Agent UI
On Windows devices, the Ivanti Neurons Agent User Interface helps end-users to safeguard their computer. It surfaces the status of the Ivanti Neurons Agent and allows the end-user to perform actions that are configured by the administrator.
In addition to the Agent UI, you can control an agent using the stagentctl command-line utility on all operating systems. For more information, see The stagentctl command-line utility.
The Agent UI is an Ivanti Neurons Agent Capability. To install it on an agent endpoint, enable the Agent UI capability in the Agent Policy.
.Net v8 is installed on the endpoint as a prerequisite to the Agent UI.
Accessing the Agent UI
You or your end users can access the Ivanti Neurons Agent UI in two ways on the target device:
- Select Start > Ivanti Neurons Agent > Ivanti Neurons Cloud Agent
- Double-click the following executable file:
C:\Program Files\Ivanti\Ivanti Cloud Agent\STUILauncher.exe
How to Navigate the Agent UI
Navigating the Agent UI is easy. You begin on the home page, which is your starting point for all actions. The home page contains a number of different tiles. You can click any of the tiles to view the associated data and perform related tasks.
A limited version of the Agent UI is displayed if you happen to launch the program while it is undergoing a software update. If this occurs, wait a minute or two and then relaunch the program.
Agent Control Tile
The Agent Control tile is always the first tile on the home page. The tile displays general information about the agent, including:
- Connected to: The URL of the Ivanti Neurons tenant to which the agent is connected.
- Policy: The ID of the agent policy that is assigned to this agent.
- Last check-in: The date and time that this agent last checked in with Ivanti Neurons.
- Agent version: The version of the agent software.
- SDK version: The version of the agent framework and engine build components.
How to View the Agent Log and Perform Actions
You can click the Agent Control tile to view the agent log and perform a number of actions. The messages presented in the agent log are system-level messages that are provided for informational purposes only. There are no actions you need to take on these messages.
The following buttons are available:
- Home: Returns you to the home page.
- Check in: Directs the agent to check in with Ivanti Neurons and download any policy changes. An end user will typically not need to use this button unless directed by you, the administrator.
- Update binaries: Directs the agent to download the latest scan engines and data files. An end user will typically not need to use this button unless directed by you, the administrator.
- Clear system log: Clears all information from the log file.
Patch Engine Tile
You can use the Patch Engine tile to perform the following tasks:
- Perform periodic scans to detect all missing patches and product levels
A patch scan is automatically triggered by any of the following patching or system events:- Immediately before and after a patch deployment
- Prior to staging patch content for a deployment
- Every day (if neither of the previous two triggering events have occurred)
- A reboot of the machine (if the three day cadence has been missed)
- Open an admin command prompt on the agent machine.
- Change to the C:\Program Files\Ivanti\Ivanti Cloud Agent directory.
- Display help information for the stagentctl utility.
stagentctl
You can control an agent using the stagentctl command-line utility. You can learn about the utility by displaying the built-in help information.
- Deploy any missing patches and product levels in order to close security holes in your software
The Patch Engine tile displays the number of missing product levels and patches that were detected during the most recent patch scan.
The Patch Engine tile will not be present if a patch configuration is not associated with the Patch Management capability in the agent policy.
How to View the Available Tasks and Perform Actions
You can click the Patch Engine tile to view the patch tasks that are configured for use. A log file is provided for each available patch task. Each log contains status messages pertaining to the most recent actions that have been performed by that task. Detailed information is provided about patch downloads, installations, successes and failures. Depending on how you have configured your patch configuration, there may be several tasks from which to choose.
The following buttons are available:
- Home: Returns you to the home page.
- Start task: When you click a task name, it starts that task on the computer. The task is performed using the unique options that were configured for the patch task.
A patch task will scan for software patches and product levels that are missing from the machine. The scan will run in the background, allowing you to continue working while the scan is being performed. Scan results are reported to Ivanti Neurons. A record of the scan is displayed in the task log.
Depending on how you configured the patch task, if the scan detects one or more missing patches it may automatically deploy the patches. Patch deployments, if they occur, are reported to Ivanti Neurons. A record of the deployment is displayed in the task log.
Refer to your corporate security policy for recommendations on if you or your end users should manually perform a patch task. For example, some organizations may require a patch task every 30 days, or it may be required for machines that have been powered off or disconnected from the network for an extended time. Other organizations may implement regularly scheduled patch tasks and may not allow manual patch tasks.
- Stop task: Stops the patch task currently in progress. A message is recorded in the log whenever you stop a task. If there is no active task, this button will be disabled.
- Reset retry counts: Resets all patch counters. A unique patch counter exists for every patch the program tries to download and for every patch the program tries to install. A patch counter will increment whenever a patch download or a patch installation fails. Failed download and installation attempts will be recorded in the patch log. The client program will stop trying to deploy a particular patch if a patch fails to download after 10 attempts or fails to install (Windows: up to three times in an individual patch cycle and up to five times in total for the endpoint. Mac: up to three times. Linux: no retry). The only way to resume the deployment of that patch is to click Reset retry counts.
- Update patch data: Directs the agent to check in with Ivanti Neurons and download the latest patch data. An end user will typically not need to use this button unless directed by you, the administrator.
The stagentctl command-line utility
The stagentctl command-line utility enables you to control an agent on all operating systems. To use stagentctl, open an admin command prompt on the agent machine and navigate to the appropriate directory:
- Windows: C:\Program Files\Ivanti\Ivanti Cloud Agent\
- Mac: /usr/local/com.ivanti.cloud.agent/IvantiAgent/bin/
- Linux: opt/ivanti/isec/bin/
To see a list of available commands with help text, type stagentctl.
The command stagentctl available-tasks lists the tasks available along with an index for the task specific to the operating system. You can then run the task with index 1, for example, using stagentctl dispatch --index 1.