If, you are having issues installing Atera Agent, or if you are experiencing any problems with agent stability, alert consistency, agent unavailability, or remote connection instability, please verify the following:
Trial limitation
During the trial period, you may encounter issues installing the Atera agent on devices that had it installed by a different account. This limitation cannot be rectified for trial accounts. After purchasing an Atera subscription, you can install the agent on these devices by contacting our support team for assistance.
Error 2753
You might encounter error 2753 when attempting to install the Atera Agent on a device. This error occurs when files from a previous installation of the Atera Agent are still present on the device. To resolve this issue, please refer to this article, which provides all the necessary steps to fix the problem.
Supported Versions
Please look at the main article to see which Windows versions are compatible with the Atera agent.
Server List and Ports
In addition to installing the .NET Framework on your device, it is imperative to configure your network settings to enable communication between your devices and our servers.
Whitelist the following servers on your network to ensure proper agent communication:
- a32dl55qcodech-ats.iot.eu-west-1.amazonaws.com
- agent-api.atera.com
- agent-api-v2.atera.com
- agenthb.atera.com
- app.atera.com
- appcdn.atera.com
- ps.atera.com
- pubsub.atera.com
- dotnetcli.azureedge.net
- builds.dotnet.microsoft.com
- download.visualstudio.microsoft.com
- ps.pndsn.com
- pubsub.pubnub.com
- atera.pubnubapi.com
- agentreportingstore.blob.core.windows.net
- agentspoliciesprod.blob.core.windows.net
- packagesstore.blob.core.windows.net
- ticketingitemsstoreeu.blob.core.windows.net
- atera-agent-heartbeat-cus.servicebus.windows.net
- atera-agent-heartbeat.servicebus.windows.net
- cacerts.thawte.com
- *.cloudfront.net
- automationtasks.blob.core.windows.net
- dot.net
- ci.dot.net
Important Note:
- Whitelisting our servers is not achievable based on IP addresses; the whitelisting process must exclusively employ the server name.
Ports
In addition to whitelisting the servers mentioned above on your network, you also need to allow outbound traffic over ports 443 (TCP) and 8883 (TCP/UDP) on your Antivirus, Firewall, and Proxy servers.
Troubleshoot Windows Agent (.ps1)
In the event of installation or connectivity issues with the Atera agent, you may execute the following script either locally on the device or via Atera (provided the agent is responsive) to confirm that the majority of settings are configured correctly and to terminate certain processes.
For more details on how to run scripts directly from Atera, please check the following articles:
# Function to check for third-party firewall software
function Check-ThirdPartyFirewall {
$firewallPrograms = @(
"Symantec", "McAfee", "Norton", "Kaspersky", "Bitdefender", "ESET",
"Avast", "AVG", "Comodo", "ZoneAlarm", "Sophos"
)
$thirdPartyFirewallFound = $false
$installedPrograms = Get-WmiObject -Query "SELECT * FROM Win32_Product"
$runningServices = Get-Service
foreach ($firewall in $firewallPrograms) {
if ($installedPrograms.Name -like "*$firewall*" -or $runningServices.DisplayName -like "*$firewall*") {
Write-Host "Third-party firewall detected: $firewall" -ForegroundColor Green
$thirdPartyFirewallFound = $true
}
}
return $thirdPartyFirewallFound
}
# Function to check Windows Firewall rules
function Check-WindowsFirewallRules {
$targetAddress = "agent-api.atera.com"
$targetIP = [System.Net.Dns]::GetHostAddresses($targetAddress)[0].IPAddressToString
$checkRules = {
param ($action, $direction)
Get-NetFirewallRule | Where-Object { $_.Action -eq $action -and $_.Direction -eq $direction -and $_.Protocol -eq "TCP" -and $_.LocalPort -eq "443" } |
