Browse Docs

Operating System Agent

In this document

Windows Agent
Mac Agent
Agent Right Click Menu
Controlling Agents Remotely

Windows Agent

Our lightweight windows agent will take control of the DNS messaging once installed. Windows agent has multiple roles, including communicating with web browsers, integrating with Active Directory, enabling local access, and caching policy decisions.

DefensX agent does not use DNS protocol while communicating with our cloud. It uses a secure messaging protocol for policy decisions.

There are two modes of DNS operation within the agent: DNS proxy mode and kernel mode.

DNS Proxy Mode

In DNS Proxy Mode, our agent listens and learns the DNS server settings and keeps track of the updated list. It sets the default DNS to 127.0.0.1 and takes control of the DNS queries. After that, for every DNS lookup, the agent re-sends DNS queries to the number of DNS servers the operating system uses and performs the policy lookup from DefensX Cloud. In this way, our agent works seamlessly with local DNS URLs.

Kernel Mode

In Kernel Mode, our agent does not change any DNS settings on the Windows operating system. Instead, it deploys a kernel DPI module to inspect every DNS query.

Built-in Active Directory Integration

Every DefensX Windows agent will integrate with Windows Active Directory using end-user credentials. By this method, you don’t need to deploy any other software for on-premises AD integration.

Browser Extension Comm.

Our agent communicates with web browser extensions in the backend. It provides single-sign-on functionality for every web browser for DefensX security services.

VPN and Similar Tools

DefensX will work seamlessly with most of the VPN or split-VPN products when kernel mode is enabled.

Mac Agent

Our Mac agent provides all the functionalities that Window Agent provides with only kernel mode exception. It is not supported for the moment.

Agent Right Click Menu

Controlling Agents Remotely

Under the Policies-→Policy Groups screen, you have two options to configure agents remotely:

1 - Per agent group To configure all agents remotely under a deployment group, you can click on the red wheel button near by the deployment name.

2 - Per agent You need to click on the number below the Agent’s to list the deployed agents individually. From the following menu, if you click on red wheel button, it will give you access to the agent deployment options screen.

Following options are available:

Enable LOGON User

When enabled (or not set), DefensX Agent will create a new user on the DefensX backend for every logged in Windows user based on the Windows Logon usernames.

It makes deployments a lot easier for both of the single workspaces or Active Directory environments. It can be set as Disabled in connected AzureAD setups.

Enable IAM User

When Enabled (or not set), DefensX Agent will allow to sign-in users through configured methods (Azure SSO, Google, Octa, Local Users with or without MFA etc.) in DefensX Backend.

Enable Kernel Driver

When kernel driver is enabled, DefensX Agent will try to load kernel drivers to redirect DNS requests itself without changing system wide DNS settings.

If the device can not support kernel mode, our agent automatically falls back to standard mode and continues its operation.

Enable Bypass Mode

When Bypass mode is set to Enabled, DefensX Agent will allow users to temporarily remove protection. It can be useful in some Captive-Portal authentication and troubleshooting.

Knowledge Base

Browse Docs

Introduction

Deployment

Questions & Answers

Integrations

Policy Management

Training Videos

MSP Automation