What is Block 64 Discovery Agent?
Block 64 Discovery Agent is a standalone executable (an 'agent') that runs on Windows-based machines, and is used to inventory machines that would be otherwise unreachable by Block 64's agentless inventory technology.
Why did you build it?
Block 64's agentless inventory technology is an elegant way to quickly enumerate and gather the details of any devices accessible from your corporate network - from the desktop to the data center, to the perimeter and out to the cloud.
But what about workers who never join the corporate network whatsoever, even via VPN? What if you don't even have a corporate network, but still need your endpoints inventoried?
That's why we built the Block 64 Discovery Agent - to be able to handle those edge cases with a simple, light executable that will gather inventory data from Windows machines tucked away in home offices, balanced on car seats, or being typed on in coffee shops - machines that are otherwise unconnected from a corporate network. It can be the only way you gather inventory, but it is more likely to be used to augment your existing inventory in cases where there are users who just can't be reached via other means.
Access level Requirements
The Block 64 Discovery Agent can run as a standard, non-privileged user however it will not be able to access Win32_TPM and Microsoft-Windows-Diagnostics-Performance/Operational area. If you require gathering data for Trusted Power Model or Windows Boot Time details, you need to run the application under an administrator account, but to be clear - it will run just fine without that level of access.
Can I deploy the Block 64 Discovery Agent in an On-Prem environment?
Deploying the Block 64 Discovery Agent on domain-joined devices can potentially strain a network's domain controller (DC), even though the Block 64 Discovery Agent doesn't directly interact with it. When the application tries to access information from a domain-joined device, Windows itself may “call home” i.e., contact a DC, to authenticate the request. If thousands of devices are “calling home” at the same time, that can introduce strain on the DC.
To address potential network performance issues and alleviate said strain, we have implemented several controls. First, we have introduced inventory "fuzzing", which staggers the endpoint inventory process, ensuring not all endpoints reach out simultaneously, thus distributing the load more evenly. Additionally, we have incorporated logic which allows the reuse of the authentication context from the initial call for subsequent calls, reducing the overhead of repeated authentications. Despite these measures, caution is still advised when deploying the Block 64 Discovery Agent to a significant number of domain-joined endpoints.
Determining the maximum number of the Block 64 Discovery Agent deployments per customer will vary based on factors such as the size of a DC, number of DCs, their current capacity utilization, and the total number of domain-joined endpoints in the network. When deploying the Block 64 Discovery Agent, if you are uncertain about the potential impact on network performance and the workload of a DC, it is recommended to deploy in smaller batches instead of deploying all at once.
MSI Discovery Agent Deployment vs EXE Discovery Agent Deployment
EXE Block 64 Discovery Agent Deployment:
Automated Deployment:
- Download the Block 64 Discovery Agent exe using the script provided by your Partner or Block 64 Support Agent, on the machine.
- The script needs to run in PowerShell and be sure to have admin priveleges.
- Upon pasting the script in PowerShell and running it, the exe will begin to download
- Once the download is complete the exe will start running
- A CLI window will appear as shown below. Allow to run until you see “Uploaded data to https://sublimation.block64.com/v3/slingshot/upload successfully.” After which, you can close the program if they wish to do so. If the application is left open, it will re-upload data every 2 hours. The application will not continue running after reboot.
Manual Deployment:
- Download the Block 64 Discovery Agent zip folder provided by your Partner or Block 64 Support Agent, on the machine.
- Unzip the folder and extract the files
- Run the executable. A CLI window will appear. Allow to run until you see “Uploaded data to https://sublimation.block64.com/v3/slingshot/upload successfully.” after which, you can close the program if you wish to do so. If the application is left open, it will re-upload data every 2 hours. The application will not continue running after reboot.
- If you see an "Enrollment token not provided." error then ensure that one of the extracted files is an appsettings.json file with your enrollment token in it
Please note: Enrollment tokens are specific to each customer. Do not use duplicate enrollment tokens for different engagements
MSI Block 64 Discovery Agent Deployment:
We've include multiple methods of deploying the Block 64 Discovery Agent. The agent can be deployed through:
- SCCM
- InTune
- GPO
- ESET
- Windows PowerShell
Automated Deployment:
- Download the Block 64 Discovery Agent using the script for your preferred method deployment, provided by your Partner or Block 64 Support Agent, on the machine (MSI).
- Run the script in the appropriate tools for the deployment method
- Tools such as InTune allow you to upload the PowerShell script and run the script on multiple devices
Manual Deployment:
- To deploy manually, simply download the MSI through the provided link
- Go through the steps of installing the MSI
- When you arrive the to the enrollment token screen, copy the provided enrollment token and paste it in
- Go through the rest of the installation process
- Once the installation process is complete, the agent will run as a service and will keep running until the service is stopped or removed
Block 64 Discovery Agent System Requirements
- Block 64 Discovery Agent runs on the .NET 8.0.
- Detailed requirements for the framework are listed here.
- Block 64 Discovery Agent has been tested successfully on up-to-date builds of Windows 10, Windows 11 and Windows Server 2016.
- 5GB of disk space is recommended.
- Outbound access to combine.block64.com & sublimation.block64.com via port 443 in order to send the inventory payload and aggregate it with your other inventory results
Accessing the data collected by the Block 64 Discovery Agent
The data collected by the Block 64 Discovery Agent will aggregate while you are under the 'All Sites' view for your partner. However, if you wanted to simply look at the Block 64 Discovery Agent data ONLY, it will be available under Site titled "Remote Devices" for your specific customer.
NOTE: The default stale-date for Block 64 Discovery Agent inventories is 30 days since the device was last inventoried. If the device is not re-inventoried in this time period, the device will be removed from the Combine portal inventory.
The data gathered by the Block 64 Discovery Agent can be viewed in the following reports:
- Operating Systems
- Installed Software
- Missing Software
- Missing Antivirus
- Windows Hotfix Overview
- Software Vulnerabilities
- Browser Standardization
- Windows CryptoAPI Spoofing
- Meltdown Exposure
- BlueKeep Exposure
- WannaCry/Bad Rabbit Exposure
- Local Storage
- Cloud Assessment
Requirements for Uploading Data:
Outbound access to combine.block64.com & sublimation.block64.com via port 443 in order to send the inventory payload and aggregate it with your other inventory results.
Resource Utilization Collection
The Resource Utilization Collection feature in Block 64 Discovery Agent allows for the collection of resource data, such as memory and CPU usage on a machine. The resource collection runs every 2 hours and uploads the data to combine along with the rest of the data collected by the agent. If you have the exe running, the resource collection will run every 2 hours until the exe is closed. With the MSI, it will continue to collect every 2 hours until the service is stopped or removed from the machine. After the collection is complete through the agent, it uploads to Combine where you can view the data collected.
Data Collected:
The agent will collect the following resource utilization data:
- CPU Usage
- Memory Usage
- IOPS
- Disk Throughput
- Storage data
Where to View the Resource Utilization Data:
Data relating to Resource Utilization can be viewed in the Cloud Migration Dashboard on Combine. The dashboard table will show a summary of the resource data collected for the machine. More data can be viewed by generating a cloud assessment with the remote devices site selected on Combine. It will showcase detailed information on the data collected and provide an assessment based on it.
NOTE: When using the Block 64 Discovery Agent, the Block 64 Agent-less Discovery tools (Block 64 Windows Application and Blockbox) will not reflect the devices inventoried by Block 64 Discovery Agent, as that data is sent directly to the analytics portal, Combine.