deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu, iOS and IGEL OS 12 are now available.
×
Search

Process monitoring

Use deviceTRUST to check for running processes and react with appropriate controls. In this example, we check for sharing tools and block the access to a remote session, if such is running.

With release 21.1.200 and later , we added a method for checking for running processes on Windows devices. This can be either local devices (Fat Clients) or remote devices (e.g. in a Citrix or AVD environment).

This article describes how you can use deviceTRUST to check for running processes on a remote device in a remoting scenario and apply controls inside the remoting session.

As processes, we will use “Snipping Tool” and “Zoom”, the control will be to block the remote session, so no data can be shared.

  1. Script based process monitoring: The current release allows you to control all running processes based on script execution. This gives you the freedom to configure any process of your needs and also use script logic to configure more detailed evaluation.

deviceTRUST uses so called “custom properties” to evaluate individual information. These custom properties are the base for the process evaluation configuration. Head over to “Settings\Custom Properties” in the deviceTRUST console to create your config. We’ll use “Remote Windows Device” here, as this example uses a remoting scenario.

Custom Properties Settings
Custom Properties Settings

You’ll find a field that will contain your evaluation script here.

Remote Custom Properties Settings
Remote Custom Properties Settings

The following code can be used as example for your process checking configuration.

while($true){
    $zoomProcess = Get-Process 'Zoom' -ErrorAction Ignore
    Write-Host "REMOTE_CUSTOM_ZOOM_RUNNING=$($zoomProcess.Length -gt 0)"
    $snippingProcess = Get-Process 'snipp*' -ErrorAction Ignore
    Write-Host "REMOTE_CUSTOM_SNIP_RUNNING=$($snippingProcess.Length -gt 0)"
    Write-Host "CONTINUE"
    Sleep -Seconds 1
}

First: Create a non-exiting loop that is continuously runs on the device:

while($true){
}

Second: Add code to find your running process (Get-Process ‘name’) and create a custom deviceTRUST variable based on that information.

$zoomProcess = Get-Process 'Zoom' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_ZOOM_RUNNING=$($zoomProcess.Length -gt 0)"

$snippingProcess = Get-Process 'snipp*' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_SNIP_RUNNING=$($snippingProcess.Length -gt 0)"

Third: Adding “Write-Host CONTINUE” to the script will make deviceTRUST run the script in background.

Write-Host "CONTINUE"

Fourth: Add a timeout of your choice. A 1 second loop should do fine in most cases.

Sleep -Seconds 1
  1. Create Contexts to use the evaluated data: The “Custom Properties” script creates internal variables. Those need to be made available internally by creating matching contexts.
New Context
New Context

Default value will be “Stopped” (or similar). The context will report “Running”, if a “Local Custom” check is matched.

Context Definition
Context Definition

The “Local custom” check evaluates the variable that you set in the “Custom Properties” script. If the variable’s value is “True”, The Context will report “Running”.

New Action
New Action
  1. Create an action that blocks access: If you find on of the configured processes running, you might want to block access to you remote session. This way, a user cannot share the content. You’ll need to create an action to do so.
Action Definition
Action Definition

Configure the action to react on your configured processes. In this example, both “Zoom” and “Snipping tool” will trigger a “Deny Access” Task.

  1. Outcome: Having the configuration in place, your remote sessions will deny access as soon as a user starts one of the configured processes / applications on her local device. This way, deviceTRUST will help protecting your sensitive data and information.
Access Denied
Access Denied