Prerequisites for assets monitored in agent-based mode

Flows matrix

This matrix sums up the flows that may be required to monitor assets using the Cyberwatch agent.

Source	Destination	Protocol	Port	Description
monitored asset	Cyberwatch scanner	TCP	443	HTTPS communication for Windows, Linux and macOS agents

Software prerequisites

• Operating System among those covered in the list of supported operating systems

Specific requirements for Windows assets

• PowerShell v2 or higher must be installed, can be downloaded on the official Microsoft Update Catalog website
• Microsoft .NET Framework v4.5.2 or higher must be installed for Windows 2008 or higher, can be downloaded on the official Microsoft website
• Microsoft .NET Framework v3.5 must be installed for Windows 2003, can be downloaded on the official Microsoft website
• Windows Update service (wuauserv) must be enabled
• Windows Update Agent v6.1.0022.4 or higher must be installed

Windows Server 2008 and Windows 7 assets also must support SHA-2 hash algorithms as described in the official Microsoft documentation. In summary, two updates are required:

• SHA-2 Code Signing Support, by installing KB4474419
• SHA-2 Related Servicing Stack Updates
  • by installing KB4490628 on Windows 7 SP1 and Windows Server 2008 R2 SP1
  • by installing KB4493730 on Windows Server 2008 SP2

In case these KBs are not installed, the following exception will be encountered in the Cyberwatch scan result:

# Error: Exception calling "AddScanPackageService" with "3" argument(s): "A certificate chain processed but terminated in a root certificate which is not trusted provider (HRESULT : 0x800B0109)"

Specific requirements for macOS assets

These requirements only apply to Python3 agents.

• The asset needs an installation of Xcode Command Line Tools, a lighter version of the Xcode package, which extends functionalities related to Python module execution. The absence of this prerequisite will raise the following error xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun, which can be solved by running xcode-select --install.
• An asset with M1 or M2 Mac processor, needs Rosetta 2, in order to be compatible with our agent. This installation involves running the command softwareupdate --install-rosetta and then accepting a License Agreement. For automation purposes, the command softwareupdate --install-rosetta --agree-to-license allows to override the acceptance of this agreement.
• Concerning Python3 dependencies management, it’s automatic since version 4.12 of the agent. The appearance of a ModuleNotFoundError: No module named 'requests' error means the request could not be successful, and requires to follow this procedure.