AppMoat is an enterprise level security tool that can be used cohesively with your anti-virus security software of choice. AppMoat is extremely powerful while being simple to use. There are various features available that allow control over file type security.
To begin, follow the instructions below to navigate through AppMoat’s numerous features.
This article will cover the features and functionality of the AppMoat Main Menu screen. A detailed description is given about the Main Menu for the server software.
The first feature found in the "Network Options" is “Server Settings.” In a new window, you will be able to select "AppMoat Server" or "AppMoat Stand-Alone Device Mode." If you would like AppMoat to be managed through an AppMoat server you will select the "Stand-Alone Device Mode." Switching to stand-alone mode will downgrade to client services and you will no longer have access to your AppMoat server. This may be useful if you are upgrading the hardware for the current server. When the services are switched, you will lose the data collected including the policy changes made on the server. DO NOT select "Stand-Alone Device Mode" and click "OK" if you do not wish to proceed with the downgrade service. Choosing "AppMoat Server" will require you to enter the server IP and password of the server you wish to connect with.
Moving on to “Password Settings,” the window will appear and ask you to authenticate your server IP address and password. When this field is filled out, you will have two options. One is for AppMoat to remember your credentials and the other sends your information at a higher encryption to the AppMoat server. Once this is complete, click “OK.” Here you may change your AppMoat password. By clicking the “Next” button will save the changes made to your password.
The “Policy Wizard” icon will open a new window. Here, in the “Admin Notifications” window, the administrator can control notifications sent from the AppMoat server to the local device. When the “Advanced policy to a desktop” (square check box) is checked, AppMoat will send all notifications to the local device. The next option will only allow AppMoat to send critical server notifications to the local device. Following this option, all notifications will be sent to the local device, and the last option will not send any notifications to the local device (creates transparency on device). When changes have been made, make sure to click “OK.” This action will return you to the AppMoat Main Menu, and save the changes.
Next is “Network Search.” You will be directed to a new window and asked to verify the AppMoat server IP address and password. There are two options available when entering this information. First is to save the AppMoat IP address and password. The second option allows you to send your password to the server at a higher encryption level. By clicking “OK,” you will now be able to perform a network search on the devices connected to this AppMoat server. This is useful when trying to perform a network wide search for a specific file that could be potentially harmful to your device. Under the search function you have three options.
- “Create a Cumulative Report Only” will create a report of the file searched and leave a report on the AppMoat server dashboard for the admin to view.
- “Flag, Report, and Disable Found Content” will create a report of the search and disable the searched file.
- “Flag, Report and Destroy Found Content” will flag the searched file, send a report to the AppMoat server, and destroy said software (DISCLAIMER: using this feature may tamper with other files which may inhibit other files from working properly).
Clicking “OK” will perform the search and then you may choose what to do with the searched file.
The last icon located on the AppMoat Main Menu is “Network Database.” This will once again ask you to enter in their AppMoat server IP address and password. A new window will open in Internet explorer displaying a few of the same features found in the “Local Database.” Within the “Dashboard,” you will be able to access the programs that are currently pending on the devices which are connected to the AppMoat Server. You may choose what you would like to do with the “Pending” file by choosing one of the five options listed in the drop-down menu, which are located under “Current Status."
- “Trust This Program” will allow AppMoat to continue to trust a specific program.
- “Trust (Wild Card)” allows AppMoat to run programs specifically with this file name (DISCLAIMER: do not use this feature often. Only allow AppMoat to “Trust” programs in which their file size constantly changes, or you trust).
- “Trust (Installer)” should only be used for installing file types.
- “Privacy Mode” will show up as pending in the AppMoat server dashboard, however, the file that is running in "Privacy Mode" will be running within a "Safe_Look" profile.
- “Reject This Program (DENY)” means that AppMoat will not allow this file to execute on the device.
The “Database” icon will allow you to see the file types AppMoat detected upon installation on the device. By selecting “Current View,” this allows you to select which file types, starting with the character selected to be previewed in the window. If you would like to make changes to the trusted programs on the device, you may do so by selecting one of the five options located in the drop-down menu under “Current Status.”
“Settings” will direct you to a new page. From here, you will be able to access the server settings.
Here are the features as shown above.
Internal Data Collection Policy
Data from the client’s machine can be sent to the AppMoat server (this setting is used to create reports). This setting is turned on by default; however, this feature can be turned off by selecting “Disable” from the drop-down menu (applies to all machines). Disabling this option may be used by government agencies or hospitals.
Client Update policy
By default, AppMoat updates automatically. If this setting is turned off, clients will have to access updates from Seventhknight.com. Admins may select when they wish clients to download updates if they prefer to test the updates before applying to all local devices.
Client Security Setting
This will turn the security setting off to ALL devices. If large updates need to be done to the machines, troubleshooting, or other problems occur on the machines, this setting may be useful.
Client File Type Policy
This setting determines what is filtered through AppMoat. The three options allow admins to “filter all file types,” “ONLY EXE. files” or “everything BUT an EXE. file. Client file type policy can also apply these options to specified machines in the “Devices” icon located across the top in the server homepage.
