Agent Reference Guide
Windows Agent
1min
- Windows agents can block, elevate, and allow applications or processes with Advanced and Generic Rules with the application name, hash, and version.
- Applications that have no rules (gray-listed applications), can be blocked or allowed according to Agent Mode.
- Elevation can be done via MFA, Managerial approval, or both on an application basis.
- The child process (subprocess) of the applications can be blocked or allowed.
- While entering the server/client MFA can be asked to the end user.
- Local user login can be blocked or allowed on an agent group basis.
- Generic rules are applied to every user (local admin or standard users). Advance rules are applied to specific people on specific servers/clients. Advanced rules suppress generic rules.
- Realm infrastructure is supported for agents, if the user and device are not under the same Device Realm agent blocks the login for the end user. Also, on a user group level, direct access needed to be given for user login
- Every action that creates a process is logged to Kron PAM Session logs.
- Every authentication attempt is logged to Single Connect Authentication logs.
- An agent can discover applications under a folder and a job can be created periodically checks.
- Client (win 10/11) and Server(2016/2019/2022) endpoints can receive different generic policy rules.