Panda Endpoint Agent comprises the following four main components:
Administration agent
Local processes
Watchdog
Task scheduler
In the following diagram, AdminIEClientPath is the root path where the modules are installed.
WasAgent– Root installation folder of Panda Endpoint Agent.
Common – Folder with the common files, such as WalAgApi.dll, kernel libraries, etc. A subfolder called "Data" is created in this folder during execution of local processes.
Scheduler – Folder where the task scheduler files will be saved.
Scheduler\Config – Folder where the task scheduler tokens will be saved.
WaHost – Folder where the administration agent service files will be saved. A subfolder called "Data" will be created in this folder during execution of local processes.
WalConf – Folder where the WalConf local process files will be saved.
WalTest – Folder where the WalTest local process files will be saved.
WalLnChr – Folder where the WalLnCh local process files will be saved.
WalNtf – Folder where the WalNtf local process files will be saved.
WalPsEvt – Folder where the WalPsEvt local process files will be saved.
WalQtine – Folder where the WalQtine local process files will be saved.
WalReport – Folder where the WalReport local process files will be saved.
WalScan – Folder where the WalScan local process files will be saved.
WalSNet – Folder where the WalSNet local process files will be saved.
WalSysCf – Folder where the WalSysCf plugin files will be saved.
WalSysIn – Folder where the WalSysIn plugin files will be saved.
WalSysUd – Folder where the WalSysUd plugin files will be saved.
WalTask – Folder where the WalTask plugin files will be saved.
WalTest – Folder where the WalTest local process files will be saved.
WalUpd – Folder where the WalUpd local process files will be saved. A subfolder called "Data" will be created in this folder during execution of the local process.
WalUpd – Folder where the WalUpd local process files will be saved. A subfolder called "Data" will be created in this folder during execution of the local process.
WAPWInst – Folder where the files of the installation supervision process will be saved.
WasAgent – Folder where the communications agent files will be saved. When run, the agent creates a subfolder called "Data".
WasAgent – Installation root directory of the administration agent. When run, the agent creates a subfolder called "Data".
WasLpMng – Folder where the local process manager files will be saved.
WasLpMng\Config – Folder where the local process manager tokens will be saved.
Panda Security refers to the Windows registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Security\
AdminIE
Folder where all Endpoint Protection registry entries are created.
ClientSystem
Registry key containing the Panda Endpoint Agent entries. These entries are:
- InstallPath – This contains the root directly in which Panda Endpoint Agent has been installed (“AdminIEClientPath”).
- EventSystem - Contains the event system settings.
- Protections - Contains information about the protection.
WAHost
Contains the administration agent service settings.
SetupEx
Folder in which the registry entries are created which will be used by the Agent installers.
AdminIE
Registry key containing the Panda Endpoint Agent entries used by the installers. These entries are illustrated in the following diagram:
When run, the agent creates the "AgentSystem" key under "ClientSystem". Within this key several entries are created. All the installer has to do is delete the "AgentSystem" key and its entries in the uninstallation process.
All administered computers have the administration agent installed. Along with the agent, local processes are also installed.
Below we list all the agent paths and files of the administration agent and their local processes:
The agent is installed in <AdminIEClientPath>\WasAgent
- WasAgent.conf
- WasAgent.dll
- WaPIRes.exe
- WAInterface.dll
- Wa_AGPRX.dat
- LPTokens.dat
- INTEGRA.dat
- INTEGRA.bak (generated during installation but not distributed)
- INTEGRA.start (generated during installation but not distributed)
- AgentSystem.DAT
- Proxy.dat (generated during installation but not distributed)
During execution of the agent the "Data" subfolder is created with the following files:
- MsiExec.log
- WasAgent.log
- WaHost.log
- WapWinst.log
- Counters.ini
The "AgentSystem" registry key is also created under "ClientSystem". Within this key several entries are created:
- Value1
- Value2
- Value3
If the Internet connection is via proxy, the connection details requested from the user are stored in AgentSystem.dat in the folder <AdminIEClientPath>\WasAgent.
All must be deleted during uninstallation.
