Skip to main content
Skip table of contents

Armor Agent Pre-Installation

For customers migrating from another tool or platform, you can reference our documentation for uninstalling Alert Logic Endpoint Protection or Sophos Endpoint Security.

Resource Requirements


*Minimum required for installation. VMs might require more memory per your installation configuration.

Requirement

Windows Instance

Linux Instance

CPU

2 Cores

1 Core

RAM

2GB

1GB*

Disk Space

3GB

3GB

Bandwidth

Estimated 50-100Kb per minute, based on the logs generated in your system.

Cronie

For Amazon Linux 2023 only

TLS 1.2 is required to install the Armor Anywhere Agent 3.0.
For more information on TLS 1.2, please visit Microsoft's documentation.

Operating System Compatibility


Operating System

Supported Version for 64-bit Environments Only

AWS Graviton

CentOS

  • 7

  • 8

  • 8

Red Hat Enterprise Linux (RHEL)

  • 6

  • 7

  • 8

  • 9

  • 8

Ubuntu

  • 16.04

  • 18.04

  • 20.04

  • 22.04

  • 24.04

  • 18.04

  • 20.04

Amazon Linux

  • 2015.03

  • 2015.09

  • 2016.03

  • 2016.09

  • 2017.03

  • 2017.09

  • 2018.03

  • Amazon Linux 2

  • Amazon Linux 2023 (To ensure a successful Armor agent installation, please install 'cronie')

  • Amazon Linux 2

Oracle Linux

  • 6

  • 7

  • 8

  • 9


SUSE Linux Enterprise Server

  • 12

  • 15


Windows

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2022

Installing the Armor Anywhere agent for Windows requires Powershell v.3 or higher.


Debian

  • 9

  • 10

  • 11


Alma

  • 8

  • 9


Rocky

  • 8

  • 9.0-9.1


MacOS

  • 10.13 (High Sierra)

  • 10.14 (Mojave)

  • 10.15 (Catalina)

  • 11 (Big Sur)

  • 12 (Monterey)

  • 13 (Ventura)

  • 14 (Sonoma)

  • 15 (Sequoia)


For Windows users, in order to run the install script, you will need to ensure your execution policy allows for the execution of scripts.

  • You can check by executing the following command in Powershell

CODE
Get-ExecutionPolicy -List
  • If the ExecutionPolicy is set to AllSigned or RemoteSigned for LocalMachine, let's UnBlock it for the script installation by adding the UnBlock command to the installation one-liner

CODE
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest https://agent.armor.com/latest/armor_agent.ps1 -outfile armor_agent.ps1 ; Unblock-File -Path .\armor_agent.ps1 ; .\armor_agent.ps1 -license 1AAAA-AAAAA-AAAAA-AAAAA-AAAAA -region us-west


Linux Kernels Compatibility


This document lists the specific Linux kernels supported for each Linux Operating System and Architecture:

Trend Deep Security 20.0 Supported Linux Kernels

Armor agent server upgraded to the latest version of an operating system


When the latest operating system version upgraded for Armor agent server, the Armor backend will not sync with upgraded operating system and AMP still shows previous version of operating system.

Armor recommends running the Toolbox task from the Armor Management Portal (AMP) to update the latest version of the upgraded operating system:

  1. Access the Toolbox in AMP:

    • Log in to the Armor Management Portal (AMP).

    • In the left-side navigation panel, click on Infrastructure.

    • Select Toolbox.

  2. Schedule the Update Task:

    • Click SCHEDULE TASK.

    • From the Product drop-down menu, select Armor Related Commands.

    • From the Operation drop-down menu, select Update Operating System Name.

    • Choose the VM that has been upgraded to the latest operating system version.

    • Click Schedule Task to proceed.

  3. Verification:

    • Once the task is completed, it may take up to 15 minutes for the latest operating system version to be displayed in the AMP portal.

Browser Support


The Armor Management Portal (AMP) supports the current version of the following browsers:

  • Chrome

  • Firefox

  • Internet Explorer

  • Safari

Armor cannot guarantee that previous browser versions will be supported.

Firewall Rules


This topic only applies to Armor Agent for Servers (Armor Anywhere) users.

The following ports will need to be opened for each server registered with Armor.

Armor Agent Services

Traffic

Service

Port

Destination

Outbound

Armor Agent

  • 443/tcp

  • 99.83.175.90

  • 75.2.84.73

    • (agent.api.secure-prod.services)

Outbound*

Malware Protection, FIM, IDS

  • 4119/tcp

  • 4120/tcp

  • 4122/tcp



  • 35.163.135.130

  • 34.214.246.111

  • 52.13.172.208

  • 35.82.104.59

  • 44.227.116.97

  • 35.161.90.161

  • 34.208.189.161

  • 35.81.21.82

  • 35.83.143.229

DNS resolves these URLs:

  • 3a.epsec.armor.com

  • us-west-armor-2.epsec.secure-prod.services

  • us-west-armor-3.epsec.secure-prod.services


Outbound

(for Rackspace users)

Malware Protection, FIM, IDS

  • 443/tcp

  • 4120/tcp

  • 4122/tcp

  • 44.233.170.94

  • 100.20.145.224

  • 34.215.243.248

  • 35.160.62.230

  • 50.112.175.199

  • 35.80.148.233

  • 35.165.165.69

  • 34.218.94.149

  • 35.80.128.250

  • 34.211.37.216

  • 35.81.123.91

  • 52.24.37.221

DNS resolves these URLs:

  • us-west.epsec.secure-prod.services

  • us-west-2.epsec.secure-prod.services

  • us-west-3.epsec.secure-prod.services

  • us-west-4.epsec.secure-prod.services

Outbound

Vulnerability Scanning

  • 443/tcp

  • 64.39.96.0/20

    • (qagpublic.qg3.apps.qualys.com)

Outbound

Log Management (Filebeat / Winlogbeat)

  • 5516/tcp

  • 52.38.171.243

  • 52.26.92.237

  • 35.155.168.100

    • (1d.log.armor.com)

*for Armor Direct or Armor Partner customers


For Log Relay, the following additional ports will need to be opened for each server registered with Armor.

Log Relay Services

Traffic

Service

Port

Destination

Inbound

Log Relay (Logstash)

  • 5140/udp

  • 5141/tcp

  • The IP address for your virtual machine

Outbound

Log Relay (Armor's logging service (ELK))

  • 5443/tcp

  • 5400-5600/tcp (Reserved)

    Armor reserves the right to utilize this port range for future expansion or service changes.


To verify connectivity to an Armor service endpoint, use the telnet command.

The following example tests connectivity to api.armor.com over 443/tcp:

CODE
telnet 75.2.84.73 443

For Windows systems without the telnet feature installed, you can also use PowerShell:

CODE
new-object System.Net.Sockets.TcpClient('75.2.84.73', 443)

Remove Anti-Virus Software

If you intend to use the Anti-Virus module, you must remove any previously installed anti-virus software, such as Trend Micro, SentinelOne, McAfee, etc.

Afterwards, you must reboot your system.

After you install the agent, Armor recommends that you test the connection for each configured firewall rule.

Related Documentation

Additional Documentation for Installing Armor Anywhere with Secure Hosting

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.