Abstract: A method involves receiving a plurality of security rules from a remote management platform at an endpoint detection and response (EDR) module at a user device. The EDR module subscribes to one or more event types at the user device. The EDR module receives a notification of an event corresponding to one of the subscribed event types. Upon determining that the event is associated with a file stored at the user device, the EDR module instantiates an event tracer tree that is associated with the file. The EDR module generates a file hash value for the file using the event tracer tree. Upon determining that the file hash value satisfies a security rule, the EDR module quarantines the file and reports that the file has been quarantined.

Abstract: A method involves receiving a plurality of security rules from a remote management platform at an endpoint detection and response (EDR) module at a user device. The EDR module subscribes to one or more event types at the user device. The EDR module receives a notification of an event corresponding to one of the subscribed event types. Upon determining that the event is associated with a file stored at the user device, the EDR module instantiates an event tracer tree that is associated with the file. The EDR module generates a file hash value for the file using the event tracer tree. Upon determining that the file hash value satisfies a security rule, the EDR module quarantines the file and reports that the file has been quarantined.

Abstract: A method involves generating, using a web-portal provided by a management platform operating at a server, initialization orchestration module configuration data using a graphical customization user interface. The graphical customization user interface provides a graphical preview of a graphical status screen user interface. An initialization orchestration module instantiated at a computing device displays the graphical status screen user interface in accordance with the initialization orchestration module configuration data. A device agent instantiated at the computing device processes a first configuration item of a list of configuration items. The initialization orchestration module using the graphical status screen user interface, displays a status of the first configuration item in accordance with first status messages regarding the first configuration item as the device agent processes the first configuration item.

Abstract: A method involves instantiating a device agent at a computing device. The device agent receives initialization orchestration module configuration data from a management platform operating at a server. The device agent instantiates an initialization orchestration module at the computing device in accordance with the initialization orchestration module configuration data. The device agent transmits the configuration data to the initialization orchestration module. The initialization orchestration module displays a user interface in accordance with the initialization orchestration module configuration data. The device agent transmits a list of configuration items to the initialization orchestration module. The device agent processes a first configuration item of the list of configuration items. The initialization orchestration module receives status messages from the device agent regarding the first configuration item as the device agent processes the first configuration item.

Abstract: Deploying configurations on computing devices and validating compliance with the configurations during scheduled intervals. Particular embodiments described herein include computing devices that send a requests to a management platform at different time periods for lists of configurations that are assigned to those computing devices at those different time periods. Received lists include identifiers of the configurations that are assigned to the those computing devices during the different time periods. Local agents on the computing devices use the received lists to determine if each of the configurations in that list are implemented. If a configuration is not implemented on a computing device, the local agent on that computing device implements that configuration or alerts the management platform that the configuration could not be implemented.

Abstract: A method involves receiving a plurality of security rules from a remote management platform at an endpoint detection and response (EDR) module at a user device. The EDR module subscribes to one or more event types at the user device. The EDR module receives a notification of an event corresponding to one of the subscribed event types. Upon determining that the event is associated with a file stored at the user device, the EDR module instantiates an event tracer tree that is associated with the file. The EDR module generates a file hash value for the file using the event tracer tree. Upon determining that the file hash value satisfies a security rule, the EDR module quarantines the file and reports that the file has been quarantined.

Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.

Abstract: A method involves instantiating a device agent at a computing device. The device agent receives initialization orchestration module configuration data from a management platform operating at a server. The device agent instantiates an initialization orchestration module at the computing device in accordance with the initialization orchestration module configuration data. The device agent transmits the configuration data to the initialization orchestration module. The initialization orchestration module displays a user interface in accordance with the initialization orchestration module configuration data. The device agent transmits a list of configuration items to the initialization orchestration module. The device agent processes a first configuration item of the list of configuration items. The initialization orchestration module receives status messages from the device agent regarding the first configuration item as the device agent processes the first configuration item.

Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.

Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.

Abstract: Deploying configurations on computing devices and validating compliance with the configurations during scheduled intervals. Particular embodiments described herein include computing devices that send a requests to a management platform at different time periods for lists of configurations that are assigned to those computing devices at those different time periods. Received lists include identifiers of the configurations that are assigned to the those computing devices during the different time periods. Local agents on the computing devices use the received lists to determine if each of the configurations in that list are implemented. If a configuration is not implemented on a computing device, the local agent on that computing device implements that configuration or alerts the management platform that the configuration could not be implemented.

Abstract: Deploying configurations on computing devices and validating compliance with the configurations during scheduled intervals. Particular embodiments described herein include computing devices that send a requests to a management platform at different time periods for lists of configurations that are assigned to those computing devices at those different time periods. Received lists include identifiers of the configurations that are assigned to the those computing devices during the different time periods. Local agents on the computing devices use the received lists to determine if each of the configurations in that list are implemented. If a configuration is not implemented on a computing device, the local agent on that computing device implements that configuration or alerts the management platform that the configuration could not be implemented.