Agent Reference Guide

Windows Agent

1min

Windows Agent Capabilities

  • Windows agents can block, elevate, and allow applications or processes with Advanced and Generic Rules with the application name, hash, and version.
  • Applications that have no rules (gray-listed applications), can be blocked or allowed according to Agent Mode.
  • Elevation can be done via MFA, Managerial approval, or both on an application basis.
  • The child process (subprocess) of the applications can be blocked or allowed.
  • While entering the server/client MFA can be asked to the end user.
  • Local user login can be blocked or allowed on an agent group basis.
  • Generic rules are applied to every user (local admin or standard users). Advance rules are applied to specific people on specific servers/clients. Advanced rules suppress generic rules.
  • Realm infrastructure is supported for agents, if the user and device are not under the same Device Realm agent blocks the login for the end user. Also, on a user group level, direct access needed to be given for user login
  • Every action that creates a process is logged to Kron PAM Session logs.
  • Every authentication attempt is logged to Single Connect Authentication logs.
  • An agent can discover applications under a folder and a job can be created periodically checks.
  • Client (win 10/11) and Server(2016/2019/2022) endpoints can receive different generic policy rules.