from the Onboarding section of the platform. If enabled, it will still require users to complete the install. 
• Head to Personnel, then the setting button in the top right corner, then click on the Onboarding tab, then scroll down to Secureframe Agent and disable.
• While not necessary, if want to have those user uninstall Secureframe Agent they can visit this guide here for instructions.

For the inactive employee, can I remove the Secureframe agent device monitoring?

• If the user has the agent uninstalled, our Secureframe Support team can have the device deleted from the backend.
• We will be adding a feature in the UI to delete devices from the asset list in the near future, but for now our team will have to handle this on our side.

Can I install the Secureframe Agent on my Windows ARM-based laptop? Does the Secureframe Agent support ARM architecture?

• No, the Secureframe Agent cannot be installed on laptops or computers with an Windows ARM-based processor. The Secureframe Agent package is specifically built for x86 (32-bit) and x64 (64-bit) processor architectures.

What permissions are required to install the Secureframe agent on Windows? Our users don’t have full local admin rights, and the install seems to hang on default-configured devices.

• The Secureframe agent requires local admin privileges to install on Windows. Once installed, it only needs read-only access to collect system information.