Dashboard

The Dashboard is for viewing only currently and is divided into 3 sections - Security, Agent Deployment, and 30-Day Results. All sections display results from the past 30 days and are updated every 24 hours.

Security

• Systems with UAC Off - Systems with UAC Off represent a security risk. With the UAC in an Off-state Windows systems do not generate any UAC events or dialog boxes and therefore AutoElevate has nothing to track or intercept.
• Systems with UAC Low - This number is a combination of the previous number (Systems with UAC Off) as well as machines that have the UAC set to Level 1. With the UAC set to this level Windows systems do not generate any UAC events or dialog boxes and therefore AutoElevate nothing to track or intercept. 
• Operating with Admin Privileges - Machines checking in within the last 30 days which are either actively logged in with a user operating with Admin privileges or were last logged in with an Admin user.

Agent Deployment

• Systems in Audit Mode - Systems with AutoElevate operating in Elevation Audit mode. In Audit mode system state and UAC events are logged but the user experience is not altered. 
• Systems in Live Mode - Systems with AutoElevate operating in Elevation Live mode. In Live mode UAC events are intercepted, users are given the opportunity to initiate real time approval, and rules are automatically applied. 
• Systems Ready to Go Live - Systems that have the UAC On and users which are operating with Standard privileges. This metric is just an informational number and not a functional prerequisite to setting Live mode.

30 Day Results

• Requests Fulfilled - Real-Time requests that were responded to by technicians within the last 30 days. 
• Rules Applied - Instances in the last 30 days where an established rule elevated privileges for the end user without technician intervention. 
• Rules Missed(in Audit Mode) - UAC events that took place on machines operating in Audit mode when the UAC event matched an existing rule. This indicates an instance where automatic elevation (or denial) could have taken place automatically had the agent been in Live mode.

Companies

Each line in the Companies data grid is a company with a group of agents installed and collecting data on. The following is the list of settings and information currently available for each Company:

• Companies+ – Add New Company Manually – Add Company Name and initials.
• total records – Total number of companies including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file.
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions– When a single, multiple or all Companies have been selected (checkbox) then an action from the Action menu button can be taken. 
  • Selection: Refresh – Refresh data for the specific Company chosen.
  • Selection: Merge – Useful with duplicate Companies. Companies can get out of sync if agents are deployed in different ways and are not specified with all the same information. Recommended using a single method of deployment to avoid duplicates.
  • Ticketing System: Link – To link agent to your Ticketing System (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com).
• Group Field – Drag a column header to this field to group by that column.
• Reset Grid – Resets the grid to all its default settings.
• Search Bar– Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid.
• Trash Can Icon – Delete Company Row – Clicking on the “trash can” icon next to each Company asks you to confirm if you wish to delete the Company. You would need to first delete all Computers then all Locations associated with the Company to then allow you to delete the whole Company.
• Pencil Icon – Edit Company – Edit Company Name and Initials.
• Eye Icon– View Company details – 
  • total records – Total number of locations including those not displayed due to active filters. 
  • Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file.
  • Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
  • Actions– When a single, multiple or all Location have been selected (checkbox) then an action from the Action menu button can be taken.
    • Selection: Refresh – Refresh data for the specific Company chosen.
    • Selection: Merge – Useful with duplicate Locations. Locations can get out of sync if agents are deployed in different ways and are not specified with all the same information. Recommended using a single method of deployment to avoid duplicates.
    • Ticketing System: Link – To link agent to your Ticketing System (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com).
  • Pencil Icon -Edit Company Name and Company Initials.
  • Locations+ – Add New Location Manually – Add Location Name.
  • Name – Location Name – This information is pulled from the registry of each machine and communicated back to the Web Admin Portal. If the Location does not exist when the agent 1^st checks in the Location will be created automatically in the Web Admin Portal.
  • Number of Rules – Number of Rules that have been made for either Approval or Denial for the entire Location, or its Computers.
  • Linked to Ticketing System – “TRUE/FALSE” - for tickets to be created for a given Computer, the Company that it belongs to MUST be "linked" but Location may not be required. (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
  • Date Created – Date and Time when the Location was created.
  • Rows – Total number of rows that are being displayed only.
• Name – Company Name – This information is pulled from the registry of each machine and communicated back to the Web Admin Portal. If the Company does not exist when the agent 1^st checks in the Company will be created automatically in the Web Admin Portal.
• Initials – Company Initials (Optional) – Recommended 2 or 3-character initials for the company which will serve as a quick reference in the Mobile Notification app. So as an example, for Contoso, Inc. you may want to enter “CI”. If this field is not included, we will automatically generate initials based on the name of the company.
• Number of Locations – This information is pulled from the registry of each machine and communicated back the Web Admin Portal. If the Location does not exist when the agent 1^st checks in it is created automatically. Locations can be used to organize computers into groups which are specifically location based. For instance, you could create Locations of Atlanta, Denver, New York for a Company or you could make one called Main Office and Laptops or any combination that you desire.
• Number of Rules – Number of Rules that have been made for either Approval or Denial for the entire Company, its Locations, or its Computers.
• Number of Users – The number of users actively logged in.
• Linked to Ticketing System – “TRUE/FALSE” - for tickets to be created for a given Computer, the Company that it belongs to MUST be "linked". (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
• Date Created – Date and Time when the Company was created.
• Rows – Total number of rows that are being displayed only.

