Windows Agent

windows agent capabilities windows agents can block, elevate, and allow applications or processes with advanced and generic rules with the application name, hash, and version applications that have no rules (gray listed applications), can be blocked or allowed according to agent mode elevation can be done via mfa, managerial approval, or both on an application basis the child process (subprocess) of the applications can be blocked or allowed while entering the server/client mfa can be asked to the end user local user login can be blocked or allowed on an agent group basis generic rules are applied to every user (local admin or standard users) advance rules are applied to specific people on specific servers/clients advanced rules suppress generic rules realm infrastructure is supported for agents, if the user and device are not under the same device realm agent blocks the login for the end user also, on a user group level, direct access needed to be given for user login every action that creates a process is logged to kron pam session logs every authentication attempt is logged to single connect authentication logs an agent can discover applications under a folder and a job can be created periodically checks client (win 10/11) and server(2016/2019/2022) endpoints can receive different generic policy rules