ForEach-Object {
$addresses = Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $_
if ($addresses.RemoteAddress -contains $targetIP) {
Write-Host "$action rule for HTTPS traffic to $targetAddress ($targetIP) found." -ForegroundColor Green
return $true
}
}
return $false
}
if (-not ($checkRules.Invoke("Allow", "Outbound"))) {
Write-Host "No firewall rules explicitly allowing HTTPS traffic found." -ForegroundColor Red
$global:allowRuleMissing = $true
}
if (-not ($checkRules.Invoke("Block", "Outbound"))) {
Write-Host "No firewall rules explicitly blocking HTTPS traffic found." -ForegroundColor Green
} else {
$global:blockRuleFound = $true
}
}
# Function to resolve all IP addresses for a given server
function Get-AllIPAddresses {
param ([string]$server)
try {
[System.Net.Dns]::GetHostAddresses($server).IPAddressToString
} catch {
return $null
}
}
# Function to test TCP connection to a specific port
function Test-TcpConnection {
param ([string]$server, [int]$port)
$resolvedIPs = Get-AllIPAddresses -server $server
if (-not $resolvedIPs) {
Write-Host "Unable to resolve IP addresses for $server." -ForegroundColor Red
$global:connectionIssues = $true
return
}
foreach ($resolvedIP in $resolvedIPs) {
# ── 1. Raw TCP check ──────────────────────────────────────────────────
try {
$tcpClient = New-Object System.Net.Sockets.TcpClient
$sw = [System.Diagnostics.Stopwatch]::StartNew()
# Async connect with 3 second timeout instead of blocking
$connectTask = $tcpClient.ConnectAsync($resolvedIP, $port)
if (-not $connectTask.Wait(3000)) {
$sw.Stop()
Write-Host "TCP FAIL: $server ($resolvedIP):$port — Timed out after 3000ms" -ForegroundColor Red
$global:connectionIssues = $true
continue
}
$sw.Stop()
if ($tcpClient.Connected) {
Write-Host "TCP OK : $server ($resolvedIP):$port [$($sw.ElapsedMilliseconds) ms]" -ForegroundColor Green
} else {
Write-Host "TCP FAIL: $server ($resolvedIP):$port — Connected but socket not established" -ForegroundColor Red
$global:connectionIssues = $true
continue
}
} catch {
Write-Host "TCP FAIL: $server ($resolvedIP):$port — $($_.Exception.Message)" -ForegroundColor Red
$global:connectionIssues = $true
continue
} finally {
# Ensure socket is always cleanly closed
if ($tcpClient) {
$tcpClient.Close()
$tcpClient.Dispose()
}
}
# ── 2. HTTPS + certificate check (only for port 443) ─────────────────
if ($port -eq 443) {
try {
$script:capturedCert = $null
$certCallback = [System.Net.ServicePointManager]::ServerCertificateValidationCallback
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {
param($sender, $certificate, $chain, $sslPolicyErrors)
# Copy cert into managed memory immediately before handle is disposed
if ($certificate) {
try {
$script:capturedCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certificate)
} catch {
$script:capturedCert = $null
}
}
return $true
}
$request = [System.Net.HttpWebRequest]::Create("https://$server/")
$request.Host = $server
$request.Timeout = 10000
$request.Method = "HEAD"
$request.AllowAutoRedirect = $false
try {
$response = $request.GetResponse()
$statusCode = [int]$response.StatusCode
$response.Close()
} catch [System.Net.WebException] {
if ($_.Exception.Response) {
$statusCode = [int]$_.Exception.Response.StatusCode
} else {
throw
}
}
Write-Host "HTTPS OK: $server — HTTP $statusCode" -ForegroundColor Green
# ── 3. Certificate ownership check ───────────────────────────
if ($script:capturedCert) {
$certSubject = $script:capturedCert.Subject
$certIssuer = $script:capturedCert.Issuer
$certExpiry = $script:capturedCert.NotAfter
# Build wildcard version of hostname for wildcard cert matching
# e.g. d25btwd9wax8gu.cloudfront.net -> *.cloudfront.net
$serverDomain = $server -replace '^[^.]+\.', '*.'
