{"id":2977,"date":"2025-11-27T15:26:29","date_gmt":"2025-11-27T15:26:29","guid":{"rendered":"https:\/\/zecurit.com\/help\/?post_type=docs&#038;p=2977"},"modified":"2025-11-27T16:56:05","modified_gmt":"2025-11-27T16:56:05","slug":"zecurit-agent-overview","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/device-enrollment\/zecurit-agent-overview\/","title":{"rendered":"Zecurit Agent Overview"},"content":{"rendered":"\n<p>Zecurit Agent &#8211; Inventory Collection, Permissions &amp; Security Overview:<\/p>\n\n\n\n<p>The Zecurit Agent is a lightweight endpoint service installed on Windows, macOS and Linux devices to collect inventory data and support device management. This document provides a complete overview of:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What data the Agent collects<\/li>\n\n\n\n<li>How Scan Settings control data collection<\/li>\n\n\n\n<li>What permissions the Agent uses<\/li>\n\n\n\n<li>What actions the Agent can perform<\/li>\n\n\n\n<li>Security and privacy considerations<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Overview<\/strong><\/h2>\n\n\n\n<p>The Zecurit Agent communicates securely with the Zecurit cloud platform and operates using a <strong>least-privilege, configurable<\/strong> data collection model. The agent <strong>only collects the data categories explicitly enabled<\/strong> in your Zecurit portal.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Scan Settings: What Data the Agent Collects<\/strong>?<\/h2>\n\n\n\n<p>Data collection is <strong>fully controlled<\/strong> by the Scan Settings configured in the Zecurit dashboard. The agent will only fetch inventory modules that you have turned <strong>ON<\/strong>.<\/p>\n\n\n\n<p>Below are all supported scan categories:<\/p>\n\n\n\n<div class=\"wp-block-getwid-accordion has-icon-left\" data-active-element=\"none\">\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Device Information (Mandatory)<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Collects core hardware and system identification:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Device name, model, manufacturer, serial number<\/li>\n\n\n\n<li>CPU, RAM, BIOS, motherboard<\/li>\n\n\n\n<li>Disk drives, partitions, connected devices<\/li>\n<\/ol>\n\n\n\n<p><\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Hardwares<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Deep hardware inventory:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Processor details<\/li>\n\n\n\n<li>Memory slots &amp; configuration<\/li>\n\n\n\n<li>Graphics controllers<\/li>\n\n\n\n<li>Disk memory &amp; SMART details<\/li>\n\n\n\n<li>Connected peripherals<\/li>\n<\/ol>\n\n\n\n<p><\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Softwares<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Full software inventory of the device:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Installed applications<\/li>\n\n\n\n<li>Version &amp; publisher<\/li>\n\n\n\n<li>Install path<\/li>\n\n\n\n<li>Installation date<\/li>\n<\/ol>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">System Information<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>OS-level configuration and system status:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Local users &amp; groups<\/li>\n\n\n\n<li>Services, drivers<\/li>\n\n\n\n<li>Shared folders<\/li>\n\n\n\n<li>System uptime &amp; boot time<\/li>\n<\/ol>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Certificates<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Scans installed system certificates:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Issuer<\/li>\n\n\n\n<li>Validity period<\/li>\n\n\n\n<li>Purpose \/ usage type<\/li>\n<\/ol>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Security Details<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Security posture and configuration:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Antivirus status<\/li>\n\n\n\n<li>Firewall status<\/li>\n\n\n\n<li>BitLocker encryption<\/li>\n\n\n\n<li>TPM presence, version &amp; readiness<\/li>\n<\/ol>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-getwid-accordion__header-wrapper\"><span class=\"wp-block-getwid-accordion__header\"><a href=\"#\"><span class=\"wp-block-getwid-accordion__header-title\">Warranty Information<\/span><span class=\"wp-block-getwid-accordion__icon is-active\"><i class=\"fas fa-plus\"><\/i><\/span><span class=\"wp-block-getwid-accordion__icon is-passive\"><i class=\"fas fa-minus\"><\/i><\/span><\/a><\/span><\/div><div class=\"wp-block-getwid-accordion__content-wrapper\"><div class=\"wp-block-getwid-accordion__content\">\n<p>Where supported, collects:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Warranty provider<\/li>\n\n\n\n<li>Warranty category<\/li>\n\n\n\n<li>Warranty end date<\/li>\n<\/ol>\n<\/div><\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Geolocation Data Collection (Optional)<\/strong><\/h2>\n\n\n\n<p>If geolocation is enabled in Organization Settings, the agent also collects:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Latitude\/longitude<\/li>\n\n\n\n<li>Approximate location (city, region, country)<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/zecurit.com\/help\/docs\/asset-manager\/asset-management\/inventory-management\/geo-tracking\/\">Learn more<\/a> about the Geo Tracking feature.