Installing the Device Vulnerability Agent

In this article, you will find:

• Navigation guidance for accessing the device vulnerabilities area.

• Guides for installing the device vulnerability agent onto devices.

• Information about mass deploying the agent via Microsoft Intune.

IMPORTANT: Our agent is specifically designed for Windows devices, and is provided in partnership with RoboShadow. The agent uses read access on devices to return vulnerability information, and is able to automatically update vulnerable applications using signed official packages provided by the vendors through our Fix this for me approach.

Accessing the Device Vulnerabilities Area

In order to use the Device Vulnerability feature of the OneClickComply platform, you will need to install our agent onto any devices that your business wishes to scan. To access the Device Vulnerability area, navigate to Scanning > Vulnerability Management > Device Vulnerabilities, as shown below:

Navigation guidance for accessing the device vulnerabilities area

Installing the Agent

RoboShadow employs CREST certified experts within their team, which can be verified here. If you have any further questions about our agent, please contact a member of the OneClickComply team.

If you have not activated the Vulnerability Management feature, click the Get Started option to begin(see below):

Activation required notification

There will be a wait of around 30 seconds, after which you will be automatically redirected to the Installation area. Here you will be provided with your Organisation ID, as well as options to either download an installable agent for Windows or MacOS, or use an install script, as shown below:

Downloading agent section

Please deploy the agent to all of the devices you wish to monitor using either the agent, or installation script. Please also have your Organisation ID (example above) on hand during this process.

Once the agent has been installed onto the required devices and ran, please navigate to the Scan tab and conduct your first scan.

Mass Deployment via Intune

If you wish to deploy the Vulnerability Management agent to multiple devices within your organisation, you can do so via Microsoft Intune using the steps laid out below:

1. Go to https://intune.microsoft.com/?ref=AdminCenter#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/scripts

2. Select "Add", then "Windows 10 and later".

3. Fill in a friendly name and description for the new script.

4. Copy your Organisation ID from within the OneClickComply platform. It can be found inside of the Installation tab of the Vulnerability Management area, as shown below:

Vulnerability management area

5. Replace the 'xxxxxx' value in the script below with your Organsiation ID. Then paste the updated script to Intune:

Start-Process 'C:\Windows\System32\msiexec.exe' -ArgumentList '/i https://cdn.roboshadow.com/GetAgent/RoboShadowAgent-x64.msi /qb /norestart ORGANISATION_ID=xxxxxx' -Wait

6. Once you have confirmed that the script above has been correctly updated, select "No", "No", then "Yes" for the 3 options underneath Script Location.

7. Select the group(s) to be targeted, or all devices as required.

8. Click Next, then Create.

9. The Vulnerability Management agent will then install the next time the devices check in.

Note: Check in times for Microsoft Intune can vary, so installation of the agent may not occur immediately.

If you have any questions about the above, please contact a member of our support team.