Computers

Each line in the Computer data grid is a computer that an agent is installed and collecting data on. The following is the list of data currently available for each Computer:

• For – Select “All Companies” or a specific company’s computers and data.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file.
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions – When a single, multiple or all Computers have been selected (checkbox) then an action from the Action menu button can be taken.
  • Selection: Refresh Selected – Refresh data for the specific Computer(s) chosen.
  • Computer Management: Move – Move selected Computer(s) to another Location. A computer always needs to be associated with a Location under a Company and cannot just be associated with just a Company directly.
  • Computer Management: Delete – Delete Computer Row – This will uninstall the agent from the computer and delete it from the Admin Portal view. If the agent fails to uninstall, it will check back in and be un-deleted and visible again. Computer agents must be upgraded to v2.1.0+ to uninstall. Agents below v2.1.0 will only be removed from the Admin Portal view.
  • Elevation Mode: Elevation Types - CyberFOX
  • Blocker Mode: Managing Blocker Rules - CyberFOX
  • TechnicianMode:Technician Mode - 2FA Authentication & Command Tray - CyberFOX
  • UAC Settings - UAC Levels & Windows User Account Control Settings - CyberFOX
  • Remove Admin Privileges – How to Automatically Remove Admin Privileges - CyberFOX
  • Ticketing System: Link – It is not required that a Computer be linked for tickets to be created. (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
  • Agent Actions: Update – Agents update automatically. Manual option, if necessary, only for “Administrator” and “Technician (Level 3)" roles.
  • Agent Actions: Restart Agent Service – Restart Agent Service (AutoElevateAgent.exe).
  • Agent Actions: Restart WMI Service – Restart Windows Management Instrumentation service. Legacy feature for older agents.
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar– Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid
• Trash Can Icon – Delete Computer Row – Clicking on the “trash can” icon next to each Computer asks you to confirm if you wish to delete the Computer. This will uninstall the agent from the computer and delete it from the Admin Portal view. If the agent fails to uninstall, it will check back in and be un-deleted and visible again. Computer agents must be upgraded to v2.1.0+ to uninstall. Agents below v2.1.0 will only be removed from the Admin Portal view.
• Eye Icon– View Computer details–  
  • General Information
    • Company – Company Name – This information is pulled from the registry of each machine and communicated back to the Web Admin Portal. If the Company does not exist when the agent 1^st checks in the Company will be created automatically in the Web Admin Portal.
    • Location – Location Name – This information is pulled from the registry of each machine and communicated back the Web Admin Portal. If the Location does not exist when the agent 1^st checks in it is created automatically. Locations can be used to organize computers into groups which are specifically location based. For instance, you could create Locations of Atlanta, Denver, New York for a Company, or you could make one called Main Office and Laptops or any combination that you desire.
    • Name – Name of the computer. When an agent is 1^st installed it is assigned a unique identifier by AutoElevate which is how it is identified by the Web Admin Portal. When a computer’s name is changed the Web Admin Portal is aware of that change and updates the computer automatically.
    • Operating System – Operating system, version, and build of the computer.
    • Technician Mode User – Name of user currently logged in in "Technician Mode"
    • Linked to Ticketing System – “TRUE/FALSE” - It is not required that a Computer be linked for tickets to be created. (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
    • Date Created – Date and Time the agent first checked in with the Web Admin Portal.
    • Anti-Virus Enabled? – “TRUE/FALSE” – Displays if the Anti-Virus is enabled or disabled.
    • Anti-Virus Up-To-Date? - “TRUE/FALSE” – Displays if the Anti-Virus is up to date.