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Required Permissions by OS<\/strong><\/h2>\n\n\n\n<p>The Zecurit Agent requests only the minimum system permissions required for inventory collection and optional management tasks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Windows<\/strong><\/h3>\n\n\n\n<p>Runs as a <strong>Local System<\/strong> service with permissions to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Query WMI &amp; system APIs<\/li>\n\n\n\n<li>Read hardware\/software inventory<\/li>\n\n\n\n<li>Fetch local users &amp; certificates<\/li>\n\n\n\n<li>Manage BitLocker (only when BitLocker module is used)<\/li>\n\n\n\n<li>Write logs under Program Files\/Zecurit <\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>macOS<\/strong><\/h3>\n\n\n\n<p>Runs as a privileged launch daemon to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access system profiler<\/li>\n\n\n\n<li>Query installed apps<\/li>\n\n\n\n<li>Read hardware &amp; security information<\/li>\n\n\n\n<li>Execute shell commands for inventory<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Linux<\/strong><\/h3>\n\n\n\n<p>Runs as root or sudo:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Read <code>\/proc<\/code> and <code>\/sys<\/code> system data<\/li>\n\n\n\n<li>Query hardware &amp; installed packages<\/li>\n\n\n\n<li>Execute inventory commands<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Actions the Agent can perform<\/strong><\/h2>\n\n\n\n<p>The Zecurit Agent operates on a controlled, command-based model. It <strong>polls the server periodically<\/strong> to check for new instructions issued by an administrator. The agent does <strong>not<\/strong> take any action on its own, every operation is triggered only when a corresponding command is received from the Zecurit cloud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Default \/ Always-Running Behavior<\/strong><\/h3>\n\n\n\n<p>The agent continuously performs the following background activities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Polls the server<\/strong> for pending commands<\/li>\n\n\n\n<li>Upgrade agent if any new agent version available. <\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Admin-Initiated \/ Advanced Actions<\/strong><\/h3>\n\n\n\n<p>When an administrator triggers specific tasks, the agent receives corresponding commands during its next polling cycle and executes them:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Collects inventory<\/strong> (only for modules enabled in Scan Settings) if admin performs. <\/li>\n\n\n\n<li><strong>Syncs assigned policies<\/strong> if admin configured. <\/li>\n\n\n\n<li><strong>Monitors<\/strong> Application Start time and end time if admin configured software metering.<\/li>\n\n\n\n<li>Device actions such as <strong>shutdown<\/strong>, <strong>restart<\/strong>, <strong>logoff<\/strong>, etc. if admin initiated. <\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Important<\/strong><\/h3>\n\n\n\n<p>The agent <strong>never performs system changes or actions automatically<\/strong>.<br>It executes a command <strong>only when the server issues an admin-initiated instruction<\/strong>, which the agent picks up during its polling cycle.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. Security &amp; Communication Model<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Secure Communication<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTTPS\/TLS 1.2+<\/li>\n\n\n\n<li>Mutual authentication<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Data Storage Security<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Device data encrypted at rest<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Agent Integrity<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All binaries code-signed<\/li>\n\n\n\n<li>Validates signature before updates<\/li>\n\n\n\n<li>Protects against unauthorized modification<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>No Inbound Connections<\/strong><\/h3>\n\n\n\n<p>The agent <strong>does not open ports<\/strong> or listen externally.<br>All communication is <strong>outbound only<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>7. Summary<\/strong><\/h2>\n\n\n\n<p>The Zecurit Agent is built with a focus on security, transparency and efficiency. It is carefully engineered to operate reliably in enterprise environments without disrupting end-users or impacting device performance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Secure: Encrypted at Every Layer<\/strong><\/h3>\n\n\n\n<p>All communication between the agent and Zecurit Cloud is protected using TLS encryption. Agent binaries are code-signed, updates are signature-validated and sensitive information is always stored encrypted. The agent never opens inbound ports, ensuring a strong security posture.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Configurable: Scans Only What You Enable<\/strong><\/h3>\n\n\n\n<p>The agent follows a strict configuration-driven model. It collects only the data categories you select in Scan Settings (e.g., hardware, software, system details, security posture). No additional or hidden data is gathered beyond what is explicitly enabled by the administrator.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Transparent: No Hidden Background Activities<\/strong><\/h3>\n\n\n\n<p>The agent operates entirely on an admin-command model and checks in with the server every polling refresh cycle. It does not perform any silent or unauthorized operations. Every action, such as inventory collection, executing commands, tasks or device operations is triggered <strong>only<\/strong> when issued from the Zecurit portal. This ensures full visibility and predictable behavior.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Low Impact: Minimal Resource Usage<\/strong><\/h3>\n\n\n\n<p>Designed to run efficiently on Windows, macOS and Linux, the agent uses limited CPU and memory resources. Inventory scans are optimized to avoid performance spikes and background tasks are lightweight. This makes the agent suitable for deployment across large enterprise fleets without slowing down devices.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":0,"parent":2375,"menu_order":4,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2977","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2977","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2977"}],"version-history":[{"count":4,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2977\/revisions"}],"predecessor-version":[{"id":2985,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2977\/revisions\/2985"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2375"}],"prev":[{"title":"Choosing Enrollment Method","link":"https:\/\/zecurit.com\/help\/asset-management\/device-enrollment\/choosing-the-right-enrollment-method\/","href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2452"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2977"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2977"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}