teChnology 71
4.3.3 Detection Methods
Agents have a far more integrated view into the inner workings of
a host. ey are placed in a position to be aware of any changes to
the system as soon as they occur. Although implementation does not
always take this approach, doing so brings it much closer to sharing
capabilities with end point security agents.
File checksums, the contents of registry entries, and configura-
tion files are analyzed for vulnerabilities. Since the type of host is
well-known to the agent, the specific set of necessary vulnerability
checks are known in advance. Since the agent typically runs as a sys-
tem process, it has access to all of the files and even memory space
necessary to make an accurate assessment the instant a cha ...