    • System Restore Enabled? - “TRUE/FALSE” – Displays if the Windows System Restore is enabled or disabled.
    • Windows Update Enabled? - “TRUE/FALSE” – Displays if the Windows System Update is enabled or disabled.
  • State
    • Status– Computer Status – This information is pulled from the registry of each machine and communicated back the Web Admin Portal. 
      • Green – Online – Agent has checked in within the last 5 minutes, system state updated within the last 60 minutes.
      • Yellow – Recently Offline – Agent has not checked in within the last 5 minutes (but has checked in within the last 30 days), however, system state has been updated within the last 60 minutes. This usually indicates the machine may not have a user currently logged in.
      • Orange – Possible Issue – Agent has checked in within the last 5 minutes, but system state has not been updated for at least 60 minutes. There could be an issue preventing the machine from reporting state. Perhaps a reboot of WMI, the AE Service or Windows is needed.
      • Red – Urgent Issue – Agent version is too old and needs to be manually updated as it does not currently support auto-updating, or some issue is preventing it from reporting any state. Perhaps a reboot of WMI, the AE Service or Windows is needed.
      • Black – Offline – Agent has not checked in within the last 5 minutes (but has checked in within the last 30 days) and system state has not been updated within the last 60 minutes.
      • Grey – Offline – Agent not checked in for 30 days or more. These machines are not counted against the billed Agent license count. If you delete the Agent, this will remove the Agent from the Admin Portal and will initiate an uninstall on the target machine. If the machine is offline, it will receive the command to uninstall if/when it checks in.
    • Elevation Mode – “Audit”, “Policy” or “Live” – When an agent is installed for the 1st time it is automatically installed in “Audit” mode: System Overview – System Agent - CyberFOX
    • Blocker Mode – “Disabled”, “Audit” or “Live” – When an agent is installed for the 1^st time it is automatically installed in “Disabled” mode: System Overview – System Agent - CyberFOX
    • Agent Version – The build version of the AutoElevate agent: AutoElevate Agent Changelog - CyberFOX
    • UAC Status – “On” or “Off”. Displays if the UAC is on or off for the given computer. If the UAC is changed the machine must be rebooted for Windows UAC functionality to behave properly.
    • UAC Admin Level – Displays the UAC Admin Level of 1, 2, 3, or 4: UAC Levels & Windows User Account Control Settings - CyberFOX
    • UAC User Level – Displays the UAC User Level of 1, 2, 3, or 4: UAC Levels & Windows User Account Control Settings - CyberFOX
    • Admin Members – Number of Admin users logged on the machine. Rollover (i) info icon for names.
    • Active User Name - Displays the name of any user that is currently logged into the machine. If it is blank that indicates the machine is logged out.
    • Active User Privilege Type – Displays the privilege level of the currently logged in user. 
    • Domain Member? – “TRUE/FALSE” - Displays if the currently logged in user is a Domain Member (“TRUE”) or a local user (“FALSE”).
    • State Updated – Date and time that the agent has last updated its Status.
    • Checked In – Date and time that the agent has last checked in with the Web Admin Portal. 
  • JUST-IN-TIME ADMIN LOGINS – JIT Auditing - CyberFOX
• Company – Company Name – This information is pulled from the registry of each machine and communicated back to the Web Admin Portal. If the Company does not exist when the agent 1^st checks in the Company will be created automatically in the Web Admin Portal.
• Location – Location Name – This information is pulled from the registry of each machine and communicated back the Web Admin Portal. If the Location does not exist when the agent 1^st checks in it is created automatically. Locations can be used to organize computers into groups which are specifically location based. For instance, you could create Locations of Atlanta, Denver, New York for a Company, or you could make one called Main Office and Laptops or any combination that you desire.
• Status– Computer Status – This information is pulled from the registry of each machine and communicated back the Web Admin Portal. 
