Auvik SaaS Management deploys its desktop agent by running a PowerShell script (typically run as admin) on the target devices. The script will configure a tenant under the Auvik SaaS Management Partner hub instance, then grab the Auvik SaaS Management executable from the secure AWS service. Auvik SaaS Management will then install the executable, define a rule to run Auvik SaaS Management on boot up, and install the Auvik SaaS Management browser extensions.
For information on how to deploy Auvik SaaS Management, click here.
Software Collector Considerations:
-
The desktop agent is installed to run when a user unlocks their computer and will run in the background. The desktop agent monitors:
-
Users' mouse and keyboard activity to ensure they are active to report correct usage. No keyboard strokes or mouse activity is tracked or reported.
-
What window is currently active, and reads metadata to determine which application is being utilized.
-
The desktop agent will deploy a payload periodically to the above DDNS entries which will contain a user security token and will contain ONLY usage information and application metadata.
-
The desktop agent will modify registry entries on the local desktop environment to sideload browser extensions. The user will be prompted to enable the extension if they use the Edge browser.
- The desktop agent will communicate with browser extensions to receive user security tokens as well as configurations relative to the Auvik SaaS Management software.
Network Considerations (SASE & SSL Proxies)
Auvik SaaS Management requires external resources for installation, as well as external resources to store the aggregated SaaS data. The following rules should be considered at a network layer level. This includes any firewall configurations, software VPNs, SASE & SSL Proxies, etc.
HTTPS Access Rules:
- deploy.saaslio.com
- application-dev.saaslio.com
- application.saaslio.com
- files.saaslio.com
- agent-api.saaslio.com
Network SSL Proxies & SASE Tools:
If you are utilizing any SSL proxying / SASE tools, in many cases the tool will re-write the installer's attempt to reach out to the Auvik SaaS Management secured AWS environment. A whitelist rule should be implemented for each of the above URLs.
Endpoint Security Considerations (SentinelOne, Threatlocker, etc.)
Endpoint security tools will often block the installer as well as the Auvik SaaS Management agent. Since Auvik SaaS Management is in most cases deployed via a PowerShell command, a temporary rule for PowerShell should be written to allow the installer to run, as well as whitelisting rules for the following path.
Directory Structure & Important Paths for Auvik SaaS Management:
Paths For Auvik SaaS Management |
C:/Saaslio C:/Program Files/Saaslio/ |
Executable for Auvik SaaS Management |
C:/Program Files/Saaslio/win-latest/Saaslio-x64.exe |
Executable Name for Auvik SaaS Management |
Saaslio-x64.exe |
Startup Rule for Auvik SaaS Management |
C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/Saaslio.bat |
Service Name for Auvik SaaS Management |
Saaslio Windows Agent |
Service Short Name for Auvik SaaS Management |
Saaslio-x64 |
Browser Extension & Registry Key Considerations
Auvik SaaS Management’s installer will automatically add registry keys to the Windows devices (and configuration rules for the Mac devices) to forcibly install the Auvik SaaS Management browser extensions. Applications like Threatlocker may block the default installation behavior for the browser extensions.
If you are using the enterprise version of any browser, these rules should be loaded in at the Group Policy/InTune level to prevent them from being overwritten by a group policy promotion.
The following registry keys are added for the browsers to install the Auvik SaaS Management extensions.
Installed Registry Keys for Auvik SaaS Management:
Brave |
Key: HKLM\SOFTWARE\Policies\BraveSoftware\Brave\ExtensionInstallForcelist Name: 839797115 Value: kieikihnfebppciimgpalbdjkjiahnlk;https://clients2.google.com/service/update2/crx |
Chrome |
Key: HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist Name: 839797115 Value: kieikihnfebppciimgpalbdjkjiahnlk;https://clients2.google.com/service/update2/crx |
Chromium |
Key: HKLM\SOFTWARE\Policies\Chromium\ExtensionInstallForcelist Name: 839797115 Value: kieikihnfebppciimgpalbdjkjiahnlk;https://clients2.google.com/service/update2/crx |
Vivaldi |
Key: HKLM\SOFTWARE\Policies\Vivaldi\ExtensionInstallForcelist Name: 839797115 Value: kieikihnfebppciimgpalbdjkjiahnlk;https://clients2.google.com/service/update2/crx |
Edge |
Key: HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist Name: 839797115 Value: |
Firefox |
Key: HKLM\SOFTWARE\Policies\Mozilla\Firefox\ Name: ExtensionSettings Value: |