The Vanta agent checks four things on a laptop: whether the disk is encrypted, whether a password manager is installed, whether antivirus is running, and whether the screen locks on its own. That is the entire job. It is a lightweight background program that reports those signals back to Vanta so your compliance evidence stays current without anyone emailing screenshots to an auditor. Most of the confusion around it comes from one of two directions: people expect it to manage their fleet like a full device-management platform, or they worry it reads far more than it does. Neither is true, and the gap between those two assumptions is where this guide lives. What follows covers what the agent collects, what it deliberately ignores, how it talks to the Vanta platform, how it stacks up against a full MDM, and which compliance frameworks the evidence ends up supporting. What Is the Vanta Agent? The Vanta agent is a small program installed on employee computers to continuously confirm that each device meets a short list of security requirements. If you have seen it referred to as the Vanta Device Monitor, that is the same product under an earlier name. The two terms are interchangeable. Under the hood, it runs a hardened build of osquery, an open-source framework that exposes operating system state as a queryable SQL database. Vanta ships a modified version that strips out the tables it considers risky, which is why the agent can read a disk-encryption flag but cannot pull your browser history or SSH keys. It is read-only by design. It inspects configuration and reports back; it never changes a setting on the machine. Vanta positions it primarily for smaller fleets, generally companies running fewer than about 75 devices, where standing up a full management platform would be overkill. What Does the Vanta Agent Do? The agent exists to turn a recurring manual chore — proving that every laptop is configured securely — into something that happens quietly in the background. Continuous Device Monitoring Once installed, the agent keeps tabs on the device’s security posture on an ongoing basis rather than at a single point in time. This matters because audits care about whether a control held throughout the period, not whether it happened to be true the morning someone took a screenshot. Continuous checks caught the laptop with encryption switched off last Tuesday. Automated Compliance Checks Each signal the agent gathers maps to a control your auditor wants evidence for. Instead of chasing employees for proof that their disk is encrypted, the check runs automatically, and the result flows into Vanta as evidence. The work that used to eat days of an onboarding cycle collapses into a background process. Real-Time Security Posture Tracking The findings appear in Vanta as pass or fail states against each requirement, so a security lead can see fleet-wide compliance at a glance. A device that drifts out of compliance surfaces quickly, which shortens the window between a problem appearing and someone noticing it. What Information Does the Vanta Agent Collect? This is the question employees actually care about, and the honest answer is reassuring: the agent collects security configuration, not content. It does not transmit passwords, environment variables, SSH keys, emails, or browsing history. It reads whether protections are switched on, not what you are doing with the machine. Insider Note: The reason the agent cannot snoop even if someone wanted it to is architectural, not a policy promise. Vanta deploys a modified osquery build that removes the tables capable of reading sensitive content. The dangerous queries are not blocked at the dashboard; they are absent from the binary. That distinction is worth raising directly when an employee pushes back on installation. Operating System and Version Details The agent records the OS and version so Vanta can confirm the device runs a supported, patchable platform. An end-of-life operating system is a control failure in its own right, and this is how it gets flagged. Disk Encryption Status It checks whether full-disk encryption is active — FileVault on macOS and BitLocker on Windows. This is the single most universally required device control across every major framework, which is also why it is the one Linux check the agent does support. Screen Lock and Password Policies The agent verifies that the screen locks automatically after a period of inactivity and that a password or equivalent is required to get back in. An unlocked laptop left on a train is a textbook breach, and this control is the cheapest defense against it. Antivirus and Firewall Status It confirms that antivirus or endpoint protection software is installed and running. The point is not to endorse a particular product but to prove that some recognized protection is active and has not been quietly disabled. Installed Software and Auto-Update Settings To detect the controls above, the agent reads the list of installed applications — for example, to confirm a password manager is present — along with update-related settings. It is reading the inventory to verify protections exist, not building a behavioral profile of the user. How Does the Vanta Agent Work? How the Agent Communicates with the Vanta Platform After installation, the employee registers the device against your Vanta account, which links that machine to its owner. From then on the agent runs its checks locally and sends only the results — the pass or fail signals — up to Vanta over an encrypted connection. The raw system queries stay on the device. What travels is the verdict, not the underlying data. How Often the Vanta Agent Runs Checks The agent uses osquery’s scheduled-query model, meaning each check runs on a recurring interval in the background rather than continuously hammering the system. Results sync to Vanta periodically through the day, and the platform’s tests re-evaluate on a regular cadence so a freshly remediated device clears its failing check without anyone forcing a manual refresh. In practice, a fixed laptop usually shows green within hours, not at the