  • Green – Online – Agent has checked in within the last 5 minutes, system state updated within the last 60 minutes.
  • Yellow – Recently Offline – Agent has not checked in within the last 5 minutes (but has checked in within the last 30 days), however, system state has been updated within the last 60 minutes. This usually indicates the machine may not have a user currently logged in.
  • Orange – Possible Issue – Agent has checked in within the last 5 minutes, but system state has not been updated for at least 60 minutes. There could be an issue preventing the machine from reporting state. Perhaps a reboot of WMI, the AE Service or Windows is needed.
  • Red – Urgent Issue – Agent version is too old and needs to be manually updated as it does not currently support auto-updating, or some issue is preventing it from reporting any state. Perhaps a reboot of WMI, the AE Service or Windows is needed.
  • Black – Offline – Agent has not checked in within the last 5 minutes (but has checked in within the last 30 days) and system state has not been updated within the last 60 minutes.
  • Grey – Offline – Agent not checked in for 30 days or more. These machines are not counted against the billed Agent license count. If you delete the Agent, this will remove the Agent from the Admin Portal and will initiate an uninstall on the target machine. If the machine is offline, it will receive the command to uninstall if/when it checks in.
• Name – Name of the computer. When an agent is 1^st installed it is assigned a unique identifier by AutoElevate which is how it is identified by the Web Admin Portal. When a computer’s name is changed the Web Admin Portal is aware of that change and updates the computer automatically.
• Operating System – Operating system, version, and build of the computer.
• Elevation Mode – “Audit”, “Policy” or “Live” – When an agent is installed for the 1^st time it is automatically installed in “Audit” mode: System Overview – System Agent - CyberFOX
• Blocker Mode – “Disabled”, “Audit” or “Live” – When an agent is installed for the 1^st time it is automatically installed in “Disabled” mode: System Overview – System Agent - CyberFOX
• Technician Mode User – Name of user currently logged in in "Technician Mode"
• Agent Version – The build version of the AutoElevate agent: AutoElevate Agent Changelog - CyberFOX
• UAC Status – “On” or “Off”. Displays if the UAC is on or off for the given computer. If the UAC is changed the machine must be rebooted for Windows UAC functionality to behave properly.
• UAC Admin Level – Displays the UAC Admin Level of 1, 2, 3, or 4: UAC Levels & Windows User Account Control Settings - CyberFOX
• UAC User Level – Displays the UAC User Level of 1, 2, 3, or 4: UAC Levels & Windows User Account Control Settings - CyberFOX
• Admin Members – Number of Admin users logged on the machine. Rollover (i) info icon for names.
• Active User Name – Displays the name of any user that is currently logged into the machine. If it is blank that indicates the machine is logged out.
• Active User Privilege Type – Displays the privilege level of the currently logged in user. 
• Remove Admin Privileges – Displays Remove Admin Privileges status of On (Global), Off (Global), On (Override) or Off (Override): How to Automatically Remove Admin Privileges - CyberFOX
• Linked to Ticketing System – “TRUE/FALSE” - It is not required that a Computer be linked for tickets to be created. (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
• Domain Member? – “TRUE/FALSE” - Displays if the currently logged in user is a Domain Member (“TRUE”) or a local user (“FALSE”).
• Anti-Virus Enabled? – “TRUE/FALSE” – Displays if the Anti-Virus is enabled or disabled.
• Anti-Virus Up-To-Date? - “TRUE/FALSE” – Displays if the Anti-Virus is up to date.
• System Restore Enabled? - “TRUE/FALSE” – Displays if the Windows System Restore is enabled or disabled.
• Windows Update Enabled? - “TRUE/FALSE” – Displays if the Windows System Update is enabled or disabled.
• Date Created – Date and Time the agent first checked in with the Web Admin Portal.
• State Updated – Date and time that the agent has last updated its Status.
• Checked In – Date and time that the agent has last checked in with the Web Admin Portal. 
• Rows – Total number of rows that are being displayed only.

