Health (including Hardening) and Connectivity Status

This category covers the agent installation health, hardening, and the connectivity status. Installation health is based on SComC and SK service states (more details below). Both checks and control are provided for hardening and connectivity status.

Enumerations

enum HSDCHealth : DWORD { HSDCHealthUnknown = 0, HSDCHealthNotInstalled, HSDCHealthNotRunning, HSDCHealthOk }

enum HSDCHardening : DWORD { HSDCHardeningUnknown = 0, HSDCHardeningOff, HSDCHardeningRelaxed, HSDCHardeningOn }

enum HSDCConnectivityStatus : DWORD { HSDCStatusUnknown = 0, HSDCStatusOffline, HSDCStatusOnline }

Functions

HSDCError HSDCAPI HSDCGetHealth (DWORD *pHealth, DWORD *pHardening, char **pJstr)

Provides an aggregated health status of the agent installation.

HSDCError HSDCAPI HSDCRelaxHardening (const char *jstr, const unsigned char *signature, unsigned int signatureLength)

Relaxes hardening using a digitally signed JSON payload.

HSDCError HSDCAPI HSDCRelaxHardeningWithTicket (const wchar_t *filename)

Relaxes hardening using a digitally signed ticket. This format is a binary structure generated by the Device Control server, this approach should not be used in an agent integration.

HSDCError HSDCAPI HSDCGetConnectivityStatus (DWORD *pStatus, char **pJstr)

Gets the current connectivity status. The meaning depends on the option 60 ( oiOnlineAsWired) mode.

HSDCError HSDCAPI HSDCSetConnectivityStatus (DWORD status)

Sets the current connectivity status. This function has a meaning only when the option 60 ( oiOnlineAsWired) is set to manual.

HSDCError HSDCAPI HSDCGatherDiagnosticInfo (const wchar_t *const outputPath=nullptr)

Gathers a set of diagnostic information related to the agent's environment, policies, and status. It adds these items into an EsDiag folder within that path.

Enumeration Type Documentation

HSDCHealth

enum HSDCHealth : DWORD

Enumerators

HSDCHealthUnknown	Case not covered above like invalid service path, tampered files, and so on.
HSDCHealthNotInstalled	At least one service (SComC or SK) does not exist.
HSDCHealthNotRunning	Both SComC and SK services are installed, at least one service is not running, associated binaries are digitally signed and not tampered.
HSDCHealthOk	Both SComC and SK services are running, associated binaries are digitally signed and not tampered.

HSDCHardening

enum HSDCHardening : DWORD

Enumerators

HSDCHardeningUnknown	Unknown hardening state.
HSDCHardeningOff	Hardening off.
HSDCHardeningRelaxed	Hardening relaxed, maintenance mode.
HSDCHardeningOn	Hardening on.

HSDCConnectivityStatus

enum HSDCConnectivityStatus : DWORD

Enumerators

HSDCStatusUnknown	Unknown connectivity status.
HSDCStatusOffline	Connectivity status offline.
HSDCStatusOnline	Connectivity status online.

Function Documentation

HSDCGetHealth()

HSDCError HSDCAPI HSDCGetHealth ( DWORD * pHealth, DWORD * pHardening, char ** pJstr )

Provides an aggregated health status of the agent installation.

Parameters

pHealth

[out] Non nullptr pointer to a DWORD value which upon success will contain the a member of HSDCHealth.

pHardening

[out] Non nullptr pointer to a DWORD value which upon success will contain the a member of HSDCHardening.

pJstr

Returns a JSON string with all details, formatted as below:

Copy

{
  "health": "ok",
  "hardening" : {
    "mode": "extended",
    "state" : "active",
    "salt" : "G88SJ-48WRA-3SQDH-DXRGM-N13AH"
  },
  "services" : [
         {
            "bitness" : "64",
            "filename" : "\\SystemRoot\\system32\\drivers\\sk.sys",
            "name" : "sk",
            "status" : "running",
            "version" : "5.3.39"
         },
         {
             "bitness" : "64",
             "filename" : "C:\\Program Files\\Ivanti\\Device and Application Control\\Client\\scomcd.exe",
             "name" : "scomc",
             "status" : "running",
             "version" : "5.3.715"
         },
         {
             "bitness" : "64",
             "filename" : "\\SystemRoot\\system32\\DRIVERS\\sk_ndis.sys",
             "name" : "sk-ndis-lwf",
             "status" : "running",
             "version" : "4.6.505"
         },
         {
             "bitness" : "64",
             "filename" : "\\SystemRoot\\system32\\drivers\\skfs.sys",
             "name" : "skfs",
             "status" : "running",
             "version" : "5.3.39"
        }
    ]
}

Valid health values are: "ok", "notRunning", "notInstalled", "unknown".
Valid hardening mode values are : "disabled", "basic", "extended".
Valid hardening state values are : "active", "inactive".
Valid service signature values are : "valid", "invalid".
Valid service status values are : "running", "stopped".

