Solved

Agent disconnect

  • 1 December 2021
  • 2 replies
  • 154 views

Badge

The agent installed on the machines have been installed as local administrator. When logging off they will stay connected to the cloud system for about 5 minutes then it will disconnect. The agent then has to be restarted once logged back in to the system. The application has been whitelisted. I am looking for any additional troubleshooting techniques to look for.

icon

Best answer by Cymulate Team 2 December 2021, 09:13

View original

2 replies

Userlevel 2
Badge +3

Hey Carl,

 

The Cymulate Agent is running as a user mode process. 

It means that when the user who runs the agent logs off, the agent will go down. 

There is a requirement to keep the dedicated test user always logged into the system. 

Userlevel 2
Badge +2

To further explain:

A great majority of attack methodologies (used both by actual attackers and - as you’d expect - in Cymulate assessments) operate within a user context.  For example, if no user is logged in, then Word cannot be opened to attempt to use macros for malicious purposes.   

Because of this, the Agent needs to be running in a user context, with a logged-in user, in order to properly perform most of the assessment components.

The secondary benefit to this is that you can easily test how different classifications of users (regular, super-user, admin, etc.) will react to malicious activities by simply logging in as a different user and re-running the assessment. 

Reply