NEW “DRIVERLESS” FUNCTIONALITY:
Since a server isn’t usually used as a desktop by end users, is not used to launch apps (it doesn’t usually run apps like Word and Excel, or browsing like going to Gmail) most servers don’t need the “app sniffing” driver, and doesn’t need the automated decryption.
Thus, the default “server” mode works without a driver and does full discovery + discovery based encrypt/decrypt.
The default “workstation” mode does everything we do today (so discovery + discovery based encrypt decrypt + source/destination applications and application based decrypt).
When the two modes are used in combination (default server mode for servers, and default workstation mode for workstations), the result is the same functionality of today but with far less chance of slowing a server down. It also should allow you to run on these servers that we currently don’t support (the ones that have AD or SQL, etc).
Hence, by default , servers (Windows server versions like 2016, 2012, 2008, etc) receive a driverless version and workstation receive a driver.
CHANGING THE DEFAULT or per DEVICE FUNCTIONALITY:
This default can be changed for Workstations. To disable the driver for Workstations, set Enable App/WebApp Analytics to “Off” (under Settings -> General Settings).
For an active installation, disabling the App/WebApp Analytics may require a reboot. To avoid a reboot, disable the default setting before installing the agents.
The functionality can also be changed per each device under the Deployment -> Deployed Devices -> Device Details:
VALIDATING THE DRIVER STATE:
To validate that the driver was indeed removed, you can use the FLTMC FILTERS command. In the following Powershell screenshot, the driver was available – then removed (see bottom command does not show EaseFilter).
Powered by BetterDocs