Zecurit Agent Overview

⌘K

Zecurit Agent – Inventory Collection, Permissions & Security Overview:

The Zecurit Agent is a lightweight endpoint service installed on Windows, macOS and Linux devices to collect inventory data and support device management. This document provides a complete overview of:

  • What data the Agent collects
  • How Scan Settings control data collection
  • What permissions the Agent uses
  • What actions the Agent can perform
  • Security and privacy considerations

1. Overview

The Zecurit Agent communicates securely with the Zecurit cloud platform and operates using a least-privilege, configurable data collection model. The agent only collects the data categories explicitly enabled in your Zecurit portal.

2. Scan Settings: What Data the Agent Collects?

Data collection is fully controlled by the Scan Settings configured in the Zecurit dashboard. The agent will only fetch inventory modules that you have turned ON.

Below are all supported scan categories:

Device Information (Mandatory)

Collects core hardware and system identification:

  1. Device name, model, manufacturer, serial number
  2. CPU, RAM, BIOS, motherboard
  3. Disk drives, partitions, connected devices

Hardwares

Deep hardware inventory:

  1. Processor details
  2. Memory slots & configuration
  3. Graphics controllers
  4. Disk memory & SMART details
  5. Connected peripherals

Softwares

Full software inventory of the device:

  1. Installed applications
  2. Version & publisher
  3. Install path
  4. Installation date
System Information

OS-level configuration and system status:

  1. Local users & groups
  2. Services, drivers
  3. Shared folders
  4. System uptime & boot time
Certificates

Scans installed system certificates:

  1. Issuer
  2. Validity period
  3. Purpose / usage type
Security Details

Security posture and configuration:

  1. Antivirus status
  2. Firewall status
  3. BitLocker encryption
  4. TPM presence, version & readiness
Warranty Information

Where supported, collects:

  1. Warranty provider
  2. Warranty category
  3. Warranty end date

3. Geolocation Data Collection (Optional)

If geolocation is enabled in Organization Settings, the agent also collects:

  • Latitude/longitude
  • Approximate location (city, region, country)

Learn more about the Geo Tracking feature.

4. Required Permissions by OS

The Zecurit Agent requests only the minimum system permissions required for inventory collection and optional management tasks.

Windows

Runs as a Local System service with permissions to:

  • Query WMI & system APIs
  • Read hardware/software inventory
  • Fetch local users & certificates
  • Manage BitLocker (only when BitLocker module is used)
  • Write logs under Program Files/Zecurit

macOS

Runs as a privileged launch daemon to:

  • Access system profiler
  • Query installed apps
  • Read hardware & security information
  • Execute shell commands for inventory

Linux

Runs as root or sudo:

  • Read /proc and /sys system data
  • Query hardware & installed packages
  • Execute inventory commands

5. Actions the Agent can perform

The Zecurit Agent operates on a controlled, command-based model. It polls the server periodically to check for new instructions issued by an administrator. The agent does not take any action on its own, every operation is triggered only when a corresponding command is received from the Zecurit cloud.

Default / Always-Running Behavior

The agent continuously performs the following background activities:

  • Polls the server for pending commands
  • Upgrade agent if any new agent version available.

Admin-Initiated / Advanced Actions

When an administrator triggers specific tasks, the agent receives corresponding commands during its next polling cycle and executes them:

  • Collects inventory (only for modules enabled in Scan Settings) if admin performs.
  • Syncs assigned policies if admin configured.
  • Monitors Application Start time and end time if admin configured software metering.
  • Device actions such as shutdown, restart, logoff, etc. if admin initiated.

Important

The agent never performs system changes or actions automatically.
It executes a command only when the server issues an admin-initiated instruction, which the agent picks up during its polling cycle.

6. Security & Communication Model

Secure Communication

  • HTTPS/TLS 1.2+
  • Mutual authentication

Data Storage Security

  • Device data encrypted at rest

Agent Integrity

  • All binaries code-signed
  • Validates signature before updates
  • Protects against unauthorized modification

No Inbound Connections

The agent does not open ports or listen externally.
All communication is outbound only.

7. Summary

The Zecurit Agent is built with a focus on security, transparency and efficiency. It is carefully engineered to operate reliably in enterprise environments without disrupting end-users or impacting device performance.

Secure: Encrypted at Every Layer

All communication between the agent and Zecurit Cloud is protected using TLS encryption. Agent binaries are code-signed, updates are signature-validated and sensitive information is always stored encrypted. The agent never opens inbound ports, ensuring a strong security posture.

Configurable: Scans Only What You Enable

The agent follows a strict configuration-driven model. It collects only the data categories you select in Scan Settings (e.g., hardware, software, system details, security posture). No additional or hidden data is gathered beyond what is explicitly enabled by the administrator.

Transparent: No Hidden Background Activities

The agent operates entirely on an admin-command model and checks in with the server every polling refresh cycle. It does not perform any silent or unauthorized operations. Every action, such as inventory collection, executing commands, tasks or device operations is triggered only when issued from the Zecurit portal. This ensures full visibility and predictable behavior.

Low Impact: Minimal Resource Usage

Designed to run efficiently on Windows, macOS and Linux, the agent uses limited CPU and memory resources. Inventory scans are optimized to avoid performance spikes and background tasks are lightweight. This makes the agent suitable for deployment across large enterprise fleets without slowing down devices.

How can we help?