In this article, you will find out about the all-new GUI of the HEIMDAL Thor Agent that we shipped with version 3.0.
1. Home screen
2. Threat Prevention
3. Patch & Asset Management
4. Endpoint Detection
5. Privileges & App Control
6. Email Fraud Prevention
7. Remote Desktop
This is the Home section of the Agent. Here you can see the overall status of each component currently active on the endpoint. You can also find the Synchronize Group Policy button on the top right (which will update the group policy if you need it faster than the set update interval), the sidebar that lets you access each module separately, on the left, and the Notification button (symbolized by the bell icon) which will take you to the notification screen to view any recent alerts and other messages.
The Threat Prevention tab will give you on-the-fly information regarding this specific module, along with statuses for all the sub-modules that encompass it, and quick statistics concerning patterns and detections.
You can also enter each module separately, and view detailed information and reports, as seen here for the DarkLayer Guard™, which displays a history of recently blocked traffic and prevented attacks.
The VectorN Detection™ and TTPC modules will present any malware and process activity, as well as a calculated probability of infection, and the option to view the quarantined items.
PATCH & ASSET MANAGEMENT
The Patch & Asset Management tab shows an overlook at the updates to programs and the operating system itself. Quick statistics here include the number of monitored apps, recent updates and available ones for the operating system.
The 3rd Party Patch Management module shows you the list of apps that can be installed on the machine, as well as a breakdown of each monitored program and its recent updates. Here you can also see if the software is up to date and view the update history. If the group policy currently applied for permits, you here can also select if an app will have auto-update enabled or if it will be monitored at all.
In the Microsoft Updates module, the Heimdal Agent practically takes over the function of updating the Windows operating system, allowing to choose if Auto-updates are enabled (via the Group Policy setting in the Heimdal Dashboard), and view detailed information regarding currently available updates for the OS and the history of previously installed ones.
The Endpoint Detection tab shows you overall information regarding the protection of the machine file system itself. Relevant quick statistics include a number of quarantined and infected files, alerts regarding the Firewall, and ransomware detections.
The Next-Gen Antivirus shows you any logged and categorized infections or quarantined files, displaying the date of the detection, as well as any suspicious files that may pose a risk. In this module, you can also perform a variety of scanning actions to search for infections and remove them. Moreover, scanning activities can be scheduled here to help with automation.
The Firewall module presents you with logged network activity alerts that can vary from inbound/outbound data transfers, possible attacks, or other forms of requests. Moreover, rules can be set here for any executable, address, port, or protocol, offering great granular control over where network access is granted or denied.
The Ransomware Encryption Protection component is vital in detecting and stopping any known ransomware from effectively sealing your data without an option of retrieval. This component functions automatically at all times and is always ready to stop these disasters from occurring.
PRIVILEGES & APP CONTROL
In Privileges & App Control you can assign specific permissions for specific users, while you can also elevate any request received from the users. You can also see detections based on application permission requests, and act upon them.
EMAIL FRAUD PREVENTION
The Email Fraud Prevention module continuously scans email traffic to assess and fraudulent links or attachments that may pose a threat (due to phishing). This component scans all email applications and supports multiple accounts. It will also log and block any suspicious attempts at security.
The Remote Desktop module allows you to connect to any other Host over the network and assist or manage accordingly.
The Settings screen allows you to change various options and parameters, mainly enabling or disabling components. As an example here in the Endpoint Detection category, settings regarding recommended actions to be taken upon detecting threats can be set.
Another example, in the Patch & Asset Management category here, you can normally enable or disable the checking of updates for 3rd Party Software, as well as setting the checking interval in minutes.
Please note that, usually, options here are unmodifiable for Enterprise customers, the settings being managed in the HEIMDAL Dashboard.