Elevation Events

Each line in the Events data grid is a UAC event that was recorded from a computer that has an agent that is installed and turned on. The UAC event data is collected regardless of whether the machine is in Audit, Live, or Technician mode if the UAC is on. The following is the list of data currently displayed in the Event screen for each UAC event:

• For – Select All Companies or a specific company’s computers and data.
• Showing records for – Select date range then “Refresh Data” to update screen.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions– When a single, multiple or all Events have been selected (checkbox) then an action from the Action menu button can be taken.
  • Event Management: Convert to Rule – Creating Elevation Rules From UAC Events - CyberFOX
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar– Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
• Company – Name of your client which the computer is registered under.
• Location – Location Group of the computer.
• Computer Name – Name of computer on which the UAC event took place.
• User Name – Name of user that initiated the event. 
• Elevation Mode – “Audit”, “Policy” or “Live” – Mode of agent when UAC event took place: System Overview – System Agent - CyberFOX
• Technician Mode User – Name of user if logged in in "Technician Mode" when UAC event took place.
• Outcome – When UAC event generates a Request and action is taken, the outcomes displayed are: 
  • Approved - 1 Time 
  • Approved - Rule Made 
  • Denied - 1 Time 
  • Denied - Rule Made
  • Outcome is blank - if UAC prompted but no request is sent
• Had Matching Rule – If an event had a matching rule at the time the UAC prompted. If Yes, a link to the rule is included.  
• Vendor – The name of the software manufacturer (i.e. “Microsoft”)
• Name – The name of the application that initiated the UAC event
• Version – Version number of the application collected from the application properties
• Description – Application description collected from the application properties
• Path – Path on the machine where the file is located.
• Publisher Cert Verified? – Displays if the application publisher certificate is valid and verified. 
• Publisher Subject – Displays the different parts of the "Subject" distinguished name found embedded in the publisher certificate.
• Publisher Thumbprint – Displays the Certificate Hash or the "thumbprint" of the certificate used to sign the file.
• Anti-Virus Enabled? – Displays if the Anti-Virus was enabled when the UAC event took place.
• Anti-Virus Up-to-Date? Displays if the Anti-Virus was Up-to-date when the UAC event took place.
• System Restore Enabled? Displays if Windows System Restore was enabled when the UAC event took place.
• Windows Update Enabled? Displays if Windows Update was enabled when the UAC event took place.
• MD5 Hash – the unique MD5 hash calculation for the application.
• SHA256 Hash – the unique SHA256 hash calculation for the application.
• Date Created – Date/Time when the UAC event was created or occurred.
• Rows – Total number of rows that are being displayed only.

Elevation Requests

Each request represents an UAC event in which the user specifically requested the installation. Each line on the Requests screen represents an interaction with a user. The following is the list of data currently displayed in the Request Screen:

• For – Select “All Companies” or a specific company’s computers and data.
• Showing records for – Select date range then “Refresh Data” to update screen.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions – When a single, multiple or all Requests have been selected (checkbox) then an action from the Action menu button can be taken.
• Selection: Refresh Selected – Refresh data for the specific Computer(s) chosen.
• Event Management: Convert to Rule – Depending on role this can be a basic rule or an advanced rule.
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar – Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
• Company – Name of your client which the computer is registered under.
• Location – Location Group of the computer.
• Computer Name – Name of the computer where the user made the request.
• Name – Name of the application being requested.
• Active User Name – Name of the user that was logged into the computer when the Request was made.
• Elevation Type – Elevation Types - CyberFOX
• Active User Privilege Type - Displays the privilege level of the user making the request.
• Status/Result – When UAC event generates a Request and action is taken, the status/results displayed are: 
  • Pending
  • Approved - 1 Time 
  • Approved - Rule Made 
  • Denied - 1 Time 
  • Denied - Rule Made
• Responded By – User who Approved/Denied request. 
• Date Responded – Date/Time request was Approved/Denied. 
• Ticket Number – Ticket number associated with your PSA ticketing system for this request. (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
• File Name – The file name extracted from the path.
• File Path – Path on the machine where the file is located.
• MD5 Hash – the unique MD5 hash calculation for the application.
• SHA256 Hash – the unique SHA256 hash calculation for the application.
• Date Created – Date / Time of the request. 
• Rows – Total number of rows that are being displayed only.

