Agent Installation II: Client Settings Overview
Adjusting Client Settings
In the client settings, configure the extended settings of the EgoSecure Agents. These settings can also be changed after the Agent installation without reinstalling them.
Adjusting settings
- Go to Administration | Clients | Client settings.
- Edit the setting and click Save.
The client settings are divided into two groups:
- Individually defined settings. These settings are enabled under Administration | Clients | Client settings, but to take effect on Clients, these settings must be additionally enabled under Computer management | <object selection> | Settings | Client settings for a group, for default rights (computer) or for a computer.
- Globally defined settings. The settings take effect on all Clients shortly after being enabled under Administration | Clients | Client settings. They must NOT be additionally enabled under Computer management.
Individually defined settings
Setting group | Setting | Description |
---|---|---|
Disks control |
Control hard disks like external media |
Treats additional hard disks like external media to apply encryption, filter, audit and DLP settings. |
Forbid low level disk access |
Forbids the third-party applications a low-level access to external storage media and to hard disks (if they are controlled like external media). |
|
Forbid file execute access on external storage |
Forbids to execute *.exe and *.dll files on CD/DVD disks, external storage devices (except mobile devices) and additional hard disks (if the Control hard disks like external media option is enabled). |
|
Network shares and thin client storage control |
Allow network shares control |
Allows EgoSecure to control network shares. If disabled, the EgoSecure products will not function on network shares: Access Control (including filters), Secure Audit, Network Share Encryption, Application Control, Data Loss Prevention, Insight Analysis and IntellAct Automation. |
Allow thin client storage control |
Allow EgoSecure to control thin client storage. If disabled, the EgoSecure products will not function on thin client storage: Access Control (including filters), Secure Audit, Network Share Encryption, Application Control, Insight Analysis and IntellAct Automation. |
|
Printers control |
Allow EgoSecure to control access to printers |
Controls access to local printers (physically connected) via EgoSecure instead of Windows. |
Use account expiration date from the Active Directory |
Deny access for expired accounts |
As soon as an AD account expires,
Only the devices from an administrative white list of unique devices are permitted. The administrative white list of unique devices consists of devices assigned to <All users> under Permitted devices | Removable devices | Individual device permissions. |
EgoSecure event log
|
Write EgoSecure events into the Windows Event Viewer |
Writes the Agent activity into the Windows Event Viewer in addition to default log files. |
Write EgoSecure events into Syslog |
Writes the Agent activity into the Syslog in addition to default log files. |
|
Control input devices (BadUSB protection) |
Keyboard Control |
Allows the use of the primary keyboard. To allow other keyboards, add them to Individual device permissions. For details, see: Access Control - Device permissions |
Automatic keyboard registration |
Saves all connected keyboards to the user list of permitted devices. Disable the option once all available keyboards have been registered. |
|
Mouse Control |
Allows the use of the primary mouse. To allow other mice, add them to Individual device permissions. For details, see: Access Control - Device permissions |
|
PRESENSE Connector (External storage analyzer) |
Enable PRESENSE Connector |
Enables the PRESENSE Connector. A certificate is required to use the connector. |
Certificate |
Select a certificate. The certificate must correspond to the certificate of the PRESENSE configuration. |
Globally defined settings
Setting Group | Setting | Description |
---|---|---|
User permissions |
Allow requests for access rights |
Allows users to send requests for changing access rights. Requests are displayed under Administration | Administrator | Access rights requests. |
Allow log files remove |
Allows users to delete log files of the EgoSecure Agent via the context menu of the tray. |
|
Timeout on the client
|
Timeout – common operations |
Defines how long the Agent or the Console waits for response from the Server while performing common operations. |
Timeout – long operations |
Defines how long the Agent or the Console waits for response from the Server while performing long operations such as Agent update, report generation, etc. |
|
Disks control |
Drive letter assignment (first drive letter) |
Defines the first drive letter for external storage devices. This helps to avoid conflicts between network drives and external media. |
Network shares and thin client storage control |
Protect ‘fetrailer.metadata’ file in the network |
Enable the option so that ‘fetrailer.metadata’ file cannot be deleted, moved or renamed. This file protects encrypted network folders from being deleted. |
Deactivate check for Windows offline file caching (not recommended) |
Enable the option to ignore cache for offline files during network encryption. Once the option is disabled and offline files on the network contain cache, then the encryption of these files is not possible. |
|
“Login as” timeout |
Auto reset “Login as” rights |
Define how long a user is permitted to use a login account with the rights of another user. Once the time is over, logout is performed automatically and the rights of the user currently logged on to the operating system are restored. |
Polling |
Enable polling mode |
Enable Polling if the connection between the Server and the Agent cannot always be established due to network configuration (MSP, SaaS, etc.). |
Polling period (min.) |
||
Reduce traffic when metered connection is used |
Forbid Agent update |
Enable the option to forbid the update of EgoSecure Agents from the Server when metered connection is used. Updates of the Agents locally are still allowed. This option works only on Agents with Windows 10. |
Forbid audit data upload |
Enable the option to forbid the audit data upload to the Server from EgoSecure Agents when metered connection is used. This option works only on Agents with Windows 10. |
|
Forbid shadowcopy data upload |
Enable the option to forbid the shadowcopy data upload to the Server from EgoSecure Agents when metered connection is used. This option works only on Agents with Windows 10. |
|
Privacy options (Windows 10 and later) |
Disable transmission of typing information |
Disable the built-in service that collects and sends typing information to Microsoft. |
Disable built-in Telemetry |
Disable the automatic sending of information about your computer, installed programs and possible problems to Microsoft. |
|
Disable Windows Defender SpyNet |
Disable the sending of data samples of possible threats and information about detected infections to Microsoft. |
|
Disable Users Steps Recorder |
Disable the service that records all user steps and processes executed on computer. |
|
Disable Inventory Collector |
Disable the collection of information from all computers in the network about installed applications, devices and system information. |
Making polling mode available
- Under Administration | Clients | Client settings, check the Enable polling mode box.
- Near Polling period (min.), define at what intervals an Agent checks the Server for changes.
- Click Save.
- Polling can now be enabled for all clients.
Enabling polling for default computer or for individual computer
- Go to Computer management.
- In the Computer management work area, select default rights (computer) or a directory service object (OU, computer, group).
- If you enable polling in default rights, the setting is inherited to all computers.
- In the Settings | Client settings tab, select one of the following in the Polling mode area:
- Disable: the polling mode is disabled
- Enable: the polling mode is permanently enabled
- Auto: the polling mode is enabled automatically when needed
- To enable polling only for individual computers or the computers of a group, disable inheritance.
- Click Save.
Next Steps
- Proceed with Agent Installation III: Installation on Windows Computers
- Proceed with Agent Installation IV: Installation on IoT Devices