Agent Dependency and Whitelisting
- Ryan Seymour
- Vrushali
Dependencies
The ConnectSecure agent requires several dependencies in the default agent installation directory according to the installed operating system.
For Windows: ‘C:\Program Files (x86)\CyberCNSAgent’
For Mac/Linux: /opt/CyberCNSAgent
Windows | MAC | Linux | ARM |
|---|---|---|---|
Lightweight Agents | |||
connectsecurepatch.exe |
|
|
|
cybercnsagentmonitor.exe |
|
|
|
cyberutilities.exe | cyberutilities_darwin | cyberutilities_linux | cyberutilities_arm |
main.ps1 | main.ps1 | main.ps1 | main.ps1 |
osqueryi.exe | nmap | nmap | osqueryi_arm |
scripts.zip | osqueryi_darwin | osqueryi_linux | scripts.zip |
vcruntime140.dll | scripts.zip | scripts.zip |
|
WindowsSpeculationControlFinder.zip |
|
|
|
Additional Dependencies For Probe Agent | |||
osqueryi_darwin | osqueryi.exe | osqueryi.exe | osqueryi.exe |
osqueryi_linux | osqueryi_linux | osqueryi_darwin | osqueryi_linux |
osqueryi_arm | osqueryi_arm | osqueryi_arm | osqueryi_darwin |
firewall_configs.zip | firewall_configs.zip | firewall_configs.zip | firewall_configs.zip |
nmap.zip | nmap | nmap | nmap |
npcap.exe > 1.50 version |
|
|
|
WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip | WindowsSpeculationControlFinder.zip |
You can view the status of dependencies based on the agent by clicking on Overview > Agents and tapping on the three-dot Action menu.
Select the Dependency Status option.
This is an example of a Windows-based asset with a probe agent installed:
Please whitelist outbound communication from the agent machine to *.myconnectsecure.com and Whitelist below URL for Cloudflare R2 to download dependencies:
45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com
You can test the connection using the below command:
telnet 45ee58f3bc4d04c0e1ae971fde066899.r2.cloudflarestorage.com 443You can install TELNET CLIENT from Microsoft here: Install Telnet Client
Dissolvable Agent for Probe-Scanned Assets
For remote assets getting scanned via Probe Agent:
Whitelist the executable path below for the dissolvable agent to be entered into a remote asset. "C:\windows\CyberCNS_DissolvableAgent"
To whitelist the folder on the remote asset, use the installation folder path, i.e “C:\Windows\CyberCNSAgent”
Port Communications
ConnectSecure V4 Agent(s) require ports 4222 and 443 to be open from the agent machine to the respective Region/POD IP addresses as shown below, based on your POD.
Windows Defender Policy
Use the PowerShell command to add the CyberCNSAgent to your Windows Defender allow policy:
Command: Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Program Files (x86)\CyberCNSAgent\cybercnsagent.exe"
Supported Operating Systems
Check out the complete list here: Agent Configurations | Supported Operating Systems
Need Support?
You can contact our support team by emailing support@connectsecure.com or visiting our Partner Portal, where you can create, view, and manage your tickets.