What is the Portnox AgentP?

In this topic, you will learn what is the Portnox™ AgentP software and how it works.

Portnox AgentP is a lightweight software agent for installation on user devices. AgentP is not necessary to use Portnox Cloud but without it, some functions of Cloud are not available.

The following are the benefits of using Portnox AgentP:

  • More information about the device: With AgentP, Portnox Cloud has access to additional information about the device. It knows the device type, operating system, user, IP address, system configuration, installed applications, and more.

  • Easier onboarding: Onboarding with AgentP is easier and faster than by configuring connections manually, especially if you want to use certificates for user/device authentication.

  • Risk policies: Since AgentP has access to more information about the device, it is possible to use it to build the device risk policy, and then control network access based on the risk level. For example, you can use AgentP to discover that an Android phone has risky software installed, or that a Windows disk encryption is not active.

  • Remediation: AgentP also lets you perform automatic remediation actions on user devices. For example, if it discovers that the device’s antivirus software is out of date or turned off, it can update it and turn it on.

Installation requirements

AgentP is available on the following platforms:

  • Microsoft Windows (7 SP3 and higher)
  • Apple macOS (10.9 Mavericks and higher)
  • Apple iOS (7 and higher)
  • Android (5 Lollipop and higher)
  • Linux (Ubuntu 14.04 and higher, Debian 7 and higher, Mint 17 and higher, CentOS 7.2 and higher, RHEL 7.1 and higher)

Resource requirements:

  • Memory and disk consumption:
    • Windows: Approximately 75 MB RAM and approximately 9 MB of disk space.
    • MacOS: Approximately 24 MB RAM and approximately 12 MB of disk space.
  • CPU consumption: A prolonged test using a 2012 Intel i7 Dual-Core processor has shown AgentP consuming 0.1 % of CPU peek during normal operation. CPU only spiked higher during initial provisioning and other one-off tasks of interacting with the AgentP UI.

  • Network bandwidth consumption: Negligible. AgentP performs full synchronization with Portnox Cloud once an hour and also detects risk posture changes in real time. In a prolonged test, the consumption for these tasks averaged 211 bps up (241 total packets) and 122 bps (115 total packets).

    Note: There are a few cases when AgentP reports a new device status to Portnox Cloud immediately:
    • After Internet availability has changed
    • If a new IP address is assigned to the device
    • If a security center status has changed, for example, an antivirus or firewall was enabled or disabled
    • If the device has just woken up from sleep
    • If a Windows service controlled by a risk policy was started or stopped
Note: When installing AgentP on mobile devices, you are asked to grant various permissions. All of the requested permissions are required for AgentP to work correctly and if you do not grant some of these permissions, AgentP may not work on your device.

User interface options

Note: Specific interface options that are available in your AgentP depend on the operating system, the AgentP configuration, and Portnox Cloud settings for AgentP.

Desktop

The following is an explanation of user interface options:

  • Notifications: This tab contains notifications from Portnox Cloud concerning the risk assessment policy. These notifications are also sent as system notifications.

  • Last update: The date and time of the last sync between AgentP and Portnox Cloud.

    Note: AgentP automatically synchronizes with Portnox Cloud every 1 hour. If a sync operation fails, it means your device has connectivity problems with Portnox Cloud. For example, this may happen if you’re connected to the organization network and your device configuration is considered unsafe by the risk assessment policy.
  • Sync now: Manually synchronize information between AgentP and Portnox Cloud.

  • Connection: Name of the network that the device is connected to. This may be the name of a Wi-Fi or a wired network. If the device is connected using multiple interfaces to both Wi-Fi and wired networks, the Wi-Fi network name is displayed.

  • Company, User, Portnox device ID: Information as configured in Portnox Cloud: your company name, your enrolled user, and an automatically generated unique ID for the device.

  • Application version: The version number of the AgentP application.

  • Deactivate: Unenroll the current user (log out the current user). To use AgentP again, you will have to enroll it again.

  • Uninstall: Completely uninstall AgentP from your operating system.

