I have downloaded the agent, but my employee onboarding hasn't updated?
- Once you have downloaded and installed the Agent, you will need to click on the "If you have downloaded the agent or your operating system is not listed, click here to pass the onboarding installation step" link in the Employee Onboarding section. (ex, screenshot below)
I have an employee where we retired his computer and we gave him a new computer. How should I handle this in Secureframe so that his previous device is no longer counted, and his new computer gets onboarded?
- First you can mark the old device as 'out of scope of frameworks' from the Asset Inventory page to ensure the old device will not be considered for audits.
- If possible, we do also recommend that you uninstall the agent from the old device to prevent it from pulling any information.
How does the Secureframe Agent work?
- The Secureframe agent runs as a background process that periodically checks in with Secureframe servers to report on device configurations such as whether firewall is enabled, whether hard drive is encrypted, and the strength of the password policy.
- The data being sent to Secureframe is the minimum information required to determine if a device is compliant.
Secureframe Agent is installed, but I don't see it in our Asset Inventory?
- Once the Secureframe agent is installed on your device, or users device, the agent integration will need to be resynced in order for those new devices to show up in your Asset Inventory. The Secureframe Agent integration will automatically sync daily, but an Administrator can also manually sync that integration at any point. This will then allow any newly downloaded and installed agents to register.
How do I configure the Secureframe Agent for my operating system?
- Please reference the various "check" articles in the Secureframe Agent section of the help center for specific configuration settings on each operating system type.
What technology do you use?
- The Secureframe agent is built using osquery (https://osquery.io/) and fleetdm (https://fleetdm.com/). Osquery exposes operating system information as a relational database and securely communicates with FleetDM servers. FleetDM requests and stores information on devices running Osquery.
- The Secureframe agent installer is generated using Orbit (https://fleetdm.com/docs/using-fleet/adding-hosts#orbit-for-osquery) and handles configuring and updating osquery. Secureframe maintains a fork of the Orbit packaging code that exposes additional configuration options that are present in Orbit to be configured.
Should I use the Secureframe Agent if I already have an MDM solution?
- That depends on the MDM you're currently using, but generally it's best to only run one agent. For example, InTune provides all the required data and the Secureframe Agent does not provide anything additional.
If a users device is connected to two MDM's (Secureframe Agent, plus another MDM), which takes priority over passing/failing tests?
- Secureframe Agent is given the priority because we control the quality of our tests. If the agent is passing then the test will show passing, and the same for failing.
What are the differences between Secureframe Agent and traditional MDM solutions?
- The Secureframe agent will allow you to see if devices are misconfigured similar to an MDM solution. Unlike a full MDM solution, however, remediation is a manual process. Full MDM solutions can enforce that devices stay correctly configured or take immediate actions when misconfigurations are detected, whereas Secureframe Agent does not provide that functionality.
How does the Secureframe Agent help my organization?
- With the Secureframe Agent, Secureframe will now monitor additional device data to help automate device management related testing for frameworks like SOC2, HIPAA, and ISO. For users of this feature, you should experience significant additional automation.
Do you have plans to add more functionality in the future?
- Yes, we will be adding additional data pulled as needed to support more compliance frameworks.
Will this let my employer spy on me?
- Absolutely not. Please review the above information for the data that Secureframe shares with your employer via the Secureframe dashboard.
How can I tell if the Secureframe Agent is installed?
Windows:
Open the Start Menu and navigate to the "Add or Remove Programs" menu. Search for “Fleet osquery”. If this is present, then the agent is installed correctly.
Mac:
After downloading and installing the agent .dmg, open Terminal and run the following command:
sudo launchctl list com.fleetdm.orbit
This commands needs to run using sudo as the agent is installed with elevated permissions. If the attribute "PID" is present in this output then the agent is installed and running.
Linux:
Open a terminal session and run:
stat /usr/lib/systemd/system/orbit.service
If you get a message with "stat: No such file or directory" then the agent did not install correctly. Please try rebooting your device and then installing it again.
For other errors, run the following to check for output from the service:
journalctl -u orbit
How can I tell if Secureframe Agent running?
Windows:
Open the Start menu and navigate to the “Services” menu. There should be a service named “Fleet osquery” with a status of "Running".
If it is not running, please restart the service and reboot your device.
If the "Fleet osquery" service does not exist at all, please try reinstalling the agent.
Mac:
Same as for installing the Secureframe Agent
sudo launchctl list com.fleetdm.orbit
confirms that the agent is installed and running. The video below demonstrates the installation and confirmation of the Secureframe Agent for a Mac.
Linux:
Open Terminal and run:
sudo systemctl status orbit.service
If you see "Enabled;" and "active (running)", then the agent is running correctly.
If you do not see both enabled and running, please follow the remediation steps in this Zendesk article:
Why doesn't my Linux device check in after restarting?
Many of our employees do not have laptops and would not need the ‘secureframe agent’ installation requirement. How do I turn off this requirement for a specific group?
- In this case, the best course is to create a new group for those users who do need to install the Agent. An example group name might be "Groups with Agent installation" and this would be applied during the Agent installation step under Employee Onboarding. If users are are not in this group, they will not be required or prompted to download the Secureframe Agent.
We did a trial of Secureframe Agent, then decided not to use it...but we are still getting notifications showing Agent not installed?
- In this scenario you will want to make sure you disable Secureframe Agent from the Onboarding section of the platform. If enabled, it will still require users to complete the install.
- Head to Personnel, then the setting button in the top right corner, then click on the Onboarding tab, then scroll down to Secureframe Agent and disable.
- While not necessary, if want to have those user uninstall Secureframe Agent they can visit this guide here for instructions.
For the inactive employee, can I remove the Secureframe agent device monitoring?
- If the user has the agent uninstalled, our Secureframe Support team can have the device deleted from the backend.
- We will be adding a feature in the UI to delete devices from the asset list in the near future, but for now our team will have to handle this on our side.
I am getting an error when installing the secureframe agent on Windows. The .msi error says Microsoft Defender smartscreen prevented an unrecognized app from starting. Publisher: unknown publisher. What should I do here?
- The Secureframe Agent is meant to be a stopgap for customers until they can purchase an MDM solution with more robust features such as enforcement and remote wipe. With that said, this is still very important to our Product Team and a current focus on our roadmap.
- If you would rather not install the agent on your windows device, you can manually upload evidence for your single windows deice to pass the various tests. We recommend you consult with your Secureframe admin.
Related to
Comments
0 comments
Article is closed for comments.