3.2. ASGARD Agent Deployment

There are currently two modes of operation for the ASGARD Agent:

  • Normal - This is the default mode and allows usage of all ASGARD features.

  • Essential - This is a lightweight mode that only allows THOR scanning and Aurora deployment.

The Agent in Essential Mode uses a separate installer and needs to be created in the Creating Custom Agent Installers.

To connect a new endpoint to ASGARD Management Center, download and install the ASGARD Agent on the system you want to onboard.

The ASGARD Agent can be directly downloaded from the Management Center login screen through the button Download Agent Installers. A list of available agents for various operating systems appears.

Hint

You can disable agent downloads on the login screen. See Advanced Settings.

Download Agent Installers from Login Screen

Download Agent Installers from Login Screen

Agents Overview

Agents Overview

After the installation, the endpoints will connect to your Management Center, register automatically, and appear in the Asset Management section on the Asset Requests tab. Allow two or three minutes for systems to appear. The agents use the FQDN to connect to your Management Center, so make sure your endpoints can resolve and reach the Management Center by FQDN.

Note

Full administrative privileges are required for the ASGARD Agent and THOR to operate properly.

On the requests tab, select the agents you want your Management Center to manage and click Accept Asset Requests. The endpoint then appears in the assets overview and is ready to be managed and scanned.

Accepting ASGARD Agent Requests

Accepting ASGARD Agent Requests

3.2.1. Windows Agent Deployment

Because the Windows Agent Installer is an .exe file and not an .msi file, you need to use custom scripts to deploy the agent through your management system of choice. We provide an example PowerShell script that should work with most tools. See Installing ASGARD Agent via PowerShell Script and Deploy ASGARD Agents via SCCM.

Alternatively, if you want to deploy the ASGARD Agent manually, you can run the installer manually.

3.2.2. Linux Agent Deployment

To deploy the ASGARD Agent on a Linux system, use the following commands:

Debian based systems
user@unix:~/Downloads$ sudo dpkg -i asgard2-agent-linux-amd64.deb
RHEL, CentOS and Fedora
user@unix:~/Downloads$ sudo rpm -i asgard2-agent-linux-amd64.rpm

You can deploy agents with most common Linux tools. Make sure the installer runs with administrative privileges.

3.2.3. macOS Agent Deployment

To install the agent on macOS, run the PKG file or execute the following command in Terminal:

MacBook-Pro:~ nextron$ sudo installer -pkg /Users/nextron/Downloads/asgard2-agent-macos-arm64.pkg -target /

Starting with macOS Big Sur (v11.0), Apple requires software developers to notarize applications. Our asgard2-agent installer is notarized.

You can verify the signature by executing the following command in Terminal:

MacBook-Pro:~ nextron$ pkgutil --check-signature /Users/nextron/Downloads/asgard2-agent-macos-arm64.pkg
Package "asgard2-agent-macos-arm64.pkg":
Status: signed by a developer certificate issued by Apple for distribution
Notarization: trusted by the Apple notary service
Signed with a trusted timestamp on: XXXX-XX-XX XX:XX:XX +0000
...

If you encounter installation issues, see Bypass Apple verification during installation of asgard2-agent.

3.2.3.1. macOS Full Disk Access

Since macOS Ventura (v13.0), the ASGARD Agent needs Full Disk Access to function properly. After you have deployed the ASGARD Agent, you need to grant the service the required access permissions. Administrative privileges on the machine are required to perform the following tasks.

Note

There is no workaround for these steps because they are part of the security design of Apple devices. If you have trouble with THOR scans via ASGARD on macOS, check whether the Full Disk Access permission for the ASGARD Agent was granted. Since macOS Mojave (v10.14), you also need to grant the same permissions to removable volumes if you plan to scan them.

If you need to grant Full Disk Access via MDM, see Full Disk Access for macOS asgard2-agent-service via MDM.

To grant access manually, navigate on your Mac to System Settings > Privacy & Security > Full Disk Access:

macOS 13 Privacy & Security

Enable the asgard2-agent-service slider:

macOS 13 Full Disk Access

Note

In macOS Tahoe 26 versions earlier than 26.3, macOS may not display the asgard2-agent-service entry in the Full Disk Access UI. This is fixed in macOS Tahoe 26.3.