Agent Reference Guide
Windows Agent
2 min
windows agent capabilities window agents can block, elevate, and allow applications or processes with advanced and generic rules with the application name, hash, version, certificate, vendor, publisher, and path according to agent mode, applications with no rules (gray listed applications) can be blocked or allowed elevation can be done via mfa, managerial approval, or both on an application basis the child process (subprocess) of the applications can be blocked or allowed local user login can be blocked or allowed on an agent group basis generic rules are applied to every user (local admin or standard users) advanced rules are applied to specific users or user groups on specific servers/clients advanced rules suppress generic rules realm infrastructure is supported but not mandatory for agents if the user and device are not under the same device, the device realm agent blocks the end user's login to the server or client also, direct access needs to be given for user login on the user group level realm infrastructure can be bypassed on an agent group basis when disabled every action that creates a process is logged to kron pam session logs every authentication attempt is logged to kron pam authentication logs agent can discover applications under a folder and a job can be created periodically checks client (win 10/11) and server (2016/2019/2022) endpoints can receive different generic policy rules all run right, for specific users can be defined this means that defined user/users in configuration will not be policed if there are no exceptional users in configuration, local users can be blocked to login endpoints this is also configured on an agent group basis temporary local administrator rights can be given to end users application inspection integration with this feature, we integrate kron pam with virus total discovered applications queried over virus total and ranked as malicious, suspicious, and undetected agent can apply policies to windows services, for instance; if a local admin is needed to restart a windows service, you can give allow the right to a non administrator account or even if the user is a local administrator right you can apply a deny policy to remove any right on windows services kron endpoint privilege manager (epm) enforces the principle of least privilege, helping organizations prevent and contain attacks on endpoint devices this minimizes the chances of data theft or encryption for ransom by combining privilege management, application control, and credential theft prevention, epm effectively reduces the likelihood of malware infiltrating systems in today’s landscape, corporate networks are increasingly exposed to threats, making application control and user privilege management essential epm offers an integrated approach that covers application control, privilege management, and threat defense this comprehensive solution provides precise controls to secure desktop and server environments implementing a risk based application control framework sets default actions for handling unclassified applications across your windows ecosystem