Agent Blocked by Firewall or Endpoint Protection

Last updated: December 19, 2025

This article explains how to diagnose and resolve issues where a Cyrisma agent is installed but is blocked from communicating with Cyrisma services due to firewall rules or endpoint protection controls.

Symptoms

  • Agent installs successfully on the agent host

  • Agent does not appear in Cyrisma

  • Agent does not appear in Agents waiting for provisioning

  • Agent logs show pairing or connection failures

  • Installation logs reference blocked network communication

Common Causes

  • Firewall rules blocking outbound HTTPS traffic

  • Endpoint protection software blocking agent processes

  • Security tools blocking PowerShell execution used by the agent

  • Network filtering preventing access to Cyrisma service URLs

Diagnostic Steps

Follow the steps below in order. Do not skip steps.

1. Verify Outbound Firewall Rules

The Cyrisma agent requires outbound network access to communicate with Cyrisma services.

What to check

  • Outbound HTTPS (TCP 443) traffic is allowed

  • No firewall rules are blocking outbound connections from the agent host

Required destinations

  • https://msp.cyrisma.com

  • Your Cyrisma instance URL (for example: https://ccXXXXXX.cyrisma.com)

If outbound traffic is blocked, the agent will install locally but will not register or appear in Cyrisma.

2. Check Endpoint Protection and Antivirus Controls

Endpoint protection tools may block agent activity during or after installation.

What to check

  • Antivirus or EDR logs on the agent host

  • Alerts related to blocked executables, scripts, or network activity

  • Policies restricting PowerShell execution

Agent components that may require allowance include:

  • The Cyrisma agent installation directory

  • Agent executables

  • PowerShell processes initiated during installation or pairing

If blocks are identified, configure exclusions and restart the Cyrisma agent.

3. Review Agent Logs for Block Indicators

Agent logs provide confirmation when communication is blocked.

Windows log location

  • C:\Cyrisma_Agent\logs\

Common indicators

  • Pairing failure messages

  • “Unable to connect to the remote server”

  • Network or HTTPS connection errors

If these indicators are present, focus remediation on firewall or endpoint protection controls.

Resolution

Most firewall or endpoint protection issues are resolved by:

  • Allowing outbound HTTPS traffic to Cyrisma service URLs

  • Adding exclusions for Cyrisma agent components in endpoint protection software

  • Allowing PowerShell execution required by the agent

After changes are applied, restart the Cyrisma agent and verify that it appears in Cyrisma or in Agents waiting for provisioning.

When to Contact Support

Contact Cyrisma Support if:

  • Outbound HTTPS connectivity is confirmed but the agent remains blocked

  • Agent logs continue to show pairing or connection failures

  • The issue occurs consistently across multiple agent hosts

Provide:

  • Agent host operating system and version

  • Relevant agent log files

  • Confirmation that firewall and endpoint protection rules were reviewed