# Check Subject Alternative Names (SANs) for a more thorough match
$sanExtension = $script:capturedCert.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Subject Alternative Name" }
$sanMatched = $false
if ($sanExtension) {
$sanString = $sanExtension.Format($false)
$sanEntries = $sanString -split ",|, " | ForEach-Object { $_.Trim() -replace "DNS Name=", "" }
foreach ($san in $sanEntries) {
$sanPattern = [regex]::Escape($san) -replace '\\\*', '[^.]+'
if ($server -match "^$sanPattern$") {
$sanMatched = $true
break
}
}
}
# Flag if cert subject/SAN does not match expected host
if (-not $sanMatched -and
$certSubject -notmatch [regex]::Escape($server) -and
$certSubject -notmatch [regex]::Escape($serverDomain) -and
$certSubject -notmatch "atera\.com" -and
$certSubject -notmatch "pubnub\.com" -and
$certSubject -notmatch "pubnubapi\.com") {
# Check if it's a known CDN provider before flagging as suspicious
$knownCDNs = @("akamai", "cloudfront", "fastly", "azureedge", "windows.net", "amazonaws.com")
$isCDN = $false
foreach ($cdn in $knownCDNs) {
if ($certSubject -match $cdn -or $certIssuer -match $cdn) {
$isCDN = $true
break
}
}
if ($isCDN) {
Write-Host "CERT OK : $server — served via CDN ($certSubject)" -ForegroundColor Green
} else {
Write-Host "CERT WARN: $server — subject '$certSubject' does not match. Possible SSL inspection." -ForegroundColor Yellow
$global:connectionIssues = $true
}
} else {
Write-Host "CERT OK : $server — Subject: $certSubject" -ForegroundColor Green
}
# Flag known corporate SSL-inspection CA issuers
$suspiciousIssuers = @("Zscaler", "Netskope", "Forcepoint", "BlueCoat",
"Palo Alto", "Cisco", "ContentKeeper", "Symantec SSL")
foreach ($issuer in $suspiciousIssuers) {
if ($certIssuer -match $issuer) {
Write-Host "CERT WARN: $server — issued by '$issuer'. Traffic may be intercepted." -ForegroundColor Yellow
$global:connectionIssues = $true
}
}
# Flag expired or expiring-soon certs
if ($certExpiry -lt (Get-Date)) {
Write-Host "CERT WARN: $server — certificate EXPIRED ($certExpiry)." -ForegroundColor Red
$global:connectionIssues = $true
} elseif ($certExpiry -lt (Get-Date).AddDays(30)) {
Write-Host "CERT WARN: $server — certificate expires soon ($certExpiry)." -ForegroundColor Yellow
}
} else {
# Could not capture cert - likely due to SSL session reuse, not a real issue
Write-Host "CERT INFO: $server — certificate inspection skipped (SSL session reuse)." -ForegroundColor Cyan
}
} catch {
Write-Host "HTTPS FAIL: $server — $($_.Exception.Message)" -ForegroundColor Red
$global:connectionIssues = $true
} finally {
# Always restore the original callback
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $certCallback
}
}
}
}
# Function to check .NET TLS settings
function Check-NetTlsSettings {
$paths = @(
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319",
"HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
)
foreach ($path in $paths) {
try {
$tlsSetting = Get-ItemProperty -Path $path -Name "SystemDefaultTlsVersions" -ErrorAction SilentlyContinue
if ($tlsSetting) {
if ($tlsSetting.SystemDefaultTlsVersions -ne 1) {
Write-Host "TLS setting for .NET Framework at $path is not configured correctly." -ForegroundColor Red
$global:tlsIssue = $true
} else {
Write-Host "TLS setting for .NET Framework at $path is correctly configured." -ForegroundColor Green
}
} else {
Write-Host "TLS setting for .NET Framework at $path not found." -ForegroundColor Yellow
}
} catch {
Write-Host "Error accessing registry path ${path}: $($_.Exception.Message)" -ForegroundColor Red
}
}
}
# Function to check FIPS and MDMEnabled status
function CheckFIPS {
$fipsRegistryKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy"
$mdmEnabledRegistryKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy"