Elevation Rules

The Rules screen displays any rules that have been made for either Approval or Denial and shows if they are a Global, Company, Location, or Computer rule. Clicking on the “trash can” icon next to each rule asks you to confirm if you wish to delete the rule. 

• For – Select “All Companies” or a specific company’s computers and data.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions – When a single, multiple or all Rules have been selected (checkbox) then an action from the Action menu button can be taken.
•  Selection: Refresh Selected – Refresh data for the specific Computer(s) chosen.
• Elevate Type: Elevation Types - CyberFOX
• Password Mode – Admin & User elevation now replace Password Mode & the default System token elevation.
• Ignore Mode – Prevents our Agent from intercepting the UAC and instead allows the UAC to come up and to be displayed to the user, thus "ignoring". 
• Rule Management: Move – Moving Elevation or Blocking Rules - CyberFOX
• Rule Management: Copy – Copying Elevation or Blocking Rules - CyberFOX
• Rule Management: Delete – Removing Elevation or Blocking Rules - CyberFOX
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar – Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
• Company – Name of Company or All Companies rule is set to.
• Location – Name of Location or all locations (Whole Company) rule is set to.
• Computer Name – Name of Computer or all computers (Whole Location rule) is set to.
• Friendly Name – Optional.
• Vendor – Vendor of application.
• Name – Name of the application.
• Description – Optional.
• File Name – Application file name.
• Identification Criteria – Advanced Elevation Rules: File & Publisher Certificate Identification Criteria - CyberFOX
• Approved? – “TRUE/FALSE” – indicates whether the rule is Approved = True or Denied = False.
• Elevation Type – Elevation Types - CyberFOX
• Password Mode – Admin & User elevation now replace Password Mode & the default System token elevation
• Ignore Mode – Prevents our Agent from intercepting the UAC and instead allows the UAC to come up and to be displayed to the user, thus "ignoring". 
• Created By? – Name of the AutoElevate user that made the rule.
• Date Created – Date and Time when the rule was created.
• Rows – Total number of rows that are being displayed only.

Blocker Events

Each line in the Blocker Events data grid is a blocked or allowed or possible blocked or allowed rule event that was recorded from a computer that has an agent that is installed and turned on. The Event data is collected only in Blocker Audit or Blocker Live mode. The following is the list of data currently displayed in the Blocker Event screen for each event:

• For – Select “All Companies” or a specific company’s computers and data.
• Showing records for – Select date range then “Refresh Data” to update screen.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions– When a single, multiple or all Events have been selected (checkbox) then an action from the Action menu button can be taken.
  • Event Management: Convert to Rule – Creating Allow  Rules From Events - CyberFOX
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar– Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
• Company – Name of your client which the computer is registered under.
• Location – Location Group of the computer.
• Computer Name – Name of computer on which the event took place.
• Windows User Name – Name of the logged in user during the event. 
• Technician Mode User – Name of user if logged in in "Technician Mode" when event took place.
• Blocker Mode – “Audit” or “Live” – Mode of agent when the event took place: Managing Blocker Rules - CyberFOX
• Name – The name of the file that initiated the event.
• Path – Path on the machine where the file is located.
• MD5 Hash – the unique MD5 hash calculation for the application.
• SHA256 Hash – the unique SHA256 hash calculation for the application.
• Parent Name – The name of the parent file that initiated the event.
• Parent Path – Path on the machine where the parent file is located.
• Parent MD5 Hash – the unique MD5 hash calculation for the parent application.
• Parent SHA256 Hash – the unique SHA256 hash calculation for the parent application.
• Outcome – When an event is generated from a Blocker Rule the outcomes displayed are: 
  • Allowed (Because Blocker was in “Audit” mode or was an Allow Rule)
  • Blocked (Because it found a matching rule and was in “Live” mode)
• Date Created – Date/Time when the event was created or occurred.
• Rows – Total number of rows that are being displayed only.

