Datto RMM Agent

About Datto RMM Agent

The Datto RMM Agent is a lightweight software program installed on a device that supports agent installation. Refer to Supported operating systems and Agent requirements. Datto RMM regularly rolls out agent updates, typically when a new major release comes out. However, updates deemed critical by Datto RMM, such as security updates, may occasionally be rolled out between major releases. The Datto RMM Agent checks for updates every two hours.

The Agent gathers up-to-date information about the device's health and status and communicates it to the web interface. The Agent can be used to proactively monitor a device, deploy patches, push out policies, create alerts and tickets, execute scripts, run scheduled jobs, or enable a remote connection to the device. For information about how to connect to a remote device, refer to Agent Browser.

Agent Process and Agent Service

The Datto RMM Agent Process (AEMAgent.exe) is a child process of the main Datto RMM Agent Service (CagService) and is dedicated solely to performing endpoint monitoring tasks. Audit and other data submissions are performed by the main Datto RMM Agent Service.

Location of the Datto RMM Agent Process and the Datto RMM Agent Service by operating system:

Operating System Datto RMM Agent Service Datto RMM Agent Process
Windows • 32-bit version of Windows: %ProgramFiles%\CentraStage
• 64-bit version of Windows: %ProgramFiles(x86)%\CentraStage
%ProgramData%\CentraStage\AEMAgent
macOS /Applications/AEM Agent.app /usr/local/share/CentraStage/AEMAgent
Linux /opt/CentraStage /usr/local/share/CentraStage/AEMAgent

NOTE  For information on the location of the log files, refer to Agent log files.

Agent modules

Agent modules are separate processes managed by AEMAgent, and they run alongside the Agent Process (AEMAgent.exe).

Web Remote module

When a Web Remote session is established, a new Web Remote Process (RMM.WebRemote) is created for that session. Refer to Initiate a Web Remote session.

Location of the Web Remote Process by operating system:

Operating System Location
Windows %ProgramData%\CentraStage\AEMAgent\RMM.WebRemote\[version]
macOS /usr/local/share/CentraStage/AEMAgent/RMM.WebRemote/[version]

Datto EDR module

When a device is targeted by a Threat Detection monitor in an Endpoint Security policy, AEMAgent downloads an installer called RMM.AdvancedThreatDetection.exe. A successful installation creates agent.exe as a process and registers it as a service with the service name HUNTAgent on Windows and macOS devices and HUNTAgent.service on Linux devices. When a device is no longer targeted by a Threat Detection monitor, the Datto EDR module (process) will be uninstalled and the service will be unregistered.

Location of the Datto EDR module:

Operating System Location
Windows %ProgramData%\CentraStage\AEMAgent\RMM.AdvancedThreatDetection
macOS /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection
Linux /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection

How to...