$enabledValue = Get-ItemProperty -Path $fipsRegistryKey -Name "Enabled" -ErrorAction SilentlyContinue
$mdmEnabledValue = Get-ItemProperty -Path $mdmEnabledRegistryKey -Name "MDMEnabled" -ErrorAction SilentlyContinue
if ($enabledValue) {
if ($enabledValue.Enabled -eq 1) {
Write-Host "FIPS is enabled." -ForegroundColor Green
$global:fipsEnabled = $true
} else {
Write-Host "FIPS is disabled." -ForegroundColor Red
$global:fipsEnabled = $false
}
} else {
Write-Host "FIPS registry value not found." -ForegroundColor Yellow
}
if ($mdmEnabledValue) {
if ($mdmEnabledValue.MDMEnabled -eq 1) {
Write-Host "MDMEnabled is enabled." -ForegroundColor Green
} else {
Write-Host "MDMEnabled is disabled." -ForegroundColor Red
}
} else {
Write-Host "MDMEnabled registry value not found." -ForegroundColor Yellow
}
}
# Function to check the version of the Atera agent
function Check-AteraAgentVersion {
$agentPaths = @(
"C:\Program Files\ATERA Networks\AteraAgent\Agent\AteraAgent.exe",
"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"
)
foreach ($path in $agentPaths) {
if (Test-Path $path) {
$fileVersionInfo = Get-Item -Path $path | Select-Object -ExpandProperty VersionInfo
Write-Host "$([System.IO.Path]::GetFileName($path)) Version: $($fileVersionInfo.FileVersion)" -ForegroundColor Green
if ($path -eq "C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe") {
$global:oldAgentFound = $true
} else {
$global:newAgentFound = $true
}
} else {
Write-Host "$([System.IO.Path]::GetFileName($path)) not found at $path" -ForegroundColor Yellow
}
}
}
# Main function to run the checks
function Main {
Write-Host ""
Write-Host "Category: Server Connection Check" -ForegroundColor Cyan
$targets = @{
"pubsub.atera.com" = @(443)
"pubsub.pubnub.com" = @(443)
"app.atera.com" = @(443)
"agenthb.atera.com" = @(443)
"packagesstore.blob.core.windows.net" = @(443)
"ps.pndsn.com" = @(443)
"agent-api.atera.com" = @(443)
"agent-api-v2.atera.com" = @(443)
"cacerts.thawte.com" = @(443)
"agentreportingstore.blob.core.windows.net" = @(443)
"atera-agent-heartbeat.servicebus.windows.net" = @(443)
"ps.atera.com" = @(443)
"atera.pubnubapi.com" = @(443)
"appcdn.atera.com" = @(443)
"atera-agent-heartbeat-cus.servicebus.windows.net" = @(443)
"ticketingitemsstoreeu.blob.core.windows.net" = @(443)
"download.visualstudio.microsoft.com" = @(443)
"dotnetcli.azureedge.net" = @(443)
"agentspoliciesprod.blob.core.windows.net" = @(443)
"builds.dotnet.microsoft.com" = @(443)
"d25btwd9wax8gu.cloudfront.net" = @(443)
"a32dl55qcodech-ats.iot.eu-west-1.amazonaws.com" = @(443, 8883)
"automationtasks.blob.core.windows.net" = @(443)
}
foreach ($target in $targets.GetEnumerator()) {
$server = $target.Key
$ports = $target.Value
foreach ($port in $ports) {
Test-TcpConnection -server $server -port $port
}
}
Write-Host ""
Write-Host "Category: URL Connection Check" -ForegroundColor Cyan
$urls = @(
"https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zip",
"https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip",
"https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.2/AgentPackageAgentInformation.zip",
"https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.zip",
"https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.4/AgentPackageMarketplace.zip",
"https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip"
)
foreach ($url in $urls) {
$request = [System.Net.HttpWebRequest]::Create($url)
$request.Method = "GET"
try {
$response = $request.GetResponse()
if ($response.StatusCode -eq [System.Net.HttpStatusCode]::OK) {
Write-Host ("Connection to ${url} succeeded.") -ForegroundColor Green
} else {
Write-Host ("Connection to ${url} failed. Status code: $($response.StatusCode)") -ForegroundColor Red
$global:connectionIssues = $true
}
$response.Close()
} catch {
Write-Host ("Error connecting to ${url}: $($_.Exception.Message)") -ForegroundColor Red
