Enterprise resource
Endpoint Agent Security Checklist
Security and IT review checklist for outbound endpoint agents on desktop, VDI, and segmented networks.
Checklist
- Confirm outbound-only connectivity and firewall rules
- Document agent identity and certificate rotation
- Define capability matrix per environment
- Review local evidence storage and retention
- Validate redaction for screenshots and logs
- Test desktop or VDI target application
- Verify PAM integration for credentials
- Check agent upgrade and rollback procedure
- Inventory stale or offline agents
- Map hybrid web/desktop journey coverage
- Review Citrix/VDI session constraints
- Validate signed capsule verification on agent
- Confirm no inbound ports to protected networks
- Audit trail sample for runs and denials
- Segregation of duties for agent admin roles
- Emergency disable/kill-switch procedure
- Data residency alignment for local artifacts
- Pen-test scope for agent binary integrity
- Operational monitoring and alerting hooks
- Representative workflow documented for security review