Blocker Rules

The Blocker Rules screen displays any rules that have been made for either Block or Allow and shows if they are a Global, Company, Location, or Computer rule. Clicking on the “trash can” icon next to each rule asks you to confirm if you wish to delete the rule. 

• For – Select “All Companies” or a specific company’s computers and data.
• total records – Total number of computers including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Blocker Rules+ – Add New - Create a new Blocker Rule manually.
  • Actions – When a single, multiple or all Rules have been selected (checkbox) then an action from the Action menu button can be taken.
    • Management: Add Rule – Creating Elevation Rules From UAC Events - CyberFOX
  • Group Field – Drag a column header to this field to group by that column.
  • Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
  • Autosave – Automatically save changes to an existing grid view.
  • Search Bar – Filter by rows containing keywords, letters, number, etc.
  • Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
  • Eye Icon - View – View process details such as source and description of their function.
  • Process Name – Native Windows applications, binaries, and .dll files that are typically used as Living off the Land (LOTL) attack vectors.
  • Source – Sources from Microsoft and community projects such as the LOLBAS project.
  • Rows – Total number of rows that are being displayed only.
• Actions – When a single, multiple or all Rules have been selected (checkbox) then an action from the Action menu button can be taken.
• Rule Management: Move - Moving Elevation or Blocking Rules - CyberFOX
• Rule Management: Copy - Copying Elevation or Blocking Rules - CyberFOX
• Rule Management: Delete – Removing Elevation or Blocking Rules - CyberFOX
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar – Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid. 
• Company – Name of Company or All Companies rule is set to.
• Location – Name of Location or all locations (Whole Company) rule is set to.
• Computer – Name of Computer or all computers (Whole Location rule) is set to.
• Name – Name of the process.
• Identification Criteria – Identification Criteria - CyberFOX
• Action – “Allow/Block” – indicates whether the rule is allowing or blocking the process.
• Created By – Name of the AutoElevate user that made the rule.
• Updated By – Name of the AutoElevate user that made changes to the rule.
• Created At – Date and Time when the rule was created.
• Updated At – Date and Time when the rule was changed.
• Rows – Total number of rows that are being displayed only.

Blocker Recommendations

The primary “mission” of the recommendation engine is to proactively block all identified high-risk processes at the global level without causing disruptions. Continuously monitoring the latest activity observed by the Agents, it dynamically adjusts its recommendations to ensure optimal protection.

• Check Icon – Percentage of computers that have blocker enabled either in Audit or Live mode.
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data. 
• Finding – After 48 hours of average uptime across all computers, the recommendation engine analyzes the monitored data and presents results, including which processes were used or left unused during this period.
• Recommendation – Recommended rule that should be created based on the findings.
• Benefit – The benefit of creating such rule based on known LOTL attack vectors.
• ADD BLOCK RULES – Confirm and create recommended rule.
• VIEW APPLICATIONS – A list view of the file names for which a rule is recommended, along with a description of their functions

Users

From the Users screen in the Admin Portal, you can create, remove, reset password, reset 2FA, set Roles, and set Company Access: User Management from the Admin Portal - CyberFOX