$global:connectionIssues = $true
}
}
Write-Host ""
Write-Host "Category: Firewall Check" -ForegroundColor Cyan
$thirdPartyFirewallFound = Check-ThirdPartyFirewall
if ($thirdPartyFirewallFound) {
Write-Host "Third-party firewall detected. Skipping Windows Firewall checks." -ForegroundColor Cyan
} else {
Write-Host "No third-party firewall detected. Checking Windows Firewall rules..." -ForegroundColor Cyan
Check-WindowsFirewallRules
}
Write-Host ""
Write-Host "Category: .NET Framework Version" -ForegroundColor Cyan
$dotNetVersion = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\' -Name Version | Select-Object -ExpandProperty Version
if ($dotNetVersion) {
Write-Host "Installed .NET Framework Version: $dotNetVersion"
if ([version]$dotNetVersion -lt [version]"4.5") {
$global:dotNetIssue = $true
}
} else {
Write-Host "No .NET Framework installed or unable to determine version."
$global:dotNetIssue = $true
}
Write-Host ""
Write-Host "Category: IE Proxy Settings" -ForegroundColor Cyan
Write-Host "IE Proxy settings for localsystem:"
$proxySettings = bitsadmin /util /getieproxy localsystem
Write-Host $proxySettings
$global:proxyIssue = $true
Write-Host ""
Write-Host "Category: FIPS and MDMEnabled Status" -ForegroundColor Cyan
CheckFIPS
Write-Host ""
Write-Host "Category: Atera Agent Version" -ForegroundColor Cyan
Check-AteraAgentVersion
Write-Host ""
Write-Host "Category: .NET TLS Settings" -ForegroundColor Cyan
Check-NetTlsSettings
Write-Host ""
Write-Host "Category: Kill msiexec.exe Process" -ForegroundColor Cyan
$msiexecProcesses = Get-Process -Name "msiexec" -ErrorAction SilentlyContinue
if ($msiexecProcesses) {
$msiexecProcesses | ForEach-Object { $_.Kill() }
Write-Host "Killed msiexec.exe process(es)."
} else {
Write-Host "No msiexec.exe process found."
}
Write-Host ""
Write-Host "Category: OS and Version" -ForegroundColor Cyan
$osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
Write-Host "Operating System: $($osInfo.Caption)"
Write-Host "Version: $($osInfo.Version)"
Write-Host ""
Write-Host "Category: Instructions" -ForegroundColor Cyan
if ($global:dotNetIssue) {
Write-Host "Detected .NET Framework version lower than 4.5. Please install a newer version." -ForegroundColor Red
}
if ($global:proxyIssue) {
Write-Host "If you are aware of changes to proxy under local system account, please run the following command:" -ForegroundColor Red
Write-Host "bitsadmin /util /setieproxy localsystem no_proxy" -ForegroundColor Red
}
if ($global:connectionIssues) {
Write-Host "Some servers or URLs are blocked. Please whitelist the blocked servers/URLs." -ForegroundColor Red
}
if ($global:oldAgentFound -and $global:fipsEnabled) {
Write-Host "Old Atera Agent detected. Ensure FIPS is disabled for compatibility." -ForegroundColor Red
}
if ($global:blockRuleFound) {
Write-Host "Detected rule blocking HTTPS traffic. Ensure a rule permitting HTTPS traffic from LAN to WAN for agent-api.atera.com. Consider HTTPS inspection settings." -ForegroundColor Red
}
if ($global:tlsIssue -and $tlsSetting) {
Write-Host "Incorrect .NET TLS settings detected. Run the following commands to fix the issue:" -ForegroundColor Red
Write-Host 'reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" /v SystemDefaultTlsVersions /t REG_DWORD /d 00000001 /f' -ForegroundColor Red
Write-Host 'reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /v SystemDefaultTlsVersions /t REG_DWORD /d 00000001 /f' -ForegroundColor Red
}
}
# Run the main function
Main
Script Details
Upon executing the script on a device, it will initiate a process that assists in diagnosing the most common issues related to the Atera agent. Furthermore, it will provide a series of instructions aimed at facilitating the resolution of the most prevalent problems associated with the Atera agent.
