/
Agent Dependency

Agent Dependency

  • Verified

    • Dependencies

    The ConnectSecure agent requires several dependencies in the default agent installation directory according to the installed operating system. Here are the default locations for the agents:

    For Windows: ‘C:\Program Files (x86)\CyberCNSAgent’

    For Mac/Linux: /opt/CyberCNSAgent

    Lightweight Agents

    Windows

    MAC

    Linux

    ARM

    Windows

    MAC

    Linux

    ARM

    connectsecurepatch.exe
    cybercnsagentmonitor.exe
    cyberutilities.exe
    main.ps1
    osqueryi.exe
    scripts.zip
    vcruntime140.dll
    WindowsSpeculationControlFinder.zip

    cyberutilities_darwin
    main.ps1
    osqueryi_darwin
    scripts.zip

    cyberutilities_linux
    main.ps1
    osqueryi_linux
    scripts.zip

    cyberutilities_arm
    main.ps1
    osqueryi_arm
    scripts.zip

    Probe Agents

    Windows

    MAC / Linux / ARM

    Windows

    MAC / Linux / ARM

    connectsecurepatch.exe
    cybercnsagentmonitor.exe
    cyberutilities.exe
    cyberutilities_linux
    firewall_configs.zip
    main.ps1
    nmap.zip
    osqueryi.exe
    osqueryi_arm
    osqueryi_darwin
    osqueryi_linux
    scripts.zip
    vcruntime140.dll
    WindowsSpeculationControlFinder.zip

    connectsecurepatch.exe
    cyberutilities_darwin
    cyberutilities_linux
    firewall_configs.zip
    main.ps1
    nmap
    npcap
    osqueryi.exe
    osqueryi_arm
    osqueryi_darwin
    osqueryi_linux
    scripts.zip
    WindowsSpeculationControlFinder.zip

    Viewing Agent Dependency Status

    You can view the status of dependencies based on the agent by clicking on Overview > Agents and tapping on the three-dot Action menu.

    image-20240522-210457.png

    Select the Dependency Status option.

    image-20240522-210527.png

    This is an example of a Windows-based asset with a probe agent installed:

    image-20251223-151633.png

    1. Please whitelist outbound communication from the agent machine to:
      *.myconnectsecure.com

    2. Also whitelist the following URLs based on your environment:
      • POD-specific domain (e.g., <your-pod>.myconnectsecure.com)
      • Cloudflare R2 URL for dependency downloads: http://45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com/


    Note: The exact POD and Cloudflare R2 URL must be retrieved from POD/REGION whitelisting found here https://cybercns.atlassian.net/wiki/spaces/CVB/pages/2279014503/Agent+Dependency#POD%2FREGION-IP-WHITELISTING

    Dissolvable Agent for Probe-Scanned Assets

    For remote assets getting scanned via Probe Agent:

    • Whitelist the executable path below for the dissolvable agent to be entered into a remote asset.  "C:\windows\CyberCNS_DissolvableAgent" 

    • To whitelist the folder on the remote asset, use the installation folder path, i.e “C:\Windows\CyberCNSAgent”

    Port Communications

    ConnectSecure V4 Agent(s) require port 443 to be open from the agent machine to the appropriate Region/POD based on your hosting location.

    With the latest ConnectSecure update, the agent now uses RAMQ (Reliable Asynchronous Messaging Queue) for internal communication. As a result, port 4222 is no longer required.


    While the agent may still check for port 4222 during installation as a fallback, it is not actively used and does not affect scanning, updates, or overall functionality

    Windows Defender Policy

    Use the PowerShell command to add the CyberCNSAgent to your Windows Defender allow policy:

    Command: Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Program Files (x86)\CyberCNSAgent\cybercnsagent.exe"

    Whitelisting CyberCNSAgent in SentinelOne(S1)


    We recommend whitelisting the CyberCNSAgent folder to ensure uninterrupted agent functionality and reduce false positives.

    • The agent includes a signed executable (osqueryi.exe) that may invoke PowerShell during normal scan operations. This behavior is expected and safe.

    • Whitelisting the full folder ensures that all required executables and dependencies are allowed to run without interference.

    What to Whitelist:

    • Folder: C:\Windows\CyberCNSAgent\

    • Executable: osqueryi.exe

    More Information:
    For a full list of executables and dependencies used by the agent, refer to the beginning of this KB

    PowerShell Usage and Antivirus Alerts

    If your antivirus or endpoint protection software shows alerts after installing the ConnectSecure Lightweight Agent, it may flag PowerShell activity as a potential threat. This is expected behavior.
    For example, you may see an alert like: Behavior.Detection
    File Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    This happens because the agent uses PowerShell to collect system information during scans. Some security tools may treat this as suspicious, even though it’s safe and intentional.
    To prevent these alerts, we recommend whitelisting the agent’s service or allowing PowerShell activity tied to ConnectSecure. This will ensure the agent runs without interruptions.

    Supported Operating Systems

    Check out the complete list here: https://cybercns.atlassian.net/wiki/spaces/CVB/pages/edit-v2/2084470941#Supported-Operating-Systems

    POD/REGION IP WHITELISTING

    To view the POD-specific IPs, please tap the INFO option to view the details.

    image-20250206-162937.png
    image-20250206-163000.png

    Summary of how ConnectSecure systems communicate across your network

    image-20250820-190101.png

    Need Support?

    You can contact our support team by emailing support@connectsecure.com or visiting our Partner Portal, where you can create, view, and manage your tickets.

    https://cybercns.freshdesk.com/en/support/login

    image-20240206-144508.png