Use deviceTRUST to check for running processes and react with appropriate controls. In this example, we check for sharing tools and block the access to a remote session, if such is running.
With our latest release 21.1.200 (deviceTRUST 21.1.200 - deviceTRUST Documentation), we added a method for checking for running processes on Windows devices. This can be either local devices (Fat Clients) or remote devices (e.g. in a Citrix or AVD environment).
This article describes how you can use deviceTRUST to check for running processes on a remote device in a remoting scenario and apply controls inside the remoting session.
As processes, we will use "Snipping Tool" and "Zoom", the control will be to block the remote session, so no data can be shared.
1. Script based process monitoring: The current release allows you to control all running processes based on script execution. This gives you the freedom to configure any process of your needs and also use script logic to configure more detailed evaluation.
deviceTRUST uses so called "custom properties" to evaluate individual information. These custom properties are the base for the process evaluation configuration. Head over to "Settings\Custom Properties" in the deviceTRUST console to create your config. We'll use "Remote Windows Device" here, as this example uses a remoting scenario.
You'll find a field that will contain your evaluation script here.
The following code can be used as example for your process checking configuration.
while($true){
$zoomProcess = Get-Process 'Zoom' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_ZOOM_RUNNING=$($zoomProcess.Length -gt 0)"
$snippingProcess = Get-Process 'snipp*' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_SNIP_RUNNING=$($snippingProcess.Length -gt 0)"
Write-Host "CONTINUE"
Sleep -Seconds 1
}
First: Create a non-exiting loop that is continuously runs on the device:
while($true){
}
Second: Add code to find your running process (Get-Process 'name') and create a custom deviceTRUST variable based on that information.
$zoomProcess = Get-Process 'Zoom' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_ZOOM_RUNNING=$($zoomProcess.Length -gt 0)"
$snippingProcess = Get-Process 'snipp*' -ErrorAction Ignore
Write-Host "REMOTE_CUSTOM_SNIP_RUNNING=$($snippingProcess.Length -gt 0)"
Third: Adding "Write-Host CONTINUE" to the script will make deviceTRUST run the script in background.
Write-Host "CONTINUE"
Fourth: Add a timeout of your choice. A 1 second loop should do fine in most cases.
Sleep -Seconds 1
2. Create Contexts to use the evaluated data: The "Custom Properties" script creates internal variables. Those need to be made available internally by creating matching contexts.
Default value will be "Stopped" (or similar). The context will report "Running", if a "Local Custom" check is matched.
The "Local custom" check evaluates the variable that you set in the "Custom Properties" script. If the variable's value is "True", The Context will report "Running".
3. Create an action that blocks access: If you find on of the configured processes running, you might want to block access to you remote session. This way, a user cannot share the content. You'll need to create an action to do so.
Configure the action to react on your configured processes. In this example, both "Zoom" and "Snipping tool" will trigger a "Deny Access" Task.
4. Outcome: Having the configuration in place, your remote sessions will deny access as soon as a user starts one of the configured processes / applications on her local device. This way, deviceTRUST will help protecting your sensitive data and information.
5. Configuration blueprint: The configuration shown here can be found in our GitHub repository: Configurations/Remoting at main · deviceTRUST/Configurations (github.com)
You can - of course - always edit the configuration's details to suit you requirements! Take this configuration as example.