Important Note: The script will attempt to terminate processes related to the MSI installation. If you are concurrently installing a software application, please ensure that the installation is complete prior to running the script.
Unsupported .NET Framework Version
Should the .NET Framework version be lower than 4.5, the script will alert you accordingly. Please make sure that 4.5 or a version higher than 4.5 is installed on your devices.
Firewall Rule Blocking HTTPS Traffic
The script will check whether a third-party firewall is present on the device or if the Windows Firewall is in use.
If a third-party firewall is in operation, please ensure it is configured as outlined in the Firewall section.
If the Windows Firewall is detected, the script will also attempt to identify any blockages that may impede the functionality or installation of the Atera agent. Kindly review the Firewall section as well.
Server and URL Connection Failure
The script will evaluate the device's connection to our servers. Should you observe any blocked servers in the output, please ensure they are whitelisted on your network.
FIPS
The script will verify whether FIPS is enabled on your devices.
- If you are utilizing an older agent version, the script will notify you to disable it, as the older agent is incompatible with FIPS.
- If you are using the newer agent version, FIPS can be enabled, as it is compatible.
Incorrect .NET TLS Settings
The script will check if .NET is configured to redirect to a disabled TLS. Further information can be found in the section below:
Proxy Settings Detected for Local System Account
Proxy settings under the local system account may disrupt the agent connection. If you are aware of any modifications, please ensure to adhere to the steps outlined in the section.
Potential software/devices for blockage
Under your organization's settings, you may need to adjust settings for your Anti-Virus, Firewall, Proxy, or Geo-blocking. The following is a list of configurations that must be applied to all relevant applications.
.NET Framework
Atera is compatible exclusively with versions of the .NET Framework that are newer than 4.5. Please ensure that you have the appropriate version installed.
Anti-Virus
Include the following paths in the Antivirus whitelist:
- C:\Program Files\Atera Networks (or C:\Program Files (x86)\ATERA Networks for 32bit)
- C:\Windows\Temp\AteraUpgradeAgentPackage
You may need to enable/add an exemption policy for scanning password-protected ZIP files (or allow unscannable content to pass).
For testing purposes, consider whitelisting the folder: C:\Windows\Installer
After completing the whitelisting process, proceed to initiate another installation. Remember to remove the whitelist once the testing phase is concluded.
Firewall
In certain network environments where HTTPS traffic is restricted, ensure the addition of a rule permitting HTTPS traffic from LAN to WAN, specifically for the Atera address:
- agent-api.atera.com
Additionally, HTTPS inspection (Deep Packet Inspection/SSL Inspection) may lead to blockages; it is crucial to either disable HTTPS scanning or include Atera and its servers in the inspection whitelist.
Important Note: The Great Firewall of China is currently blocking certain servers essential for AteraAgent to report device availability (online/offline status). Consequently, machines situated in this country may not be manageable from the console. While using a VPN connection may potentially bypass these restrictions, please be advised that we cannot offer specific instructions or support for configuring such setups.
Nmap Whitelist (Network Discovery)
Before running Network Discovery, we recommend whitelisting Nmap to prevent potential disruptions or false positives from security software, antivirus solutions, or endpoint detection and response (EDR) systems.
Doing so helps ensure the scanning process runs smoothly and that all discovery results are captured accurately. For detailed instructions on how to whitelist Nmap, please see Nmap Whitelist Guide for Antivirus Software.
Proxy
Proxy and web-filtering systems are frequently encountered and can impact the stable behavior of the agent.
Ensure that outbound traffic on ports 443 and 8883, as well as file extensions ZIP and EXE from our website (Atera address: agent-api.atera.com), are permitted.