    Note: On macOS, this option is available in the AgentP menu in the menu bar on top of the screen. You cannot uninstall AgentP on macOS by dragging its icon to Trash.
  • Networks: The list of secure networks provisioned by AgentP.

Mobile

The following is an explanation of user interface options:

  • Last tick: The date and time of the last sync between AgentP and Portnox Cloud.

    Note: AgentP automatically synchronizes with Portnox Cloud every 1 hour. If a sync operation fails, it means your device has connectivity problems with Portnox Cloud. For example, this may happen if you’re connected to the organization network and your device configuration is considered unsafe by the risk assessment policy.
  • Tick: Manually synchronize information in AgentP with Portnox Cloud.

  • Connection: Name of the network that the device is connected to. This may be the name of a Wi-Fi network or a cellular network.

  • Roaming: Shows if the device is not in its native cellular network.

  • On-premise: Shows if the device is connected to a network provisioned by AgentP.

The following options are available after pressing the  ≡  icon:

  • System:

    • Company, User, In Organization, Portnox device ID: Information as configured in Portnox Cloud: your company name, your enrolled user, organization name (if available), and an automatically generated unique ID for the device.

    • MDM activated: Informs whether the device is managed using a mobile device management system.

    • Application version: The version number of the AgentP application.

    • Location reporting: Available on Android only. Allows you to turn on or off the option of sending geolocation information to Portnox Cloud (this information has an impact on risk assessment policies).

  • Network: The list of secure Wi-Fi networks provisioned by AgentP.

  • Deactivate: Unenroll the current user (log out the current user). To use AgentP again, you will have to enroll it again.

  • Support: Use to open or follow up on a support ticket. Press the Send Email button to send logs to support and add any relevant information to the email.

  • Install certificate: Available on Android only. Allows you to install certificates in the operating system (Android does not allow applications to install certificates automatically).

Uninstalling AgentP

  • On Windows, Android, and iOS platforms, to uninstall AgentP, follow standard operating system procedures:

    • Windows: Go to Apps & features or Add or remove programs.

    • Android: Find Portnox AgentP in the Play Store and click on the Uninstall button or long-press the AgentP icon in the Launcher and then select the Uninstall menu option.

    • iOS: Long-press the AgentP icon and then select the Remove App menu option.

    Standard operating system uninstalling also removes all certificates and profiles installed by AgentP.

  • On macOS, follow one of the following procedures:

    • Select the Uninstall option in the menu bar on the top of the screen. This also removes the configuration profile.

    • If the Uninstall option is not available:

      1. Open a Terminal app and execute the following command:
        sudo /Applications/Portnox\ AgentP.app/Contents/Resources/preinstall
      2. Then, execute the following command to remove the configuration profile:
        /usr/bin/profiles -R -p com.portnox.agentpwifi

Data collected by AgentP

Desktop:

Data type More information
Administrative vulnerabilities Windows only (local administrators, guests, Users with non-expiring or weak passwords, anonymous access)
Application installation source macOS – from where applications are allowed to be installed
Auto-login
Bitlocker
Network adapters
Operating system
Processor
General computer information Manufacture, name, domain
Critical software Java.net versions, Adobe plugins
FileVault status macOS only
Firewall
Hosts file data
Installed applications
Installed certificates On a machine level, not per user
Logged-in user information
Location
Disk drives
Operating memory
Motherboard
Network adapters
Open network connections
Open ports
Passcode policy macOS only
Peripheral devices
Running process
Running services
Security products Antivirus, anti-spyware, anti-malware
Installed hotfixes
TPM status
Logged-in user browser Account, extensions, plugins
Windows features Windows only
Windows update settings Status, WSUS
Direct access status

Mobile:

Data type More information
Are unknown source apps allowed Android only
Device accounts
Encryption status
Form factor
GSM network information
GSM settings
Installed applications iOS: only if MDM-enrolled
Internal storage information
Is the device jailbroken?
Location
Model
Push notification registration status iOS only
Open connections
Open ports
OS version
Passcode status
Timezone
Wi-Fi network information