Enable and configure Agent Watcher
The Agent Watcher utility is installed with the standard Endpoint Manager agent, but it is turned off by default.
Agent Watcher can be activated through the initial device agent configuration, or at a later time via an Update Agent Watcher settings task.
Enable Agent Watcher on devices
To enable Agent Watcher during agent configuration
- In the console, click Tools > Configuration > Agent Configuration.
- Click the New Windows agent configuration toolbar button.
- After specifying your desired settings for the agent configuration, click the Security and Compliance group, and then click Agent Watcher to open that page on the dialog.
- Check Use the Agent Watcher.
- Select one of the settings from the available list to apply it to the agent configuration you're creating. You can create new settings or edit existing settings. The applied settings determine which services and files are monitored and how often, and whether the Agent Watcher executable remains resident in memory on monitored devices.
- Finish specifying settings for the agent configuration and then click Save.
If you want to activate Agent Watcher (or update Agent Watcher settings) at a later time, you can do so for one or more managed devices directly from the console.
To enable Agent Watcher (or update settings) as a separate task
- In the console, right-click one or more devices, and then click Update Agent Watcher settings.
- Check Use Agent Watcher.
- Select one of the settings from the available list to apply it to the agent configuration you're creating. You can create new settings or edit existing settings. The applied settings determine which services and files are monitored and how often, and whether the Agent Watcher executable remains resident in memory on monitored devices.
- Click OK.
Once you click the OK button, all the selected target devices are updated with the new settings, and a status message appears.
Disable Agent Watcher on devices
You can also disable Agent Watcher for one or more devices with the Update Agent Watcher task.
To disable Agent Watcher
- In the console, right-click one or more devices, and then click Update Agent Watcher settings.
- Make sure the Use Agent Watcher check box is cleared.
- Click OK.
Generate Agent Watcher reports
Agent Watcher monitoring and alerting information is represented by several reports in the Reports tool.
All the Agent Watcher reports include the hostname of the workstation, the monitored service or file, the status of the alert (either found or resolved), and the date the event was discovered.
Agent Watcher saves the state of the alerts so that the core will only get one alert when the condition is found and one alert when the condition is resolved. Multiple alerts may occur when Agent Watcher is restarted in order to reboot the system, or when a new configuration is pushed or pulled down to the workstation.
Reports can also be generated for a given category based on different time intervals, such as today, last week, last 30 days, or another specified interval.
IMPORTANT: Agent Watcher alert data automatically removed after 90 days
All Agent Watcher alerts over 90 days old are automatically removed from the database. Alert data is used to generate Agent Watcher reports.
IMPORTANT: Required rights and roles in order to use the Reports tool
In order to access the Reports tool, and generate and view reports, a user must have the Ivanti Administrator right (implying full rights) and the specific Reporting roles.
For more information about using the Reports tool, see Using reports.
Configure Agent Watcher settings
Use Agent Watcher settings (click Tools > Configuration > Agent Configuration > New Windows agent configuration > Security and Compliance > Agent Watcher) to determine which services and files are monitored, how often to check the status of services and files, whether Agent Watcher remains resident on devices, and whether to check for changes to the applied settings.