How the Agent Process Works

Agents are configured via the Security Controls interface and then installed on the desired machines. Once installed, each agent will periodically check in with the console, or if it is a disconnected agent it may check in with the Security Controls Cloud service. How often an agent checks in is a configurable item, but the check-ins typically occur at least once a day. An agent can also be configured to listen to the console for policy updates and download the new policy immediately.

During each check-in the agent checks with the console and does the following:

The process is a bit different if you are using Security Controls Cloud synchronization; see Security Controls Cloud Synchronization Overview for details.

• It refreshes its license. An agent license is valid for 45 days from the most recent check-in.
• It checks if it is assigned a distribution server, and if so, which one.
• It checks for any policy configuration changes. If the policy has been changed, the new policy will be pushed from the console to the agent.
• It automatically receives any new engine and data files that have become available. The agent will receive these files from either the default websites or from its assigned distribution server.
• It automatically receives a new version of the agent if it has become available.
• It receives any credential information it needs in order to authenticate itself to any distribution servers or proxy servers.

An agent will also download new engine and data files from the default website or from its assigned distribution server whenever a scheduled scan is performed.

The following figure illustrates the agent process.