Skip to main content
Matrix42 Self-Service Help Center

Agent Installation II: Client Settings Overview

Adjusting Client Settings

In the client settings, configure the extended settings of the EgoSecure Agents. These settings can also be changed after the Agent installation without reinstalling them.

Adjusting settings

  • Go to Administration | Clients | Client settings.
  • Edit the setting and click Save.

The client settings are divided into two groups:

  • Individually defined settings. These settings are enabled under Administration | Clients | Client settings, but to take effect on Clients, these settings must be additionally enabled under Computer management | <object selection> | Settings | Client settings for a group, for default rights (computer) or for a computer.

clipboard_ef5b77f7fd736014e65042a2528414476.png

  • Globally defined settings. The settings take effect on all Clients shortly after being enabled under Administration | Clients | Client settings. They must NOT be additionally enabled under Computer management.

Individually defined settings

Setting group Setting Description

Disks control

Control hard disks like external media

Treats additional hard disks like external media to apply encryption, filter, audit and DLP settings.

Forbid low level disk access

Forbids the third-party applications a low-level access to external storage media and to hard disks (if they are controlled like external media).

Forbid file execute access on external storage

Forbids to execute *.exe and *.dll files on CD/DVD disks, external storage devices (except mobile devices) and additional hard disks (if the Control hard disks like external media option is enabled).
The option works independently of the Access Control product.

Network shares and thin client storage control

Allow network shares control

Allows EgoSecure to control network shares. If disabled, the EgoSecure products will not function on network shares: Access Control (including filters), Secure Audit, Network Share Encryption, Application Control, Data Loss Prevention, Insight Analysis and IntellAct Automation.

Allow thin client storage control

Allow EgoSecure to control thin client storage. If disabled, the EgoSecure products will not function on thin client storage: Access Control (including filters), Secure Audit, Network Share Encryption, Application Control, Insight Analysis and IntellAct Automation.

Printers control

Allow EgoSecure to control access to printers

Controls access to local printers (physically connected) via EgoSecure instead of Windows. 

Use account expiration date from the Active Directory

Deny access for expired accounts

As soon as an AD account expires,

  • access to all user devices and controlled clouds is denied (if the Access Control product is activated);
  • no applications can be started (if the Application Control product is activated), the exception is the applications from the Microsoft Windows vendor;
  • an access to encrypted files is no longer possible.

Only the devices from an administrative white list of unique devices are permitted. The administrative white list of unique devices consists of devices assigned to <All users> under Permitted devices | Removable devices | Individual device permissions.

EgoSecure event log

 

Write EgoSecure events into the Windows Event Viewer

Writes the Agent activity into the Windows Event Viewer in addition to default log files. 

Write EgoSecure events into Syslog

Writes the Agent activity into the Syslog in addition to default log files.

Control input devices (BadUSB protection)

Keyboard Control

Allows the use of the primary keyboard. To allow other keyboards, add them to Individual device permissions. For details, see: Access Control - Device permissions

Automatic keyboard registration

Saves all connected keyboards to the user list of permitted devices. Disable the option once all available keyboards have been registered.

Mouse Control

Allows the use of the primary mouse. To allow other mice, add them to Individual device permissions. For details, see: Access Control - Device permissions

PRESENSE Connector (External storage analyzer)

Enable PRESENSE Connector

Enables the PRESENSE Connector. A certificate is required to use the connector.

Certificate

Select a certificate. The certificate must correspond to the certificate of the PRESENSE configuration.

Globally defined settings

Setting Group Setting Description

User permissions

Allow requests for access rights

Allows users to send requests for changing access rights. Requests are displayed under Administration | Administrator | Access rights requests.

Allow log files remove

Allows users to delete log files of the EgoSecure Agent via the context menu of the tray.

Timeout on the client

 

Timeout – common operations

Defines how long the Agent or the Console waits for response from the Server while performing common operations.
E.g.: timeout can be increased if the network is slow so that operations succeed successfully.

Timeout – long operations

Defines how long the Agent or the Console waits for response from the Server while performing long operations such as Agent update, report generation, etc. 

Disks control

Drive letter assignment (first drive letter)

Defines the first drive letter for external storage devices. This helps to avoid conflicts between network drives and external media.

Network shares and thin client storage control

Protect ‘fetrailer.metadata’ file in the network

Enable the option so that ‘fetrailer.metadata’ file cannot be deleted, moved or renamed. This file protects encrypted network folders from being deleted. 

Deactivate check for Windows offline file caching (not recommended)

Enable the option to ignore cache for offline files during network encryption.
Warning: Enabling the option may lead to data damage!

Once the option is disabled and offline files on the network contain cache, then the encryption of these files is not possible.

“Login as” timeout

Auto reset “Login as” rights

Define how long a user is permitted to use a login account with the rights of another user. Once the time is over, logout is performed automatically and the rights of the user currently logged on to the operating system are restored.

Polling

Enable polling mode

Enable Polling if the connection between the Server and the Agent cannot always be established due to network configuration (MSP, SaaS, etc.).
With Polling, the Agent periodically connects to the Server and updates policies and settings if needed. In addition, define how often Agents check for notifications on the Server.
For details, see Setting up polling mode

Polling period (min.)

Reduce traffic when metered connection is used

Forbid Agent update

Enable the option to forbid the update of EgoSecure Agents from the Server when metered connection is used. Updates of the Agents locally are still allowed. This option works only on Agents with Windows 10.

Forbid audit data upload

Enable the option to forbid the audit data upload to the Server from EgoSecure Agents when metered connection is used. This option works only on Agents with Windows 10.

Forbid shadowcopy data upload

Enable the option to forbid the shadowcopy data upload to the Server from EgoSecure Agents when metered connection is used. This option works only on Agents with Windows 10.

Privacy options (Windows 10 and later)

Disable transmission of typing information

Disable the built-in service that collects and sends typing information to Microsoft.

Disable built-in Telemetry

Disable the automatic sending of information about your computer, installed programs and possible problems to Microsoft.

Disable Windows Defender SpyNet

Disable the sending of data samples of possible threats and information about detected infections to Microsoft.

Disable Users Steps Recorder

Disable the service that records all user steps and processes executed on computer.

Disable Inventory Collector

Disable the collection of information from all computers in the network about installed applications, devices and system information.

Making polling mode available

  • Under Administration | Clients | Client settings, check the Enable polling mode box.
  • Near Polling period (min.), define at what intervals an Agent checks the Server for changes.
  • Click Save.
  • Polling can now be enabled for all clients.

Enabling polling for default computer or for individual computer

  • Go to Computer management.
  • In the Computer management work area, select default rights (computer) or a directory service object (OU, computer, group).
  • If you enable polling in default rights, the setting is inherited to all computers.
  • In the Settings | Client settings tab, select one of the following in the Polling mode area:
    • Disable: the polling mode is disabled
    • Enable: the polling mode is permanently enabled
    • Auto: the polling mode is enabled automatically when needed
  • To enable polling only for individual computers or the computers of a group, disable inheritance.

clipboard_ed5870b744479054c439cb5bdff38d78e.png

  • Click Save.
  • Was this article helpful?