# Troubleshooting ## General Control During the agent installation sometimes users are faced with various issues. The most common issues are listed and explained how to fix them. * Network Communication Problem: Commonly, the network team is not permitted to access the portal and ports. Please double-check the permissions before installation. * Security Applications Problem: Sometimes the antivirus/EDR solutions can stop or block the agent services. Please make sure exclusions are provided. * The Portal Misconfigurations: Sometimes, during the deployment process, the parameters can be left empty. Please contact CyberCyte IT support for the solution. * The Agent Data Collection: If the agent is working but no data is coming to the portal, please check the policies and groups. Sometimes users can forget the policy assignment. * Checking the Portal: Sometimes users deploy the agents but the agent show no notification on the machine. That's why sometimes users think the agent is not installed properly. In that case, we suggest to check the portal after deployment. Please navigate to "Asset Management" -> "Endpoint Management" on the portal and check if the device has appeared on the grid. If it is not, then users should troubleshoot the problem. If the agent installation is finished and further analysis is needed for troubleshooting, please navigate to this link below: {% embed url="" %} ## Windows Once the agent is installed, two services are installed: * PMService: This service performs updates for the agent. * ICSFAgentService: This service executes all agent functions. When this service is restarted, the agent re-initiates artifact collection policies and registers itself to the server. The below files and folders can be used for Troubleshooting: * C:\Program Files\ICSFAgentService\logs\\\.txt: This is the main file used by the agent to write any exception. * C:\Program Files\ICSFAgentService\logs\\\: Every module and major artifact collector of the agent creates separate log files, which could be needed for Troubleshooting. * C:\Program Files\ICSFAgentService\debug.txt: When set to true and the ICSFAgentService is restarted, more detailed logging is enabled. * C:\Program Files\ICSFAgentService\ICSFAgentService.url.txt: The main URL agent-server communicates is written here if it needs to be checked for Troubleshooting. * C:\Program Files\ICSFAgentService\files\collector\\\\_\.txt: Every artifact collection type creates three files under this folder. The settings, log and the last result are available for Troubleshooting. * C:\ProgramData\ICSFAgentService\PolicyExecutionTime.json: When LastExecutionTime set to "", the collection can be initiated instantly. * C:\ProgramData\ICSFAgentService\Event Logs Collections: Security logs to be sent to server is stored in this folder. * C:\ProgramData\ICSFAgentService\Sysmon Logs Collections: Sysmon logs to the server are stored in this folder. * C:\ProgramData\ICSFAgent\Thor\ThorPolicyExecutionTime.json: When LastExecutionTime is set to "", Thor collections can be started immediately. * C:\ProgramData\ICSFAgent\Sysmon Settings: Sysmon settings are stored in this folder. * C:\ProgramData\ICSFPackageManager: Software deployments are managed through this folder. * C:\ProgramData\PMService: Package manager settings are stored in this folder. The file is encrypted. Also, please check the machine and server communication with ping, curl, or other tools. ## Linux For Troubleshooting the agent first of all we need to check the status of the "CyberCyteAgent" with this command: * `systemctl status cybercyte_linux_agent.service` -> This command gives us the information about the service status. For further troubleshooting, we can check the logs in the `/opt/CyberCyteAgent/logs/_linux_agent.txt` directory it will give us the both collector and service logs under the directories. `cd /opt/CyberCyteAgent/logs` -> Navigate the log files `/opt/CyberCyteAgent/CyberCyteAgent --version` -> Get the agent version `/opt/CyberCyteAgent/CyberCyteAgent --help` -> See detailed help menu for troubleshooting If the agent is not appeared under the "Endpoints & Network Devices" -> "Endpoint Management" -> "Asset Management", please follow these steps to finding the root cause: * Check the connection between server and CyberCyte portal, the server must communicate CyberCyte via 443 port. * Check the agent logs under the "/opt/CyberCyteAgent/logs/\\_linux\_agent.txt". Also, please send the log file to "". * Check the agent service on the server. If it is not working, please try to uninstall and re-install again. ## macOS If the agent is not appeared under the "Endpoints & Network Devices" -> "Endpoint Management" -> "Asset Management", please follow these steps to finding the root cause: * Check the connection between device and CyberCyte portal, the device must communicate CyberCyte via 443 port. * Check the logs under "/Library/Application Support/CyberCyteAgent/logs". * Check the temp folder of the agent under "/tmp/CyberCyteAgent". * Restart the agent with this command `" --restart" or "`/usr/local/bin/CyberCyteAgent --restart" * Check the agent status with details: * `sudo launchctl list com.cybercyte.macagent`\ `{`\ `"LimitLoadToSessionType" = "System";`\ `"Label" = "com.cybercyte.macagent";`\ `"OnDemand" = false;`\ `"LastExitStatus" = 0;`\ `"PID" = 80216;`\ `"Program" = "/usr/local/bin/CyberCyteAgent";`\ `};` * Check the agent service on the device. If it is not working, please try to uninstall and re-install again. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudcyte.com/pre-requirements-and-initialization-of-the-platform/troubleshooting.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.