Standard User Account Policy
This setting determines whether the local devices (Not an admin) will have an icon located in the task bar or an icon in the start menu. If this is enabled non-administrative users must have the AppMoat password to access AppMoat.
AppMoat Existing Software Policy
When AppMoat is installed, by default, the pre-existing software (if any) will be trusted and allowed to run. If one of the local machines has software such as skype.exe (pre-installation) this file can and will execute. However, if this device tries to share the skype.exe file to another local machine, AppMoat will detect the software and remove the executable files within the software, inhibiting it from executing on the machine. If this file is downloaded after installation, AppMoat will once again remove the executable files from the software (AppMoat does not remove software ONLY removes the executable files).
Windows User Account Control Policy
Selected by default, this setting allows you to replace the Windows User Account Control with AppMoat Security. Making changes to this policy will be applied to ALL machines (if there are more than one connected to the AppMoat server).
AppMoat Account Based Security Prompts
When enabled, AppMoat will not prompt the user, but AppMoat will automatically execute unrecognized / new software within a separate and secure ID. An administrator will be notified and can view the software in the dashboard of AppMoat’s server “Dashboard.” Until the administrator decides whether to trust or deny the software access to the device, the software will remain in the secure ID and on the dashboard as pending. If this feature is turned off, AppMoat will bring up a prompt asking the user if they would like to run this new software on their profile or if they would prefer to run it in a secure profile. There is no difference however when the administrator is notified and when it remains as pending in the AppMoat Server dashboard. This feature is also found in advanced settings of the AppMoat Main Menu. AppMoat, by default, assumes programs that are not run as admin are not able to install software.
Moving on to the “Users” icon, (located across the top of the screen) the admin will be able to view the different users who are synchronized to the AppMoat server. Any time a user logs into their Windows device, they will synchronize to the AppMoat server and be placed in the “Standard Account” category. The “Users” feature allows admins to see when a user last synchronized to AppMoat as well as any issue commands that will execute the next time the user synchronizes. Under “Options,” the admin can give each user different abilities in AppMoat (local machine access).
- “Standard Account” is selected for all users by default. This does not give the user any abilities in AppMoat.
- “Local Operators” gives non-administrative windows users access to the AppMoat Main Menu without needing a password.
- “Network Operator” allows the selected user to have access to the AppMoat Main Menu without a password, access to the AppMoat database, and access the AppMoat server (remote access applies to this option).
This will not inhibit the users and their windows device in any way. It will only allow for different accessibility within AppMoat.
Any time an account logs into the AppMoat server, their account will synchronize to AppMoat and be placed under “Devices.” From here admins will be able to see when someone last synchronized to the server, who is currently connect and are able to issue commands to the local machines the next time they synchronize to the server. Administrators can select from eight different commands from the drop-down menu.
Here are the commands once a device has been selected.
- “System Healthy" registers the users device as healthy and that AppMoat is running correctly. This will occur every time the user synchronizes (logs on to their device) to the AppMoat server. You can view the last time a user synchronized to the server in "Details."
- “Schedule Restricted Mode” restricts all executable programs installed before AppMoat’s installation. This will require approval by an administrator before being able to run.
- “Enforce Local Policy” will override the settings determined within the server. This will apply until this option is turned off.
- “Schedule AppMoat Uninstall” will require a selected client and will remove the client from the AppMoat server the next time they log into their machine and synchronize to the server.
- "Schedule Root Drive Re-Scan” will apply when a user synchronizes to the AppMoat server. This setting deletes the list of approved programs on the local database and re-scans the root drive on the local machine. Then, by re-approving and approving the new programs it finds on the local machine.
- “Schedule Local Drive Re-Scan” is similar to scanning the root drive, when the user synchronizes to the AppMoat server, the local database of approved programs will be deleted from the user’s machine. All of the drives on the machine will be re-scanned, and AppMoat will approve all of the programs found on the local machine.
- “Cancel Pending Commands” will cancel a specific command issued on a device.
- “Remove This Item” will remove specified items found in the devices list. This can be used to see if clients are connecting by removing them, then re-adding them. If they do not synchronize to the server, the user is either not logging into their machine or AppMoat client is not installed.
Following “Devices,” the next icon is “Reports.” When a “Network Search” is committed, a report is created and sent to the AppMoat server. Once the report is sent to the AppMoat server no more data will be collected. A new report will need to be created each time. Once the report appears on the AppMoat server the admin has the option to delete the report from the drop-down menu after the report has been viewed.
By clicking the “Support” icon you will be directed to the support webpage for AppMoat.
“Search” allows you to find global search terms from the global searched terms in the Main Menu of AppMoat. Here you can remove search terms, change search actions, or create reports from the searched data.
The last icon “Logout” will log you out of the AppMoat server.
The Seventh Knight team hopes that these articles assist you as you begin to navigate the software. Please review our other articles to see AppMoat’s current features and how they operate. If you have further questions not covered in the articles or in the FAQ please contact Seventh Knight Support.