• Users+ – Add New User – Add user’s Name, Email Address, Role, Company Access, Notifications and Technician Mode Ticketing (Optional).
• total records – Total number of users including those not displayed due to active filters. 
• Download from Cloud Icon – Export to CSV – Filtered or all data can be exported into CSV file. 
• Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
• Actions – When a single, multiple or all Users have been selected (checkbox) then an action from the Action menu button can be taken.
  • Selection: Refresh Selected – Refresh data for the specific User(s) chosen.
  • Authentication: Remove Password – Remove User’s password to enforce SSO. 
  • Authentication: Reset 2-Factor Auth – Reset User’s multifactor authentication (MFA).
  • Authentication: Send “Password Reset” Email – Expires after 10 minutes.
  • Authentication: Send “Set Initial Password” Email – For Users with the “Has Password” column indicated as “False”. Expires after 72 hours. 
  • Ticketing System: Link – To link User to your Ticketing System (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com).
  • User Management: Delete - Delete User Row
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar – Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid.
• Trash Can Icon – Delete User Row – Clicking on the “trash can” icon next to each User asks you to confirm if you wish to delete the User. 
• Pencil Icon – Edit - Edit user’s Name, Email Address, Role, Company Access, Notifications and Technician Mode Ticketing (Optional).
• Role – https://support.cyberfox.com/settings/360018899091-User-Management-from-the-Admin-Portal#6-default-roles-to-choose-from-2
• Company Access – https://support.cyberfox.com/settings/360018899091-User-Management-from-the-Admin-Portal#3-sets-of-company-access-3
• 2FA Setup? – 2FA setup is required for all initial logins. This service cannot be deactivated. Once you have correctly entered your password you will be required to set up Second Factor Authentication (2FA). AutoElevate is designed to be compatible with any TOTP compliant 2FA authentication app such as Google Authenticator or Duo. You may use the TOTP 2FA authentication app of your choice. Activation of 2FA with Google Authentication and Duo is very similar – From the app(s) click on the “+” sign to add AutoElevate, point your cell phone camera to the QR code, it will add the account and generate a 6-digit code, input the code into the AutoElevate Admin Portal screen.
• Linked to Ticketing System? – (Note: for this functionality to work your AutoElevate system requires Integration to your PSA ticketing system which also may incur a setup fee – for integration please ask your account manager for details or email sales@autoelevate.com)
• Notification Enabled? – https://support.cyberfox.com/settings/360045529031-Enabling-Browser-Based-Notifications-For-Technicians
• Technician Mode Ticketing – Technician Mode Ticketing - CyberFOX
• Date Created – Date and Time when the User was created.
• Rows – Total number of rows that are being displayed only.

Settings

View and create multi-level settings, including Admin Portal customizations, authentication options, agent customizations, security, Just-in-Time, and requests and rules configurations.

• Company Name
• General Info
  • Latest Admin Portal Changes - AutoElevate Admin Portal Changelog - CyberFOX
  • Latest Agent Version – Version number and link to Changelog: AutoElevate Agent Changelog - CyberFOX
  • Agent MSI – Download to latest version: https://autoelevate-installers.s3.us-east-2.amazonaws.com/current/AESetup.msi
  • License Key – Copy license key which is one key for all agents.
  • Ticketing System – Set up or deactivate a ticketing integration or view the current integration. Please note that changes to some integrations may require contacting our support team at support@autoelevate.com:  PSA Ticketing System Integrations - CyberFOX
• Settings
  • Settings+ – Add New Setting – Add a new setting at any level, whether for the entire company, a specific location, or an individual computer, where the lowest level (computer) takes precedence in the hierarchy.
  • Refresh Icon – Refresh Data – This page does not auto-refresh the data when you navigate to the screen. This is to aid in load times if there is a lot of data.
  • Actions – When a single, multiple or all Users have been selected (checkbox) then an action from the Action menu button can be taken.
    • Selection: Refresh Selected – Refresh data for the specific User(s) chose
    • Setting Management: Move - Moving Elevation or Blocking Rules - CyberFOX
    • Setting Management: Copy - Copying Elevation or Blocking Rules - CyberFOX
    • Setting Management: Delete - Removing Elevation or Blocking Rules - CyberFOX
• Group Field – Drag a column header to this field to group by that column.
• Default Grid View – Save a grid view, Delete a grid view or Reset the grid to its default settings.
• Autosave – Automatically save changes to an existing grid view.
• Search Bar – Filter by rows containing keywords, letters, number, etc.
• Crossed Out Eye Icon – Show Column Chooser - Display or hide specific columns from grid.
• Trash Can Icon – Delete Setting Row – Clicking on the “trash can” icon next to each Setting asks you to confirm if you wish to delete the setting. 
• Pencil Icon – Edit - Edit Setting specific options.
• Setting – Name of the setting.
• Value – If enabled, disabled or the specific customization of the setting.
• Updated By – Name of the AutoElevate user that made changes to the setting.
• Updated At – Date and Time when the setting was changed.
• Created At – Date and Time when the setting was created.
• Rows – Total number of rows that are being displayed only.
• Specific Settings - Settings Overview - CyberFOX