How does the Agent clean up behind itself?
ANSWER The Agent attempts to minimize any attacks that would leave any room for clean up after testing. Most of the attacks that are performed include techniques that strictly leverage memory as opposed to writing files to disk.
In some other cases, a service may be temporarily started on a system, but it is removed (and confirmed) by the tools used after exploitation is complete. The same goes for any registry settings that may be temporarily changed during the duration of the penetration test.