Configuring the Dissolvable Agent Server (DAS) to connect to SEDR cloud through a proxy server

book

Article ID: 179334

calendar_today

Updated On:

Products

Endpoint Detection and Response Cloud Endpoint Detection and Response

Issue/Introduction

 

Resolution

Many customers require all network traffic to go through their network proxy. This procedure configures the DAS to connect to the cloud through a proxy server.

  1. On the server running the DAS software, open the Registry Editor (regedit.exe) and go to either:
    • For 64-bit computers: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\OutlierSecurity
    • For 32-bit computers: HKEY_LOCAL_MACHINE\SOFTWARE\OutlierSecurity
       
  2. Create a REG_SZ value called WebProxy. The Value Data is the protocol, address, and port of the proxy server. The format is: http(s)://proxyserverorip:portnumber

    For example, http://4.4.4.4:8080

    IMPORTANT: When a port number is specified, you must specify the scheme and protocol, which is typically http://. If you fail to configure the scheme and protocol, an error about using an invalid or an unknown scheme appears in the vault log.
     
  3. If a user name and password must be used for the proxy, create two more REG_SZ values that contain the user name and password. Name the new values WebProxyUsername and WebProxyPassword.
     
  4. Save your changes and exit the Registry Editor.
     
  5. Restart the Outlier Vault Service service in the Services console (services.msc) for the changes to be read.

 


Note: The proxy user name and password values are stored in plain text. By default, this part of the registry is readable by all users of the system. To protect the values from access by other users, edit the permissions of the OutlierSecurity key. Disable inheritance and remove the normal Users group from the ACL. The vault normally runs as the SYSTEM user. The SYSTEM user must retain access to the key and provide access for the local Administrators group.