Blocker has been designed to counteract potential threats from malicious actors or activities that exploit native programs within your network. With the capability to block over 200 native Windows applications, binaries, and .dll files commonly leveraged as Living off the Land (LOTL) attack vectors, Blocker serves as a defense mechanism against these kinds of cyberattacks.

Quickstart

AutoElevate designed Blocker so you can get up to speed and working as quickly as possible. Spend a few minutes to work your way through the following steps so you can quickly get AutoElevate's Blocker running in your environments right away by auditing what is happening now.
 

• Ensure Computers are on agent v2.8.2+. If they are on a lower version, upgrade those computers using the “Agent Actions - Update” action from the actions menu. 
   
• Select the computer(s) you want to enable from the Computers screen by clicking the square next to the listed computer name.
   
• Click on the Actions menu at the top of the screen, and then Set to Audit under the Blocker Mode section. 
   

Once enabled, we recommend keeping it in Audit mode for approximately one month or more to allow the agent to collect and analyze data and provide recommended rules.
 

Real-time recommended block rules can be found under the portal's Blocker Recommendations (1) screen. You can VIEW APPLICATIONS (2) for more information and ADD BLOCK RULES (3) to add the recommended rules automatically.
 

 Once sufficient time has passed and the desired block rules have been created, return to the Computers (1) screen, select the computer(s) (2), click on the Actions menu (3), and then Set Blocker Mode to Live (4) under the Blocker Mode section of the Action Menu.