Important Note: Please be aware that Atera does not provide support or guidance for proxy configuration.
Geo-blocking
As an example, SonicWall routers, renowned for their Geo-Blocking features, may require specific configurations.
Ensure the allowance of content traffic, in addition to permitting TCP traffic on ports 443 and 8883, for optimal functionality.
Proxy under local system account
Enabling proxies locally on your device, within a local system account, may impact the proper functioning of the Atera agent. For testing purposes, it is crucial to disable the proxy within the local system account.
To verify the proxy status, execute the following command in CMD with administrative privileges.
bitsadmin /util /getieproxy localsystem
To deactivate the proxy running on your local system account, execute the following command in CMD as an Administrator.
bitsadmin /util /setieproxy localsystem no_proxy
TLS configurations implemented using the third-party tool IIS Crypto
IIS Crypto, is notorious for disrupting TLS communications by introducing unconventional values for registry keys. For optimal security, all TLS keys (Enabled/DisabledByDefault) should strictly adhere to values of 0 or 1, indicating disabled or enabled states, as outlined in the official Microsoft documentation on TLS registry settings:
The alterations made by IIS Crypto result in non-standard values that compromise communication over the protocol.
.NET settings for TLS
Occasionally, .NET may be directed to interact with a disabled TLS, disrupting Atera communication, given that it is a .NET application.
To address this issue, execute the following commands in an elevated CMD instance:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" /v SystemDefaultTlsVersions /t REG_DWORD /d 00000001 /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /v SystemDefaultTlsVersions /t REG_DWORD /d 00000001 /f
FIPS
FIPS is not supported for older agent versions; enabling it may result in issues with the agent. If your device operates with an agent version lower than 2.0.0.0, please ensure that FIPS is disabled.
For agents that are version 2.0.0.0 or higher, FIPS can be enabled, as it is compatible with the standard.
To disable FIPS, you may execute the following command on the device using PowerShell.
# Disable FIPS Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy" -Name "Enabled" -Value 0 # Disable MDMEnabled (if applicable) Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy" -Name "MDMEnabled" -Value 0 Write-Host "FIPS and MDMEnabled have been disabled." -ForegroundColor Green
Cloned machines
Atera advises against installing the AteraAgent as part of a clone image, as doing so may lead to duplicated devices reporting to the console. For guidance on setting up a golden image with Atera and troubleshooting potential issues related to golden images and cloned machines, refer to the following article.
Outdated Atera agent installers
Using an outdated installer may lead to issues during the Atera agent installation process. It is advised to utilize an up-to-date installer when installing the agent on a new device. To generate an up-to-date installer, simply follow the steps outlined in our main article.
System Resource Usage (Disk Space and Memory)
This section covers common system resource issues related to disk space and memory usage that may impact the stability and performance of the Atera Agent.
Poor communication between the agent and Atera servers
This is commonly due to firewall rules, antivirus blocks, or network misconfiguration.
Unsupported or outdated operating systems
Running the agent on unsupported or outdated OS versions may result in abnormal resource consumption.
Conflicts with security or monitoring software
Antivirus software, Exchange monitoring thresholds, patch management tools, or similar solutions may repeatedly scan agent files, leading to increased memory usage.
Corrupted agent installation or agent packages
A damaged installation or corrupted packages may cause the agent to behave unexpectedly.
Excessive or redundant monitoring items in threshold profiles
Overloaded or improperly configured threshold profiles may significantly increase agent resource usage.
High data processing from monitoring scripts
High memory consumption may occur when a large number of system tool scripts are configured in monitoring or threshold profiles.
These scripts can cause the agent to gather and process large volumes of system data, significantly increasing memory usage, particularly on devices with limited RAM.
To resolve high data processing and memory usage caused by monitoring scripts in the Atera agent, reduce the number of script-based and resource-intensive monitoring items in your threshold profiles, especially for resource-hungry checks like Exchange; create leaner profiles and assign them only as needed
Older agent versions
Older agent versions are known to consume higher system resources.
It is strongly recommended to install and maintain the latest agent version.
