Agents

The Verify Privilege Manager Agents are a critical component of IBM Security's application control and local security, giving you the ability to evaluate the health and status of endpoints in real time. Agents are required on endpoint machines to implement Verify Privilege Manager policies.

Verify Privilege Manager provides pre-configured and fully customizable reporting on the status of agents and endpoint operating systems. In the Verify Privilege Manager reporting dashboard, you can drill into reports based on any dimension and easily export report data to other reporting applications or Excel.

Verify Privilege Manager supports agents on these workstations:

• Windows
• macOS

For information about installing agents, refer to Agent Installation to review agent system requirements and the specific agent installation procedures. This section of our document is a general agent information section, containing details about how to use/interact with agents and to provide information about the agent processes.

Agent Hardening

Windows Endpoints

To make sure that local Administrators do not tamper with IBM Security agents running on their system, Verify Privilege Manager Administrators can define users that can start and stop the Verify Privilege Manager services running on endpoints, such as the IBM Security Agent or IBM Security Application Control. Refer to Agent Hardening.

macOS Endpoints

It is not currently possible to prevent a local administrator account on macOS from starting and stopping a background service like the Verify Privilege Manager agent. Refer to macOS Agent Hardening for best practices.

Post Agent Installation

When your agents are installed, you can verify the status of your Agents' health in terms of Registration State and Policy State from the Home page. You also can navigate to Admin | Agents for more information about installed agents.

The Agent Health dials describe how many Managed Operating Systems you have as well as your Agent(s) Registration State and Policy State. If you click on the Agent Registration State dial, you will see a report on a list of machines (the "MonitoredResource" column) where each registered agent is installed.

Clicking the Agent Policy State dial from the Home dashboard brings you to a report that links all of your agent-registered machines with the Number of Policies Missing from each agent. This page will become invaluable once you have multiple policies running over different computer groups in your network.

Agent Diagnostics

Once your agents are installed, verify that they have registered in Verify Privilege Manager. Navigate to either:

• Admin | Diagnostics to access the Diagnostics page or

  

• ADMIN | Agents to view your agent details.

  

After the initial policies are received, future updates will be based on the task schedules set in Update Applicable Policies and Scheduled Registration policies. Ensure to select the correct policies based on Windows or Mac operating systems. To edit these schedules, navigate to your computer group and select Scheduled Jobs. The Triggers can be customized under the Job Schedule section.

On the agent details page you will see the quantity of agents registered and what operating system is running on registered endpoints. Registered endpoints can also be viewed in the report Agent Installation Summary by navigating to the Agent Reports tab.

From the the reports pages you can click into any of the target machines listed that have a IBM Security agent installed. Pictured below is a view from one of these resource pages where you can check the machine's System Health and configured policies.

Agent Encryption

The agent traffic is secured via SSL/TLS (1.2).

Elevated Processes

Starting with Verify Privilege Manager version 10.8.2, the agent adds memory checks for all processes that are managed/elevated via Verify Privilege Manager. Any processes not managed by Verify Privilege Manager, should be checked for process hollowing through means of products like Windows Defender ATP.