Armored Client for IGEL provides SentryBay’s proprietary anti-keylogging and anti-screencapture for your users, giving protection against zero day attacks on sensitive information such as user names, passwords, and intellectual property. Armored Client does not rely on blocking a known list of malware; snooping processes are blocked at an operating system level and will receive scrambled keystrokes and black images, protecting your data.
Armored Client for IGEL is installed with anti-keylogging and anti-screencapture enabled by default. If you wish to disable one of these features, this can be done using a configuration profile in UMS:
Under normal circumstances this does not require a reboot. Armored Client for IGEL will pick up the change within 30 seconds of the device configuration being applied.
Armored Client for IGEL blocks processes that are running on the IGEL device from capturing the screen. (Note, this does not include processes running on a remote machine. For example, if you have connected to a remote machine from your IGEL device it is possible to take a screenshot of the remote machine desktop by using a screenshot tool that is running on the remote machine.)
Sharing the screen using videoconferencing software is a form of screen capture, so users may be blocked from sharing their screen using applications like Microsoft Teams or Zoom. If this causes problems to your workflows then it is possible to specify exceptions to the anti-screencapture protection that will allow certain applications to share the screen:
Under normal circumstances this does not require a reboot. Armored Client for IGEL will pick up the change within 30 seconds of the device configuration being applied.
Armored Client for IGEL requires a license from SentryBay. The license consists of two parts:
1. Export a .csv file containing all the Unit Id(s) of the IGEL devices that will be running Armored Client for IGEL from your UMS:
Note, please export the Unit Id(s) of all devices that will be running Armored Client for IGEL. The SentryBay license should cover all Armored Client devices in your company.
2. Email the .csv file to SentryBay <[email protected]> with a subject of “IGEL license request <Company name>”.
SentryBay support will confirm that your company has a current license with enough seats for the number of devices, and then respond with a license.txt file and a license.txt.sig file. These two files need to be distributed to all devices that are running Armored Client for IGEL.
3. In UMS-WEB, go to the Configuration section to upload a new file.
4. The file can be uploaded with any name you choose, but it must be pushed to the devices as “license.txt”.
Important: The “Device file location” should be the full file path:
/services/armoredclient/usr/local/bin/sentrybay/license/license.txt
Access rights to be set as:
a. Owner: Root
b. Owner access rights: Read and Write
c. Other access rights: Read
5. Repeat the process for “license.txt.sig”. Important: The “Device file location” should be the full file path:
/services/armoredclient/usr/local/bin/sentrybay/license/license.txt.sig
Access rights to be set as:
a. Owner: Root
b. Owner access rights: Read and Write
c. Other access rights: Read
Licensing changes should be picked up by the Armored Client service within 30 seconds of the device configuration being applied and (assuming the license passes validation) protections will start working immediately.
If the list of devices changes (for example, if you need to license additional devices) then please create a new export for all the devices that will be running Armored Client for IGEL and follow the procedure above.
