Blocker Quickstart Guide
Discover how to quickly get started with Blocker and leverage its powerful recommendation engine.
Table of Contents
Blocker has been designed to counteract potential threats from malicious actors or activities that exploit native programs within your network. With the capability to block over 200 native Windows applications, binaries, and .dll files commonly leveraged as Living off the Land (LOTL) attack vectors, Blocker serves as a defense mechanism against these kinds of cyberattacks.
Quickstart
AutoElevate designed Blocker so you can get up to speed and working as quickly as possible. Spend a few minutes to work your way through the following steps so you can quickly get AutoElevate's Blocker running in your environments right away by auditing what is happening now.
- Ensure Computers are on agent v2.8.2+. If they are on a lower version, upgrade those computers using the “Agent Actions - Update” action from the actions menu.
- Select the computer(s) you want to enable from the Computers screen by clicking the square next to the listed computer name.
- Click on the Actions menu at the top of the screen, and then Set to Audit under the Blocker Mode section.
Once enabled, we recommend keeping it in Audit mode for approximately one month or more to allow the agent to collect and analyze data and provide recommended rules.
Blocker Recommendations take 48 hours of uptime.
As a protection against creating premature block rules, recommendations will not appear until the average uptime of Blocker running on all of your computers has reached at least 48 hours.
Recommended block rules can be found under the portal's Blocker Recommendations (1) screen. You can VIEW APPLICATIONS (2) for more information and ADD BLOCK RULES (3) to add the recommended rules automatically.
Once sufficient time has passed and the desired block rules have been created, return to the Computers (1) screen, select the computer(s) (2), click on the Actions menu (3), and then Set Blocker Mode to Live (4) under the Blocker Mode section of the Action Menu.
Why use Blocker Recommendations?
Enterprise and MSP administrators prioritize identifying and blocking processes that pose potential threats to their or their clients' operations while minimizing disruptions. Typically, these processes are not part of their regular business operations, increasing the likelihood that their execution may indicate malicious activity.
The primary “mission” of the recommendation engine is to proactively block all identified high-risk processes at the global level without causing disruptions. Continuously monitoring the latest activity observed by the Agents, it dynamically adjusts its recommendations to ensure optimal protection.
By leveraging real-time insights, the recommendation engine empowers admins to stay one step ahead of potential threats, safeguarding systems with minimal interruption to business operations.