Installed in < AdminIEClientPath >\WalConf
- WalConf.ini
- WalConf.dll
The following file is created during the execution of this local process:
Walconf.log
Installed in < AdminIEClientPath >\WalLnChr:
- Wallnchr.dat
- Wallnchr.dll
The following file is created during the execution of this local process:
WalLnchr.log
Installed in < AdminIEClientPath >\WalNtf
- WalNtf.dat
- WalNtf.dll
- WalNtf.ini
The following file is created during the execution of this local process:
WalNtf.log
Installed in < AdminIEClientPath >\WalQtine
- WalQtine.ini
- WalQtine.dll
The following file is created during the execution of this local process:
WalQtine.log
Installed in < AdminIEClientPath >\WalReport
- WalReport.dll
- WalReport.ini
The following file is created during the execution of this local process:
- WalReport.log
Installed in < AdminIEClientPath >\WalScan
- WalScan.dll
- WalScan.ini
The following file is created during the execution of this local process:
WalScan.log
Installed in < AdminIEClientPath >\WalScan
- WalTest.dll
- WalTest.ini
The following files are created during the execution of this local process:
- WalTest.dat
- WalTest.log
- Waltestlt.dat
- Waltestdf.dat
Installed in < AdminIEClientPath >\WalUPd
- WalUpd.dll
- WalUpd.ini
The following files are created during the execution of this local process:
- Counters.ini
- WalUpd.log
The subfolder Data is created and contains the Catalog subdirectory which can have the following files:
- WEB_GUID
- WEB_CATALOG
- LAST_GUID
- LAST_CATALOG
- LOCAL_CATALOG
- RUMOR_TABLE
- LOCAL_CATALOG.TMP
and the Files subdirectory is created which temporarily holds the files needed for updates.
Installed in < AdminIEClientPath >\WalUPg
- WalUpg.dll
- WalUpg.ini
- PavGenUn.exe
- Settings.ini
- UpgradeDialog.exe
- WALPCSMInst.dll
- WAPILnchr.exe
The following files are created during the execution of this local process:
- Counters.ini
- WalUpg.dat
- WalUpg.log
- WAUPGTD.dat
- WAC_Installer.log
- Agent_Installer.log
- WAC_Installer_YYYY-MM-DD_HH.mm.SS.log
- Agent_Installer_YYYY-MM-DD_HH.mm.SS.log
- WAActions.DAT
- WAActM.DAT
- WAAdmR.dat
- WAAdmR.ini
- WAAFREP.DAT
The folder WAActM may be created here to store the files downloaded by the local process to perform certain actions.
The subfolder Data is created and contains the Catalog subdirectory which can have the following files:
- WEB_GUID
- WEB_CATALOG
- LAST_GUID
- LAST_CATALOG
- LOCAL_CATALOG
- RUMOR_TABLE
- LOCAL_CATALOG.TMP
- INSTALLED_PRODUCTS.TMP
and the Files subdirectory is created which temporarily holds the installers needed for product installations/updates.
The AFRep subfolder will store a repository of files downloaded to take protection-related actions.
Installed in < AdminIEClientPath >\WalSNet
- WalSNet.dll
- WalSNet.ini
The following files are created during the execution of this local process:
- WALSNet.log
- WALSNET.dat
Installed in < AdminIEClientPath >\WalScan
- WalTask.dll
- WalTask.ini
The following files are created during the execution of this local process:
- WalTask.log
- SCAN_TASKS.DAT
Installed in < AdminIEClientPath >\WalSysCf
- WalSysCf.dll
- WalSysCf.dat
The following file is created during the execution of this local process:
- WalSysCf.log
Installed in < AdminIEClientPath >\WalSysUd
- WalSysUd\WalSysUd.dll
Installed in < AdminIEClientPath >\WasLpMng
- WapLpMng.exe
- WasLpMng.dll
- Config\Plugins.tok (in the config subdirectory)
- WapLpmng.ini
- WasLpmng.ini
The following files are created during the installation process:
- WapLpmng.log
- WasLpmng.log
Installed in < AdminIEClientPath >\Scheduler
- PavAt.exe
- PavSched.dll
- PavAt3Api.dll
- Config\Plugins.tok (in the config subdirectory)
The following files are created during the execution of this local process:
-Pavsched.cfg (generated during the installation process)
- Tasklist.lst (generated during installation but not distributed)
Installed in < AdminIEClientPath >\WAHost
- WAHost.exe
- WAHostClt.dll
Installed in < AdminIEClientPath >\Common
APIcr.dll
AVDETECT.INI
DATA
libxml2.dll
MiniCrypto.dll
msvcr100.dll
PavInfo.ini
pavsddl.dll
Platforms.ini
PSLogSys.dll
pssdet.dll
psspa.dll
putczip.dll
puturar.dll
putuzip.dll
WalAgApi.dll
WalCount.dll
WALExchInf.dll
WALLMIInf.dll
WALMNAPI.dll
WALOSInf.dll
WALRVNCInf.dll
WALTVNCInf.dll
WALTVWRInf.dll
WALUtils.dll
WalUtils.ini
WALUVNCInf.dll
WaPrxRepos.dll
WaPrxRepos.Ini
WCheckReq.dll
The "Data" subfolder is created during execution, which contains the protection policies so that they are available when the protection is installed.
The following files are created:
- PavInfo
- WALExchInf.log
- WalUtils.log
- WALMNAPI.log
- WALLMIInf.log
- WALRVNCInf.log
- WALTVNCInf.log
- WALUtils.log
- WALTVWRInf.log
- WALUVNCInf.log
Panda Endpoint Agent creates the following service:
- WAHost.exe
Services are installed by calling the executable file through the option “-RegServer”, and are uninstalled through the option “-UnregServer”