Agent Deployment

If you choose to scan the target host by using the Software Vulnerability Manager Agent in Single Host mode (recommended), you can easily distribute and install the Agent by deploying it through the currently supported deployment solutions WSUS/System Center, Intune, Workspace One, and BigFix.

Click Create CSI Agent Package under Agent Deployment to start the Software Vulnerability Manager Agent Package wizard.

The Software Vulnerability Manager Agent Package can be created and managed just like any other SPS package.

SVM Agent Deployment Package Configurations

The Agent Deployment package allows the configuration of a variety of agent installation options that can be used to customize the agent prior to deploying the package.

The command-line options of the agent can be set in the script that is provided at step 2 of the SPS Agent Deployment package configuration wizard.

Configure runAsUsername when you intend to install and run the agent under service account different than LocalSystem. You are required to configure the runAsPassword together with that.

Configure runAsUsername and runAsPassword when the network proxy will block LocalSystem to perform online connections. Then you will be required to use a service account to run the agent as an authenticated user to have it easily bypass network blocking.

Configure ProxyUsername and ProxyPassword variables when the username and password for the network proxy are not shared with active directory and are verified only against the proxy server.

Configure proxy host and proxyPort variables when you want to specify which proxy should be used by the local agent to successfully connect to its target online servers at Flexera.

Configure the SiteName variable when you want to define a custom site grouping in the management interface. This method should never be combined with the use of Active Directory feature in Software Vulnerability Manager. You must decide which you will use and stick to it.

SiteName is also used when extra options like debugging parameters or scan interval randomization commands must be included in the installation command of the agent.

The next command will install the agent with custom site Hi, scan interval 30 minutes, and will create a log file of the installation of the agent that will run until you uninstall the agent.

siteName = “Hi –si 30 –d c:\agent-log.txt –v”;

Preliminary Package Testing

After your settings are configured in the script SPS gives you the option to export the file on the local file system and execute it. The exported file is always called sps.exe. This executable is ready to install, and it includes the settings you have set in the execution flow script.

For each script change, you can export different package and test until you get a working package. This is your final goal, an agent deployment package that installs an agent that successfully communicates with its server without errors.

Agent Package Applicability

The agent deployment package enables you to publish the installer as a software update to WSUS. Its applicability rules are set to always install. It will execute on any endpoint where it has not been installed, or where a previous agent version exists without having to pass SCCM package applicability evaluation which is traditional for every other 'update' type of package published through SVM.