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error
HSDCErrorNotInitialized	Initialization was not performed

HSDCRelaxHardening()

HSDCError HSDCAPI HSDCRelaxHardening ( const char * jstr, const unsigned char * signature, unsigned int signatureLength )

Relaxes hardening using a digitally signed JSON payload.

Parameters

jstr

A JSON string containing the maintenance ticket information, as below:

Copy

 {
    "version": "1",
    "salt": "G88SJ-48WRA-3SQDH-DXRGM-N13AH",
    "from": "2012-04-23T18:25:43.511Z",
    "until": "2012-04-23T20:25:43.511Z",
    "computers": [
        "machine.domain.com",
        "machine2"
    ],
    "users": [
        "S-1-5-21-812910569-3317027032-1161269547-7039",
        "S-1-5-32-544"
    ],
    "server": "server.domain.com",
    "admin": "Admin123",
    "comments": "LES 4.6 SR2 upgrade"
}

Salt is needed if the endpoint is in extended mode. Server, admin, and comments are for information only.

signature

RSA signature of jstr parameter, this signature is going to be checked with the sx-public.key in the sxdata folder (which is loaded by SComC at start).

signatureLength

RSA signature length (2048 bits / 256 bytes with the current agent key length).

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error
HSDCErrorNotInitialized	Initialization was not performed

HSDCRelaxHardeningWithTicket()

HSDCError HSDCAPI HSDCRelaxHardeningWithTicket ( const wchar_t * filename )

Relaxes hardening using a digitally signed ticket. This format is a binary structure generated by the Device Control server, this approach should not be used in an agent integration.

An alternative is to copy the file in the Ticket folder specified during installation steps, but this will be asynchronous and will lack the feedback.

Parameters

filename

The full path of the maintenance ticket

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error
HSDCErrorNotInitialized	Initialization was not performed

HSDCGetConnectivityStatus()

HSDCError HSDCAPI HSDCGetConnectivityStatus ( DWORD * pStatus, char ** pJstr )

Gets the current connectivity status. The meaning depends on the option 60 ( oiOnlineAsWired) mode as described below:

0 "server": Online if the last agent communication with the device control server was successful, Offline otherwise
1 "wired" : Online if the network communication is performed though a wired NIC, Offline otherwise(WiFi, ...)
2 "manual": Online / Offline is controlled through the API

Parameters

pStatus	[out] The status value (one of `HSDCConnectivityStatus`)
pJstr	[out] JSON string with all details, formatted as below: Copy `{ "mode": "wired" "status" : "online", }`

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error
HSDCErrorScomcCommFailure	Unable to communicate with SComC service
HSDCErrorNotInitialized	Initialization was not performed

HSDCSetConnectivityStatus()

HSDCError HSDCAPI HSDCSetConnectivityStatus ( DWORD status )

Sets the current connectivity status. This function has a meaning only when the option 60 ( oiOnlineAsWired) is set to manual.

Parameters

status

One of the HSDCConnectivityStatus values

Returns

HSDCErrorSuccess	The operation succeeded
HSDCErrorInvalidArg	Input was nullptr
HSDCErrorUnexpected	Unexpected error
HSDCErrorAccessDenied	Calling process is not privileged or option 60 is not set to manual

HSDCGatherDiagnosticInfo()

HSDCError HSDCAPI HSDCGatherDiagnosticInfo ( const wchar_t *const outputPath = nullptr )

Gathers a set of diagnostic information related to the agent's environment, policies, and status. It adds these items into an EsDiag folder within that path.

Parameters

outputPath

The destination folder into which the EsDiag folder is placed. By default, or if nullptr or an empty string is provided, the file is placed next to the calling process executable.

Returns

One of the HSDCError enum members
HSDCErrorNotInitialized	The API is not correctly set up using `HSDCStartup`
HSDCErrorInvalidFile	The function failed to set up the output directory or files