About the Agent Client Program

The agent client is a multi-function program that safeguards an end-user's computer. It will track the status of the machine and perform actions that are configured by the program administrator. It can:

  • Perform scans to detect all missing patches and product levels
  • Deploy any missing patches and product levels in order to close security holes in your software
  • Perform scans to detect and categorize the software and hardware assets contained on your machine

As the program administrator, you configure which of these actions the agent program should perform. They will occur automatically, requiring no intervention or assistance.

Accessing the Agent Client Program

You or your end users can access the Security Controls Agent two ways:

  • By selecting Start > Ivanti Security Controls Agent on the target machine.
  • By double-clicking the following executable file:

    • C:\Program Files\LANDESK\Shavlik Protect Agent\STUILauncher.exe

How to Navigate the Agent Client Program

Navigating the program is easy. You begin on the home page, which is your starting point for all actions. The home page contains a number of different tiles. You can click any of the tiles to view the associated data and perform related tasks.

A limited version of the agent client program is displayed if you happen to launch the program while it is undergoing a software update. If this occurs, simply wait a minute or two and then relaunch the program.

The Agent Control tile is always the first tile contained on the home page. The tile displays general information about the agent, including:

  • Connected to: The name of the console machine to which the agent is connected.
  • Policy: The name of the policy that is assigned to this agent.
  • Last check-in: The date and time that this agent last checked in with the console.
  • Agent version: The version of the agent software.
  • SDK version: The version of the agent framework and engine build components.

How to View the Agent Log and Perform Actions

You can click the Agent Control tile to view the agent log and perform a number of actions.

The messages presented in the agent log are system level messages that are provided for informational purposes only. There are no actions you need to take on these messages.

The following buttons are available:

  • Home: Returns you to the home page.
  • Check in: Directs the agent to check in with Security Controls and download any policy changes. An end user will typically not need to use this button unless directed by you, the administrator.
  • Update binaries: Directs the agent to download the latest scan engines and data files. An end user will typically not need to use this button unless directed by you, the administrator.
  • Clear system log: Clears all information from the log file.

The Patch Engine tile will not be displayed if there are no patch tasks defined in the agent policy.

The Patch Engine tile displays the number of missing product levels and patches that were detected during the most recent patch scan.

How to View the Available Patch Tasks and Perform Actions

You can click the Patch Engine tile to view the patch tasks that are configured for use.

A log file is provided for each available patch task. Each log contains status messages pertaining to the most recent actions that have been performed by that task. Detailed information is provided about patch downloads, installations, successes and failures. Depending on how you have configured your agent policy, there may be several tasks from which to choose.

The following buttons are available:

  • Home: Returns you to the home page.
  • Start task: When you click a task name, it starts that task on the computer. The task is performed using the unique options that were configured for the patch task.

    • A patch task will scan for software patches and product levels that are missing from the machine. The scan will run in the background, allowing you to continue working while the scan is being performed. Scan results are reported to the Security Controls console. A record of the scan is displayed in the task log.

    Depending on how you configured the patch task, if the scan detects one or more missing patches it may automatically deploy the patches. Patch deployments, if they occur, are reported to the Security Controls console. A record of the deployment is displayed in the task log.

    Refer to your corporate security policy for recommendations on if you or your end users should manually perform a patch task. For example, some organizations may require a patch task every 30 days, or it may be required for machines that have been powered off or disconnected from the network for an extended time. Other organizations may implement regularly scheduled patch tasks and may not allow manual patch tasks.

  • Stop task: Stops the patch task currently in progress. A message is recorded in the log whenever you stop a task. If there is no active task, this button will be disabled.
  • Reset retry counts: Resets all patch counters. A unique patch counter exists for every patch the program tries to download and for every patch the program tries to install. A patch counter will increment whenever a patch download or a patch installation fails. Failed download and installation attempts will be recorded in the patch log. If a patch fails to download after 11 attempts or fails to install after 4 attempts, the client program will stop trying to deploy that particular patch. The only way to resume the deployment of that patch is to click Reset retry counts.
  • Update patch data: Directs the agent to check in with the console and download the latest patch data. An end user will typically not need to use this button unless directed by you, the administrator.

The Asset Engine tile will not be displayed if there are no asset tasks defined in the agent policy.

The Asset Engine tile enables you to manually start and stop asset tasks. An asset task will identify the software and/or hardware contained on the machine. The task will run in the background, allowing you to continue working while the task is being performed. The task results are reported to the system console. Asset task results are not available within the agent program.

How to View the Asset Log and Perform Actions

You can click the Asset tile to view the asset log and perform actions.

The following buttons are available:

  • Home: Returns you to the home page.
  • Start task: When you click a task name, it starts that task on the computer. The task is performed using the unique options that were configured for the asset task. Depending on how you have configured your agent policy, there may be several tasks listed here.
  • Stop task: Stops the asset task currently in progress. A message is recorded in the asset log whenever you stop a task. If there is no active task, this button will be disabled.
  • Update data: Directs the agent to check in with the system console and download the latest asset data. An end user will typically not need to use this button unless directed by you, the administrator.

Asset Log

The asset log contains status messages pertaining to the actions that have been performed by any of the available asset tasks. For example, the log will record:

  • Each time an asset task is manually started or stopped
  • Each time a scheduled asset task is automatically started or stopped
  • ... and many other asset-related events

There may be a large number of messages displayed in the log. For the most part, the messages are low level messages meant to show that the program is doing its job and working to protect the computer. No actions are typically required on your part.

You can control an agent using the stagentctl command-line utility. You can learn about the utility by displaying the built-in help information.

  1. Open an admin command prompt on the agent machine.
  2. Change to the C:\Program Files\LANDESK\Shavlik Protect Agent directory.
  3. Display help information for the stagentctl utility.

    4. stagentctl