Onboarding

There are three ways to deploy DefensX.

a-) Using RMM (Remote Monitoring and Management) tool

Under the Policy Groups—> Endpoint Deployments menu, click on the RMM button:

it will provide related RMM script. This script can be used with any RMM tool to deploy DefensX. You can play with the parameters and copy the install script.

b-) Using Intune/GPO

c-) Manual installation

Downloading the MSI installer from https://get.defensx.com and run the MSI file. You will need to copy the installation key from the Endpoint Deployments menu.

You can navigate to Policies page and find the Agent Downloads section in the DefensX Backend. If you don’t have access to login into the DefensX Backend, it is also possible to get the latest version from https://get.defensx.com.

Under the Policy Groups—> Endpoint Deployments menu, click on the RMM button, it will provide generic msi installation command and examples scripts for Mac MDM setups. You can play with the parameters and copy the generated msi command or MDM scripts.

Click on the left menu—> Management/Users—> Users link and click on + New User

fill in related information and then you need to check the “Is customer admin” checkbox before creating the user.

When creating a new customer, it is possible to use default configuration templates. This step will create the initial configuration based on the most common needs. Selecting a base security level at this stage does not prevent any further customization. You can always change the settings or create multiple advanced policy groups later. The following modes are available:

This mode will help determine the customer’s attack and risk surface without interfering with end-user activity. We will not take any actions or apply any limitations to the end-user. We recommend this mode for the initial deployments for a short period.

In basic mode, known risky websites are automatically blocked, such as phishing sources, keyloggers, botnets. Also, common categories such as adult content and gambling are blocked too.

All the user consents are enabled, allowing end-users to accept the risk and override the block actions.

In the standard mode, known risky websites are automatically blocked, such as phishing sources, key-loggers, botnets. Also, common categories such as adult content and gambling are blocked too. All the user consents are enabled on the low-risk websites, allowing end-users to accept the risk and override the block actions if the risk score is low. In this mode, we will display uncategorized websites read-only.

In this mode, additional strict blocking rules are applied. No consents are allowed for the end-users; they cannot override the security decision. End-users will be able to visit websites that have a low-risk score.

It is possible to switch between protection modes for default policy. You can always alter the configuration by editing the policies.

Click Policies-→ Policy Groups

and click on the green protection mode indicator to switch in between modes.

Bypass option, which can be enabled per agent or per deployment group provides 300 seconds of bypass of the DefensX protection. In this mode, DefensX will log every action, check for threats but will not perform any blocking action. After 300 seconds all the protections will be automatically restored.

You can enable or disable bypass mode from Policy Groups—> Endpoint Deployments —> Advanced Options

When the option is enabled, on the operating system agent right-click menu, Bypass Protection button will appear.

Yes. This is called bypass protection.

DefensX has layered multiple local policy caches, the cached policies will continue to apply. For the rest of the web pages, files or credentials, those related policies are not cached will be open in read-only mode with an end user consent enabled. When the connection is restored, necessary logs will be pushed to the cloud.

Kernel driver mode enables transparent DNS management in the Windows operating system. It enables VPN and other network layer tools to work seamlessly with DefensX agent.

Under the Policies—> Policy Groups—> End Point Deployments

Click on the number below Deployed Agents