Intern (Agent)

On this page, you can manage the internal infrastructure for systems with the Agent installed, turn Auto Healing on or off for individual devices, set the asset value for a specific target, and define targets as either "managed" or "unmanaged." You can also find info here about downloading and installing the Agent and set up Asset Discovery.

Agent

Installation and Configuration

The internal infrastructure is checked by lywand using our Agent. It gets installed right on the endpoints and delivers results every day. The Agent runs in the background without you noticing.

At the top right of the page, you've got the option to download the Agent installer file. When you click the "Download Agent" button, a pop-up shows up with more details about it.

Next to the download button at the top right, you'll also see a gear icon. If you click it, you'll get some more handy info on downloading and setting up the Agent. That's also where you can find your license key.

The Agent is basically available in two formats: MSI and EXE. The MSI format is used by software deployment tools by default.

These operating systems are supported: Windows 11, 10, 8.1, 7 and Windows Server 2025, 2022, 2019, 2016, 2012R2, 2008R2. On other operating systems, we can't guarantee everything will work right. If you still want to go ahead with the installation, it can be forced without any guarantee.

Our Agent comes with an automatic update feature that keeps it up to date on all devices. You don't have to do anything manually after the first rollout.

Manual Installation

To install the Agent on a device, click on “Download Agent”. In the pop-up that follows, click on either “Download MSI” or “Download EXE”. Then run the downloaded installer and enter the license key when the setup wizard asks you to. The license key is the same for all of a customer's devices.

Alternatively, you can also find the latest installation files at the following static URLs (these links are always up-to-date):

• https://agent.lywand.com/lywand-setup/latest/lywand_setup.msi

• https://agent.lywand.com/lywand-setup/latest/lywand_setup.exe

Zipped installation files:

• https://agent.lywand.com/lywand-setup/latest/lywand_setup.msi.zip

• https://agent.lywand.com/lywand-setup/latest/lywand_setup.exe.zip

Installation using a software deployment tool

You can install the agent on several devices using a software deployment tool. To make the installation as easy and automated as possible, we provide more helpful info in our Agent Rollout Guide.

Keep in mind that every agent installation costs money. For exact info about our price list, please contact your distributor.

Firewall Permissions

Before you start installing the Agent, keep in mind the Agent needs access to these URLs:

• https://agent.lywand.com:443

• https://go.lywand.com:443

• https://definitions.lywand.com:443

Results

Once the Agent is installed, the first scan of the device starts. It can take up to an hour for the first results to show up on the platform. After that, the Agent runs another check every 24 hours.

Further Information

Further information on agent installation can be found in our dedicated guide:

Remove Devices

Manual Uninstall

To remove a device, click the "trash bin" button all the way to the right of the table. Keep in mind it only shows up when you hover your mouse over the table column. All related data (vulnerabilities, actions, etc.) will be deleted. The Agent will also be uninstalled on the corresponding device.

If the Agent was uninstalled directly on the device (not through the Security Audit Platform), you can use this option to permanently delete the remaining data.

Uninstall via software distribution tool

For this, we provide two commands listed in the Agent Rollout Guide.

Asset Discovery

The Asset Discovery feature helps you identify devices in your internal company network — keyword “Shadow IT”. The assets found this way can then be checked for vulnerabilities using the Internal Network Checks.

Once you've set up Asset Discovery, you can select in the table which Agents should be used for discovery. You can choose between three options:

• Dynamic
  Asset Discovery only runs when either "Via public IPs" or "Via Wi-Fi SSID" is enabled in the config. If Asset Discovery is set up for manual activation on Agents, no detection happens.

• Enabled
  Unlimited discovery: Everything the Agent sees. This setting overrides what you picked on the config page.

• Disabled
  Asset Discovery won't run on this device. This setting overrides what you picked on the config page.

Asset Discovery Configuration

Asset Discovery needs to be set up first to get results. Click the gear icon in the top right to get to the config page. There you can turn on Asset Discovery and limit it to certain areas.

Detect Company Network

To prevent the Agent from detecting devices from employees' home offices or other non-company environments, you can set up company network detection here. You can choose between the following three options:

• Via public IP address(es)

  Here you can enter one or more public IP addresses that will be used to detect the company network. You can separate multiple entries with a line break, a space, or a comma.

• Via WiFi SSID

  Alternatively, you can enter one or more SSIDs that will then be used to detect the company network. You can separate multiple entries with a line break. With a checkbox, you can also decide if the device has to be connected to the WiFi or not.

• Via manual activation for the Agents

  You also have the option to activate each Agent manually, one by one. If you pick this option, you can do it on the infrastructure page of the Agents.

We don't recommend activating this manually on the Agents, because for just a few Agents this can seriously reduce the quality and freshness of the asset discovery results. Configuring via public IP addresses or via Wi-Fi SSIDs is recommended!

Configure IP Ranges

You can use allowlists and denylists to narrow down asset searches. This is handy if you want to leave out certain areas (or restrict scanning to some areas only). With this, you can control which private IP ranges can be found and scanned, and which ones can't.

• Allowlist

  This list has IP addresses or ranges that are explicitly allowed to be scanned. If the allowlist is empty, all areas reachable for the Agents will get scanned.

• Denylist

  This list has IP addresses or ranges that shouldn't be scanned. Even if an IP is on the allowlist, it won't be scanned if it's also on the denylist.

Include Large Networks

By default, asset detection only happens in network ranges up to /20. But you can also allow for bigger ranges (up to /16). Just turn on the right opt-in setting on the config page. Just keep in mind that when you do asset discovery in class B networks, scan times can get pretty long and the network load might go up.

Turn off Asset Discovery

You can also turn off asset discovery again on this config page. Just be aware that all settings you made before will be lost.

How are assets detected?

For technical reasons, it can take half an hour to a few hours until results show up on the platform after a scan.

The assets are detected technically using the Address Resolution Protocol (ARP). Devices connected to the network are identified by their MAC address.

Since an asset discovery scan only takes place once a day per Agent, you'll get more results the more Agents check the same network. The Agents automatically stagger their scan times, so several scans take place throughout the day.

Please note the following restrictions for IP address ranges:

1. Only the subnet that the respective client uses to connect to the internet will be scanned.

2. By default, only subnets up to a maximum size of /20 are supported. To support networks up to a size of /16 (Class B networks), the corresponding option must be set on the configuration page.

3. Only private IP address ranges are supported.